Port Knocking
If you want to serve some services but do not want to give full access on your server, you can use port knocking. Normally, we have a gateway for port filtering. We will call it a firewall.
Port knocking allows us to close the ports on our firewall, and allows incoming connections just ad prearranged pattern. This prearranged pattern is known as knock.
You can think as in the following:
When my friend wants to comes to my home, she need to find the right apartment and the right time.
1. The time should be prearranged.
2. Type the right apartment number and keystroke #.
When my friend knows the above information, I need time information.
Also, I do not open my door except my friend. This is authorization. Moreover, I need a camera and microphone to understand the person infront of my building is my friend. This is authentication.
Thus we need a client side configuration and server side configuration.
On our server, we use IPTables;
#iptables -A INPUT -i lo ACCEPT response the requests
#iptables -A INPUT -m conntrack –ctstate ESTABLISHED,RELATED -j ACCEPT — -Stabilize the connection
#iptables -A INPUT -p tcp –dport 80 -j ACCEPT Allow port 80
#iptables -A INPUT -j DROP Drop the other requests
Lets install a package to be not write rules every time.
Sudo apt-get install iptables-persistent
Netfilter-persistent save
Netfilter-persistent reload To do our rules persistent
Now, we need knockd tool. You can find this tool on Github;
Lets install the tool;
sudo apt-get install knockd
Lets make some editing on the configuration page by using vi;
sudo vi /etc/default/knockd
do
START_KNOCKD=1, instead of 0.
After this configuration, our tool will work.
In knockd.conf file, in options section, we can configure the following options;
Sequence: define the sequence of our requests on which ports
Seq_timeout: timeout
Tcpflags: which tcp flag our request have.
Lets do an example,
sudo service knockd start
for x in 7000 8000 9000; do nmap -Pn — host_timeout 201 — max-retries 0 -p $x server_ip_address; done
we will reach our server by ssh. We knock the door 3 times, and the owner of home opened the the door.
After those, we should close the ports;
for x in 9000 8000 7000; do nmap -Pn — host_timeout 201 — max-retries 0 -p $x server_ip_address; done
we can use Knockd in easier way;
knock 10.10.42.23 7000 8000 9000
ssh user@10.10.42.23
logout
In my article, I benefited from
https://erenn-uygun.medium.com/port-knocking-nedir-5fc13e0f01a5