1knock :: A port-knocking implementation 2======================================= 3 4Copyright (c) 2004-2005, Judd Vinet <jvinet@zeroflux.org> 5 6========= 7 ABOUT 8========= 9This is a port-knocking server/client. Port-knocking is a method where a 10server can sniff one of its interfaces for a special "knock" sequence of 11port-hits. When detected, it will run a specified event bound to that port 12knock sequence. These port-hits need not be on open ports, since we use 13libpcap to sniff the raw interface traffic. 14 15=========== 16 EXAMPLE 17=========== 18The example below could be used to run a strict (DENY policy) firewall that 19can only be accessed after a successful knock sequence. 20 211) Client sends four TCP SYN packets to Server, at the following ports: 22 38281, 29374, 4921, 54918 23 242) Server detects this and runs an iptables command to open port 22 to Client. 25 263) Client connects to Server via SSH and does whatever it needs to do. 27 284) Client sends four more TCP SYN packets to Server: 29 37281, 8529, 40127, 10100 30 315) Server detects this and runs another iptables to close port 22 to Client. 32 33 34==================== 35 KNOCKING CLIENTS 36==================== 37The accompanying knock client is very basic. If you want to more advanced 38knocks (eg, setting specific tcp flags) then you should take look at hping, 39sendip or packit. 40 41 http://freshmeat.net/projects/hping/ 42 http://freshmeat.net/projects/sendip/ 43 http://freshmeat.net/projects/packit/ 44 45 46========================= 47 OTHER IMPLEMENTATIONS 48========================= 49Here are some other implementations of port-knocking: 50 51 http://sourceforge.net/projects/pasmal/ 52 http://doorman.sourceforge.net/ 53 54