On Sat Oct 7 2006, in the Usenet newsgroup comp.os.linux.networking in article
<(E-Mail Removed) .com>, AND IN the Usenet
newsgroup comp.security.firewalls in article
<(E-Mail Removed) .com>, Noah Garrett Wallach
wrote:
[Please don't post the same article to multiple newsgroups. If you must,
put up to five newsgroup names, comma separated as I've done here, and set
the Followup-To: header - which I haven't done here because I've no idea
where you are reading]
>I have really specific needs and wondering if somebody has written a
>port knocker out there already that fits the criteria of what I am
>looking for.
Well, let's stop for a moment and ask what _Operating_System_ you are using?
You posted to a Linux newsgroup, but your headers say Mac OSX, and you
mention FreeBSD below. That really does make a difference.
>1) User needs to telnet to specific port and/or log into a website.
>2) Learns the IP address that the user is coming from in step 1.
>3) Opens ssh port to specifically to the IP address grabbed in step 1
>but also keeps ssh port open to statically defined IPs in
>/etc/rc.firewall .
The normal technique is to attempt to telnet to an otherwise closed port,
and let your firewall react by opening a different port for perhaps one
minute to that address from where you attempted the telnet. If you don't mind
being accused of "Security By Obscurity", this _could_be_ some something like
Telnet remote.host 25096
Connection Refused
SSH remote.host 9629
Login:
In this example, you can also put traps at ports 9625 and 9635 that _close_
the firewall access to 9629. This catches port scanners. OBVIOUSLY, USE
RANDOM NUMBERS FOR THOSE PORTS. I happen to have chosen those by looking
at the size of a file in my home directory that was 2509629 bytes.
>4) As soon as the user disconnects from the ssh port the IP address in
>step 1 no longer can access the ssh port unless they log back in like
>the procedure in step 1.
Normal routine is to open the SSH port for NEW connections for a minute. The
firewall rule that allows _establisted_ connections handles the connection
after the one minute.
>I reviewed two programs doorman and knock (found in FreeBSD
>/usr/ports/security)
You should also be able to do it directly with your firewall rules, but it's
highly dependent on which operating system you are using.
>Anybody know of other programs I could check out?
You are posting from a search engine. Did you think to try searching there
for the terms "port+knocking" and the name of your O/S ?
Web Results 1 - 10 of about 592,000 for port+knocking Linux. (0.15
seconds)
Web Results 1 - 10 of about 267,000 for port+knocking OSX. (0.21
seconds)
Web Results 1 - 10 of about 148,000 for port+knocking FreeBSD. (0.15
seconds)
Web Results 1 - 10 of about 79,000 for port+knocking OpenBSD. (0.15
seconds)
Web Results 1 - 10 of about 66,200 for port+knocking NetBSD. (0.25
seconds)
Notice - it varies by O/S. Who would have thought?
Old guy
|
Similar Threads
Linear Mode
