| 1 |
Hello Tobias, |
| 2 |
|
| 3 |
|
| 4 |
TS> That's a possibility I once saw on slashdot: |
| 5 |
|
| 6 |
TS> iptables -A INPUT -p tcp --dport 1000 -m recent --remove --name PART1 |
| 7 |
TS> iptables -A INPUT -p tcp --dport 2000 -m recent --remove --name PART2 |
| 8 |
TS> iptables -A INPUT -p tcp --dport 3000 -m recent --remove --name PART3 |
| 9 |
TS> iptables -A INPUT -p tcp --dport 1000 -m recent --set --name PART1 |
| 10 |
TS> iptables -A INPUT -p tcp --dport 2000 -m recent --set --name PART2 |
| 11 |
TS> iptables -A INPUT -p tcp --dport 3000 -m recent --set --name PART3 |
| 12 |
TS> iptables -A INPUT -p tcp --dport 22 -m recent --rcheck --seconds 30 \ |
| 13 |
TS> --name PART1 --name PART2 --name PART3 -j ACCEPT |
| 14 |
|
| 15 |
It's the best :) |
| 16 |
I'll add some protection from plain port scan. |
| 17 |
iptables -A INPUT -p tcp --dport 999 -m recent --remove --name PART1 |
| 18 |
iptables -A INPUT -p tcp --dport 1001 -m recent --remove --name PART1 |
| 19 |
... |
| 20 |
|
| 21 |
TS> There are numerous knock, knock implementations listed at: |
| 22 |
TS> http://www.portknocking.org/view/implementations/implementations |
| 23 |
|
| 24 |
I've found this page not long ago, most promising temprules. I'm currently experimenting with them. |
| 25 |
TS> IMHO, the problem with "normal" port knocking tools is the dependency on |
| 26 |
TS> client software. I would prefer a solution which can be used without |
| 27 |
TS> (too much) hassle (eg. using telnet and then putty or such). |
| 28 |
TS> This evidently is not be possible when using more sophisticated port |
| 29 |
TS> knocking with timing or specially crafted / encrypted packages, unless |
| 30 |
TS> you have a really good feel for timing.. ;-) |
| 31 |
Same to me ;) |
| 32 |
or even a web browser: http://somehost:123 |
| 33 |
|
| 34 |
-- |
| 35 |
Best regards, |
| 36 |
boger mailto:boger@×××.ru |
| 37 |
|
| 38 |
-- |
| 39 |
gentoo-security@g.o mailing list |
Archives