|
|
|
|
|
|
by mr_mitm
777 days ago
|
|
|
Port knocking is one of those things that sound like a good idea, but there are many possible footguns. And why is it that there is no one consensus (or "blessed") implementation? The implementation by Moxie seems interesting, but needless to say that Python 2 is an instant no-go: https://github.com/moxie0/knockknock It hasn't been updated in 12 years, so why is it that there seems almost no real interest in a solid port knocking implementation? |
|
|
For a random example, most of these ports will just bind to the default web-server (mitigates loopback attacks etc.):
2021 //tripwire 5 day ban, delay 30s
2022 //SSL tunnel for SSH port on VM, with client source-port range restriction.
2023 //tripwire 5 day ban
2024 //tripwire 5 day ban, delay 130s
2025 //tripwire 5 day ban
2026 //trigger 1: enable trigger 2 for specific IP, 5 second delay to open
2027 //tripwire 5 day ban
2028 //trigger 2: enable trigger 3 for specific IP, 4 second delay to open
2029 //tripwire 5 day ban, delay 19s
2030 //tripwire 5 day ban
2031 //trigger 3: close trigger 2, enable SSL tunnel port for specific IP in 1 second
2032 //tripwire 5 day ban
2033 //close all ports for this client IP, and reset trigger states in 1 second
2034 //tripwire 5 day ban
I think the lack of popularity comes from the ease of locking oneself out (initially manual starting a firewall during configuration without rule caching is wise), and lack of client-side automated handshaking scripts on non-*nix systems.
Someone should put together a little tutorial given many people seem to have lost this simple skill-set. Most people tend to ignore fail2ban integration options like banning game cheats.
Have a wonderful day, =)