FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Ubuntu > Ubuntu User

 
 
LinkBack Thread Tools
 
Old 12-27-2007, 09:14 PM
Noah
 
Default port knocking

Hi there,

doorman is core dumping and not working properly. could somebody please
recommend a good port knocker?

Cheers,

Noah

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 12-27-2007, 09:24 PM
Lea Gris
 
Default port knocking

Noah a écrit :
> Hi there,
>
> doorman is core dumping and not working properly. could somebody please
> recommend a good port knocker?
>
> Cheers,

knockd


--
Léa Gris - http://www.noiraude.net/
() Campagne du ruban texte brut contre les courriels en HTML,
/ contre les pièces jointes dans un format propriétaire.
Contre les DRMs appelez le : 09f911029d74e35bd84156c5635688c0

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 12-27-2007, 09:29 PM
Felipe Figueiredo
 
Default port knocking

Em Thursday 27 December 2007 20:14:42 Noah escreveu:
> Hi there,
>
> doorman is core dumping and not working properly. could somebody please
> recommend a good port knocker?
>

I use fwlogwatch to block IPs based on access to non-permitted ports.

Since it lets you use your own script upon activation, you can do pretty much
anything with it (including opening ports). It should be simple enough to
start from the default blocking rules to add an opening rule.

regards
FF

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 12-27-2007, 09:53 PM
Noah
 
Default port knocking

okay I like knockd. the knockd.conf example file I have only shows a
sequence to TCP ports.

how do I only accept a sequence UDP packets on a particular port?

Cheers,

Noah


Lea Gris wrote:
> Noah a écrit :
>> Hi there,
>>
>> doorman is core dumping and not working properly. could somebody please
>> recommend a good port knocker?
>>
>> Cheers,
>
> knockd
>
>
>


--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 12-28-2007, 09:18 AM
Lea Gris
 
Default port knocking

Noah a écrit :
> okay I like knockd. the knockd.conf example file I have only shows a
> sequence to TCP ports.
>
> how do I only accept a sequence UDP packets on a particular port?

See man knockd Example #2

> Example #2:
> This example uses a single knock to control access to port 22
> (SSH). After receiving a successful knock, the daemon will run
> the start_command, wait for the time specified in cmd_timeout,
> then execute the stop_command. This is useful to automatically
> close the door behind a knocker. The knock sequence uses both
> UDP and TCP ports.

> [options]
> logfile = /var/log/knockd.log

> [opencloseSSH]
> sequence = 2222:udp,3333:tcp,4444:udp
> seq_timeout = 15
> tcpflags = syn,ack
> start_command = /usr/sbin/iptables -A INPUT -s %IP% -p tcp
-- syn -j ACCEPT
> cmd_timeout = 5
> stop_command = /usr/sbin/iptables -D INPUT -s %IP% -p tcp
-- syn -j ACCEPT

Basically, an UDP only sequence would be like:
sequence = 2222:udp,3333:udp,4444:udp

Regards,

--
Léa Gris - http://www.noiraude.net/
() Campagne du ruban texte brut contre les courriels en HTML,
/ contre les pièces jointes dans un format propriétaire.
Contre les DRMs appelez le : 09f911029d74e35bd84156c5635688c0

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 

Thread Tools




All times are GMT. The time now is 12:50 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org