Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-security
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-security@g.o
From: Tobias Sager <moixa@...>
Subject: Port knocking
Date: Tue, 04 Oct 2005 21:45:51 +0200
on 2005-10-04 19:16 Kirk Hoganson wrote the following:
> Yes, there are.  I use one for my work servers that is iptables based. 
> I don't have any links for you unfortunately but I have seen them.  If 
> you are really interested I can probably track down one I saw that used 
> iptables and was a combination style.  I also know of an open source 
> "magic packet" style that I could probably find a link for if you were 
> interested.

That's a possibility I once saw on slashdot:

iptables -A INPUT -p tcp --dport 1000 -m recent --remove --name PART1
iptables -A INPUT -p tcp --dport 2000 -m recent --remove --name PART2
iptables -A INPUT -p tcp --dport 3000 -m recent --remove --name PART3
iptables -A INPUT -p tcp --dport 1000 -m recent --set --name PART1
iptables -A INPUT -p tcp --dport 2000 -m recent --set --name PART2
iptables -A INPUT -p tcp --dport 3000 -m recent --set --name PART3
iptables -A INPUT -p tcp --dport 22 -m recent --rcheck --seconds 30 \
  --name PART1 --name PART2 --name PART3 -j ACCEPT

I have not tested if this works, but it looks plausible to me.
Please note this security flaw (fixed in 2.6.14) about ipt_recent:
http://blog.blackdown.de/2005/05/09/fixing-the-ipt_recent-netfilter-module/

>From the same guy, a shorewall solution for SSH attack:
http://blog.blackdown.de/2005/02/18/mitigating-ssh-brute-force-attacks-with-ipt_recent/


There are numerous knock, knock implementations listed at:
http://www.portknocking.org/view/implementations/implementations


IMHO, the problem with "normal" port knocking tools is the dependency on
client software. I would prefer a solution which can be used without
(too much) hassle (eg. using telnet and then putty or such).
This evidently is not be possible when using more sophisticated port
knocking with timing or specially crafted / encrypted packages, unless
you have a really good feel for timing.. ;-)

Cheers
Tobias

-- 
GPG-Key 0xEF37FF28 - 1024/4096 DSA/ELG-E - 16.11.2001
Fingerprint: 3C4B 155F 2621 CEAF D3A6 0CCB 937C 9597 EF37 FF28

Attachment:
signature.asc (OpenPGP digital signature)
Replies:
Re: Port knocking
-- boger
References:
[OT?] automatically firewalling off IPs
-- Jeremy Brake
Re: [OT?] automatically firewalling off IPs
-- MaxieZ
Re: [OT?] automatically firewalling off IPs
-- David vasil
Re: [OT?] automatically firewalling off IPs
-- rpfc
Re: [OT?] automatically firewalling off IPs
-- Kirk Hoganson
Re: [OT?] automatically firewalling off IPs
-- boger
Re: [OT?] automatically firewalling off IPs
-- Kirk Hoganson
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Re: [OT?] automatically firewalling off IPs
Next by thread:
Re: Port knocking
Previous by date:
Re: [OT?] automatically firewalling off IPs
Next by date:
RE: port knocking


Updated Oct 31, 2011

Summary: Archive of the gentoo-security mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.