Gentoo Archives: gentoo-security

From: boger <boger@×××.ru>
To: Tobias Sager <gentoo-security@l.g.o>
Subject: Re: [gentoo-security] Port knocking
Date: Tue, 04 Oct 2005 20:26:39
Message-Id: 1177286025.20051005002031@ttk.ru
In Reply to: [gentoo-security] Port knocking by Tobias Sager
Hello Tobias,


TS> That's a possibility I once saw on slashdot:

TS> iptables -A INPUT -p tcp --dport 1000 -m recent --remove --name PART1
TS> iptables -A INPUT -p tcp --dport 2000 -m recent --remove --name PART2
TS> iptables -A INPUT -p tcp --dport 3000 -m recent --remove --name PART3
TS> iptables -A INPUT -p tcp --dport 1000 -m recent --set --name PART1
TS> iptables -A INPUT -p tcp --dport 2000 -m recent --set --name PART2
TS> iptables -A INPUT -p tcp --dport 3000 -m recent --set --name PART3
TS> iptables -A INPUT -p tcp --dport 22 -m recent --rcheck --seconds 30 \
TS>   --name PART1 --name PART2 --name PART3 -j ACCEPT

It's the best :) 
I'll add some protection from plain port scan. 
iptables -A INPUT -p tcp --dport 999 -m recent --remove --name PART1
iptables -A INPUT -p tcp --dport 1001 -m recent --remove --name PART1
...

TS> There are numerous knock, knock implementations listed at:
TS> http://www.portknocking.org/view/implementations/implementations

I've found this page not long ago, most promising temprules. I'm currently experimenting with them.   
TS> IMHO, the problem with "normal" port knocking tools is the dependency on
TS> client software. I would prefer a solution which can be used without
TS> (too much) hassle (eg. using telnet and then putty or such).
TS> This evidently is not be possible when using more sophisticated port
TS> knocking with timing or specially crafted / encrypted packages, unless
TS> you have a really good feel for timing.. ;-)
 Same to me ;)
 or even a web browser: http://somehost:123

-- 
Best regards,
 boger                            mailto:boger@×××.ru

-- 
gentoo-security@g.o mailing list