Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   Ubuntu User (http://www.linux-archive.org/ubuntu-user/)
-   -   port knocking (http://www.linux-archive.org/ubuntu-user/23757-port-knocking.html)

Noah 12-27-2007 09:14 PM

port knocking
 
Hi there,

doorman is core dumping and not working properly. could somebody please
recommend a good port knocker?

Cheers,

Noah

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

Lea Gris 12-27-2007 09:24 PM

port knocking
 
Noah a écrit :
> Hi there,
>
> doorman is core dumping and not working properly. could somebody please
> recommend a good port knocker?
>
> Cheers,

knockd


--
Léa Gris - http://www.noiraude.net/
() Campagne du ruban texte brut contre les courriels en HTML,
/ contre les pièces jointes dans un format propriétaire.
Contre les DRMs appelez le : 09f911029d74e35bd84156c5635688c0

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

Felipe Figueiredo 12-27-2007 09:29 PM

port knocking
 
Em Thursday 27 December 2007 20:14:42 Noah escreveu:
> Hi there,
>
> doorman is core dumping and not working properly. could somebody please
> recommend a good port knocker?
>

I use fwlogwatch to block IPs based on access to non-permitted ports.

Since it lets you use your own script upon activation, you can do pretty much
anything with it (including opening ports). It should be simple enough to
start from the default blocking rules to add an opening rule.

regards
FF

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

Noah 12-27-2007 09:53 PM

port knocking
 
okay I like knockd. the knockd.conf example file I have only shows a
sequence to TCP ports.

how do I only accept a sequence UDP packets on a particular port?

Cheers,

Noah


Lea Gris wrote:
> Noah a écrit :
>> Hi there,
>>
>> doorman is core dumping and not working properly. could somebody please
>> recommend a good port knocker?
>>
>> Cheers,
>
> knockd
>
>
>


--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

Lea Gris 12-28-2007 09:18 AM

port knocking
 
Noah a écrit :
> okay I like knockd. the knockd.conf example file I have only shows a
> sequence to TCP ports.
>
> how do I only accept a sequence UDP packets on a particular port?

See man knockd Example #2

> Example #2:
> This example uses a single knock to control access to port 22
> (SSH). After receiving a successful knock, the daemon will run
> the start_command, wait for the time specified in cmd_timeout,
> then execute the stop_command. This is useful to automatically
> close the door behind a knocker. The knock sequence uses both
> UDP and TCP ports.

> [options]
> logfile = /var/log/knockd.log

> [opencloseSSH]
> sequence = 2222:udp,3333:tcp,4444:udp
> seq_timeout = 15
> tcpflags = syn,ack
> start_command = /usr/sbin/iptables -A INPUT -s %IP% -p tcp
-- syn -j ACCEPT
> cmd_timeout = 5
> stop_command = /usr/sbin/iptables -D INPUT -s %IP% -p tcp
-- syn -j ACCEPT

Basically, an UDP only sequence would be like:
sequence = 2222:udp,3333:udp,4444:udp

Regards,

--
Léa Gris - http://www.noiraude.net/
() Campagne du ruban texte brut contre les courriels en HTML,
/ contre les pièces jointes dans un format propriétaire.
Contre les DRMs appelez le : 09f911029d74e35bd84156c5635688c0

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users


All times are GMT. The time now is 12:25 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.