|_&&']['20/22.#4[x3/2.|*#!1050|*#`/. gnu/linux; *nix. c 1 9 being redirected to /dev/null. issues to null@altair.uni.cx. *alt*.serving./at/.`{altair,algol,antares,arcturus,aldebaran,spica,ceti,vega,fomalhaut,rigel,sirius}./dot/.uni./dot/.cx'. ---- this blog still exists only for historical evidence (to my embarrassment). some of the non-laughable "articles" can be read at altair.uni.cx/growl/. :wq.

Wednesday, February 18, 2009

.knockd.

## (to) knock; knockd. however, that `d' comes from `daemon'.

% echo -e 'e.g.,\n'

% iptables -L -n
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- foo.bar.qux.def 0.0.0.0/0 tcp dpt:22
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22

% cat /etc/knockd.conf
[openSSH]
sequence = foobar,def,plugh,fred,xyzzy,thud
seq_timeout = 5
command = /sbin/iptables -I INPUT -s %IP% -p tcp --dport 22 -j ACCEPT
tcpflags = syn

[closeSSH]
sequence = thud,def,fred,foobar,xyzzy,plugh
seq_timeout = 5
command = /sbin/iptables -D INPUT -s %IP% -p tcp --dport 22 -j ACCEPT
tcpflags = syn

% knock -v foo.bar.qux.quux foobar def plugh fred xyzzy thud

% echo 'however, knocks can be sent via netcat, hping, packit, etc.'

% echo 'open_port command executed @foo.bar.qux.def.'
% echo 'do sleep 16; while job_done; done...'

% knock -v foo.bar.qux.quux thud def fred foobar xyzzy plugh

% echo 'close_port command now executed @specific.host. all set. w00t!'

n.b.
#01. {def,foobar,fred,plugh,thud,xyzzy} == (tcp || udp) ports.
#02. use as many as you want... anyway, 3 should be just fine (read as `secure').
 .
..:

7 comments:

Anonymous said...

Oi. Start writing. Can't leave your blog dead and Identica frozen. Reach out and choke someone.

Anonymous said...
This comment has been removed by a blog administrator.
masaj erotic said...

Felicitari in primul rand pentru blog,este o munca depusa eficient,in al doilea rand pentru minunatele postari...mi se pare foarte interesant. succes si sa munciti cu cel putin acelasi simt de raspundere pe viitor

adirau said...

wtf jula, ti-au raspuns chinezii si curvele. fii atent (re, knockd): http://ingles.homeunix.net/software/ost/ noi fol. ostiary ptr ssh

Unknown said...

This tutorial on knockd was really informative Ionut. Thanks a lot for sharing it with us. We make some Python tutorials as well that may benefit your readers at https://www.linkedin.com/company/firebox-training

impotence said...

What's up, this weekend is fastidious in favor of me, since this occasion i am reading this great educational post here at my residence.

erectile dysfunction pills said...

I got this web site from my friend who informed me on the topic of this website and at the moment this time I am browsing this web page and reading very informative articles or reviews at this time.


; about::fdd.

My photo
twin peaks, 42 milky way, sol system, earth, United States
-----BEGIN GEEK CODE BLOCK----- GCS/E/IT/L/M/MU/P/S/TW/ dpu s:- a-- C++++(+++) UBHLSV++++ P---(P-) L+++++ E++(+++) W+++ N++++ o+++ K++++++ w O+ M-- V-- PS+++ PE/++ Y+++ PGP++++ t+++/* 5++>++++ X++++ R++@ !tv b++++ DI+++@ D++(+++) G+++++ e* h+>++ !r y**. ma+ k++ F3 X+++ ------END GEEK CODE BLOCK------

; blog.archive.

; labels.

Creative Commons Licence [Some Rights Reserved]Ionuț Jula :: licensed for reuse under this Creative Commons Licence.
                            Some rights reserved. | Creative Commons Attribution-Share Alike 3.0 Unported License.
 .
..: