port-knocker script and/or package recommendation
Peter Garrett
peter.garrett at optusnet.com.au
Thu Jun 28 03:33:23 UTC 2007
On Wed, 27 Jun 2007 09:07:50 -0700
Noah <admin2 at enabled.com> wrote:
> I need a good program, package, and/or script that does a great job at
> port-knocking.
I use "knockd" - the package is in the universe repository.
It can run as a daemon (waiting for the correct sequence of knocks) and
the package includes the "knock" command which is used to knock and gain
access.
The configuration is not difficult - the main files are
/etc/knockd.conf
/etc/default/knockd ( which determines whether the daemon is run on
startup)
" man knockd " includes several clear examples.
Obviously you will only run the daemon/server on the "target" machine. It
is quite easy to write a little one to three line script to
automate the knock sequence, and you can tailor your knock sequences to
have as many or as few ports as you wish, UDP or TCP, and so on. It is
probably safest to keep this on a usb key or something of the kind, in
case someone gets control of the "client" machine - your view on this will
vary according to circumstances and degree of paranoia :-)
Peter
More information about the ubuntu-users
mailing list