Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-security
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: Tobias Sager <gentoo-security@g.o>
From: boger <boger@...>
Subject: Re: Port knocking
Date: Wed, 5 Oct 2005 00:20:31 +0400
Hello Tobias,


TS> That's a possibility I once saw on slashdot:

TS> iptables -A INPUT -p tcp --dport 1000 -m recent --remove --name PART1
TS> iptables -A INPUT -p tcp --dport 2000 -m recent --remove --name PART2
TS> iptables -A INPUT -p tcp --dport 3000 -m recent --remove --name PART3
TS> iptables -A INPUT -p tcp --dport 1000 -m recent --set --name PART1
TS> iptables -A INPUT -p tcp --dport 2000 -m recent --set --name PART2
TS> iptables -A INPUT -p tcp --dport 3000 -m recent --set --name PART3
TS> iptables -A INPUT -p tcp --dport 22 -m recent --rcheck --seconds 30 \
TS>   --name PART1 --name PART2 --name PART3 -j ACCEPT

It's the best :) 
I'll add some protection from plain port scan. 
iptables -A INPUT -p tcp --dport 999 -m recent --remove --name PART1
iptables -A INPUT -p tcp --dport 1001 -m recent --remove --name PART1
...

TS> There are numerous knock, knock implementations listed at:
TS> http://www.portknocking.org/view/implementations/implementations

I've found this page not long ago, most promising temprules. I'm currently experimenting with them.   
TS> IMHO, the problem with "normal" port knocking tools is the dependency on
TS> client software. I would prefer a solution which can be used without
TS> (too much) hassle (eg. using telnet and then putty or such).
TS> This evidently is not be possible when using more sophisticated port
TS> knocking with timing or specially crafted / encrypted packages, unless
TS> you have a really good feel for timing.. ;-)
 Same to me ;)
 or even a web browser: http://somehost:123

-- 
Best regards,
 boger                            mailto:boger@...

-- 
gentoo-security@g.o mailing list


References:
[OT?] automatically firewalling off IPs
-- Jeremy Brake
Re: [OT?] automatically firewalling off IPs
-- MaxieZ
Re: [OT?] automatically firewalling off IPs
-- David vasil
Re: [OT?] automatically firewalling off IPs
-- rpfc
Re: [OT?] automatically firewalling off IPs
-- Kirk Hoganson
Re: [OT?] automatically firewalling off IPs
-- boger
Re: [OT?] automatically firewalling off IPs
-- Kirk Hoganson
Port knocking
-- Tobias Sager
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Port knocking
Next by thread:
RE: [OT?] automatically firewalling off IPs
Previous by date:
RE: port knocking
Next by date:
Re: [OT?] automatically firewalling off IPs


Updated Oct 31, 2011

Summary: Archive of the gentoo-security mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.