Wednesday, February 18, 2009


## (to) knock; knockd. however, that `d' comes from `daemon'.

% echo -e 'e.g.,\n'

% iptables -L -n
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- foo.bar.qux.def tcp dpt:22
DROP tcp -- tcp dpt:22

% cat /etc/knockd.conf
sequence = foobar,def,plugh,fred,xyzzy,thud
seq_timeout = 5
command = /sbin/iptables -I INPUT -s %IP% -p tcp --dport 22 -j ACCEPT
tcpflags = syn

sequence = thud,def,fred,foobar,xyzzy,plugh
seq_timeout = 5
command = /sbin/iptables -D INPUT -s %IP% -p tcp --dport 22 -j ACCEPT
tcpflags = syn

% knock -v foo.bar.qux.quux foobar def plugh fred xyzzy thud

% echo 'however, knocks can be sent via netcat, hping, packit, etc.'

% echo 'open_port command executed @foo.bar.qux.def.'
% echo 'do sleep 16; while job_done; done...'

% knock -v foo.bar.qux.quux thud def fred foobar xyzzy plugh

% echo 'close_port command now executed @specific.host. all set. w00t!'

#01. {def,foobar,fred,plugh,thud,xyzzy} == (tcp || udp) ports.
#02. use as many as you want... anyway, 3 should be just fine (read as `secure').


date +%s was 1234567890.
we all celebrated, @##1234567890, on irc/dot/freenode/dot/net.

you might want to check some irc logs: http://data.softwareliber.ro/irc-logs/%23%231234567890/%23%231234567890.13-02-2009.log.
we also partied on #gsl (% lynx http://data.softwareliber.ro/irc-logs/%23gsl/%23gsl.13-02-2009.log | grep 1234).

happy unix epoch.

//...on the first day of y2k38, my server said to me: *epoch fail*.

