Difference between revisions of "Port knocking"

From Notes_Wiki
m
m
Line 1: Line 1:
<yambe:breadcrumb>Iptables configuration</yambe:breadcrumb>
<yambe:breadcrumb>Iptables configuration|Iptables configuration</yambe:breadcrumb>
=Port knocking=
=Port knocking=


Line 42: Line 42:


The above steps have been learned from http://www.debian-administration.org/articles/268
The above steps have been learned from http://www.debian-administration.org/articles/268
<yambe:breadcrumb>Iptables configuration|Iptables configuration</yambe:breadcrumb>

Revision as of 18:34, 17 August 2018

<yambe:breadcrumb>Iptables configuration|Iptables configuration</yambe:breadcrumb>

Port knocking

We can use iptables for port knocking. In we configure port knocking then client should first try to access selected ports (which are closed) in pre-defined order in order for some other port to be available for limited time duration. For example, we can configure iptables so that client should access ports 100, 200, 300 and 400 in same order so that he/she can ssh to given machine within next 60 seconds. A sample port knocking enabled complete iptables configuration is: 

*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [2147:437568]
:INTO-PHASE1 - [0:0]
:INTO-PHASE2 - [0:0]
:INTO-PHASE3 - [0:0]
:INTO-PHASE4 - [0:0]
-A INPUT -i lo -j ACCEPT 
-A INPUT -p icmp -m icmp --icmp-type any -j ACCEPT 
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT 
-A INPUT -p tcp -m tcp --dport 100 -j INTO-PHASE1 
-A INPUT -p tcp -m tcp --dport 200 -m recent --rcheck --name PHASE1 --rsource -j INTO-PHASE2 
-A INPUT -p tcp -m tcp --dport 300 -m recent --rcheck --name PHASE2 --rsource -j INTO-PHASE3 
-A INPUT -p tcp -m tcp --dport 400 -m recent --rcheck --name PHASE3 --rsource -j INTO-PHASE4 
-A INPUT -p tcp -m tcp --dport 22 -m recent --rcheck --seconds 60 --name PHASE4 --rsource -j ACCEPT 
-A INTO-PHASE1 -m recent --remove --name PHASE2 --rsource 
-A INTO-PHASE1 -m recent --remove --name PHASE3 --rsource 
-A INTO-PHASE1 -m recent --remove --name PHASE4 --rsource 
-A INTO-PHASE1 -m recent --set --name PHASE1 --rsource 
-A INTO-PHASE1 -j LOG --log-prefix "INTO PHASE1: " 
-A INTO-PHASE2 -m recent --remove --name PHASE1 --rsource 
-A INTO-PHASE2 -m recent --set --name PHASE2 --rsource 
-A INTO-PHASE2 -j LOG --log-prefix "INTO PHASE2: " 
-A INTO-PHASE3 -m recent --remove --name PHASE2 --rsource 
-A INTO-PHASE3 -m recent --set --name PHASE3 --rsource 
-A INTO-PHASE3 -j LOG --log-prefix "INTO PHASE3: " 
-A INTO-PHASE4 -m recent --remove --name PHASE3 --rsource 
-A INTO-PHASE4 -m recent --set --name PHASE4 --rsource 
-A INTO-PHASE4 -j LOG --log-prefix "INTO PHASE4: " 
-A INPUT -m state --state NEW -m limit --limit 2/min -j LOG --log-prefix "denied_connection_attempt_"
-A INPUT -j REJECT --reject-with icmp-port-unreachable 
-A FORWARD -j REJECT --reject-with icmp-port-unreachable 
COMMIT

The above steps have been learned from http://www.debian-administration.org/articles/268


<yambe:breadcrumb>Iptables configuration|Iptables configuration</yambe:breadcrumb>

Retrieved from "http://www.sbarjatiya.com/notes_wiki/index.php?title=Port_knocking&oldid=3344"