Knockd 0.5

Support section for FREESCO v0.4.x 3rd Party Packages

Knockd 0.5

Postby bob selby » Mon Oct 08, 2012 1:22 pm

I have this working with 3 ports but they are fairly commonly used ports so not so secure as I'd like.

The problem is that the firewall at the remote site I need to gain access from is screwed down so tight it sqeaks!
and I'm having difficulty finding out what they allow out.

Is there a way I can see what is making it through to my 040 box?? I have turned on the "-v" option (in addition to the existing "-D" option) but it doesnt seem to make much difference to the level of reporting.

Can anyone suggest a way to figure out accessible ports ??

I guess I could put wireshark with a hub on the incoming link - but the volume of cr*p I'd have to filter through would be huge.

Bob
bob selby
Advanced Member
 
Posts: 302
Joined: Wed Nov 21, 2001 8:18 am
Location: London, UK

Re: Knockd 0.5

Postby Lightning » Mon Oct 08, 2012 6:59 pm

hping would probably be a good program to use on the remote site. You could use it in conjunction with a shell script like this.

Code: Select all
#!/bin/sh
i=20
while :
do   hping FREESCO-URL -c 1 -p $i >/dev/null 2>&1
      [ $? = 0 ] && echo $i >>/active_ports.txt && echo -n " $i"
      i=`expr $i + 1`
      [ $i -ge  47000 ] && break
done
Actual service ports such as 22 and 80 may or may not be shown as active even though they really are.

But even if you only have three ports you can use. You can use any port any number of times. So something like port 22 or 23 five times in a row could be a good initial filter if mixed with other ports.
If you are afraid that you might make a mistake. The chances are high that you will never learn anything.
User avatar
Lightning
FREESCO GOD !!
 
Posts: 12079
Joined: Wed Nov 14, 2001 6:50 am
Location: Oregon, USA

Re: Knockd 0.5

Postby bob selby » Wed Oct 24, 2012 8:44 am

All working now :-)

I have found that port 443 (https) is also open from the remote site but 8080 is not - and with the other common ones that are open I feel I have a reasonably secure setup now :-)

One thing I have noticed is that it is advisable to avoid patterns that start and end the same or knockd gets confused - so don't be tempted to try 80,21,433,80 to open and 80,433,21,80 to close - (80,21,80,433 and 443,80,21,80 is fine).

Also avoid sequential ascending patterns like 21,22,23 (fairly obvious really since that is how port scanners operate).

Regards,
Bob
bob selby
Advanced Member
 
Posts: 302
Joined: Wed Nov 21, 2001 8:18 am
Location: London, UK


Return to 3rd Party Package Support for FREESCO v0.4.x

Who is online

Users browsing this forum: No registered users and 2 guests

cron