1 |
on 2005-10-04 19:16 Kirk Hoganson wrote the following: |
2 |
> Yes, there are. I use one for my work servers that is iptables based. |
3 |
> I don't have any links for you unfortunately but I have seen them. If |
4 |
> you are really interested I can probably track down one I saw that used |
5 |
> iptables and was a combination style. I also know of an open source |
6 |
> "magic packet" style that I could probably find a link for if you were |
7 |
> interested. |
8 |
|
9 |
That's a possibility I once saw on slashdot: |
10 |
|
11 |
iptables -A INPUT -p tcp --dport 1000 -m recent --remove --name PART1 |
12 |
iptables -A INPUT -p tcp --dport 2000 -m recent --remove --name PART2 |
13 |
iptables -A INPUT -p tcp --dport 3000 -m recent --remove --name PART3 |
14 |
iptables -A INPUT -p tcp --dport 1000 -m recent --set --name PART1 |
15 |
iptables -A INPUT -p tcp --dport 2000 -m recent --set --name PART2 |
16 |
iptables -A INPUT -p tcp --dport 3000 -m recent --set --name PART3 |
17 |
iptables -A INPUT -p tcp --dport 22 -m recent --rcheck --seconds 30 \ |
18 |
--name PART1 --name PART2 --name PART3 -j ACCEPT |
19 |
|
20 |
I have not tested if this works, but it looks plausible to me. |
21 |
Please note this security flaw (fixed in 2.6.14) about ipt_recent: |
22 |
http://blog.blackdown.de/2005/05/09/fixing-the-ipt_recent-netfilter-module/ |
23 |
|
24 |
>From the same guy, a shorewall solution for SSH attack: |
25 |
http://blog.blackdown.de/2005/02/18/mitigating-ssh-brute-force-attacks-with-ipt_recent/ |
26 |
|
27 |
|
28 |
There are numerous knock, knock implementations listed at: |
29 |
http://www.portknocking.org/view/implementations/implementations |
30 |
|
31 |
|
32 |
IMHO, the problem with "normal" port knocking tools is the dependency on |
33 |
client software. I would prefer a solution which can be used without |
34 |
(too much) hassle (eg. using telnet and then putty or such). |
35 |
This evidently is not be possible when using more sophisticated port |
36 |
knocking with timing or specially crafted / encrypted packages, unless |
37 |
you have a really good feel for timing.. ;-) |
38 |
|
39 |
Cheers |
40 |
Tobias |
41 |
|
42 |
-- |
43 |
GPG-Key 0xEF37FF28 - 1024/4096 DSA/ELG-E - 16.11.2001 |
44 |
Fingerprint: 3C4B 155F 2621 CEAF D3A6 0CCB 937C 9597 EF37 FF28 |