Open in app

Sign in

Write

Sign in

Port Knocking

Hacer Dalkiran
2 min readJan 16, 2022

If you want to serve some services but do not want to give full access on your server, you can use port knocking. Normally, we have a gateway for port filtering. We will call it a firewall.

Port knocking allows us to close the ports on our firewall, and allows incoming connections just ad prearranged pattern. This prearranged pattern is known as knock.

You can think as in the following:

When my friend wants to comes to my home, she need to find the right apartment and the right time.

1. The time should be prearranged.

2. Type the right apartment number and keystroke #.

When my friend knows the above information, I need time information.

Also, I do not open my door except my friend. This is authorization. Moreover, I need a camera and microphone to understand the person infront of my building is my friend. This is authentication.

Thus we need a client side configuration and server side configuration.

On our server, we use IPTables;

#iptables -A INPUT -i lo ACCEPT response the requests

#iptables -A INPUT -m conntrack –ctstate ESTABLISHED,RELATED -j ACCEPT — -Stabilize the connection

#iptables -A INPUT -p tcp –dport 80 -j ACCEPT Allow port 80

#iptables -A INPUT -j DROP Drop the other requests

Lets install a package to be not write rules every time.

Sudo apt-get install iptables-persistent

Netfilter-persistent save

Netfilter-persistent reload To do our rules persistent

Now, we need knockd tool. You can find this tool on Github;

Lets install the tool;

sudo apt-get install knockd

Lets make some editing on the configuration page by using vi;

sudo vi /etc/default/knockd

do

START_KNOCKD=1, instead of 0.

After this configuration, our tool will work.

In knockd.conf file, in options section, we can configure the following options;

Sequence: define the sequence of our requests on which ports

Seq_timeout: timeout

Tcpflags: which tcp flag our request have.

Lets do an example,

sudo service knockd start

for x in 7000 8000 9000; do nmap -Pn — host_timeout 201 — max-retries 0 -p $x server_ip_address; done

we will reach our server by ssh. We knock the door 3 times, and the owner of home opened the the door.

After those, we should close the ports;

for x in 9000 8000 7000; do nmap -Pn — host_timeout 201 — max-retries 0 -p $x server_ip_address; done

we can use Knockd in easier way;

knock 10.10.42.23 7000 8000 9000

ssh user@10.10.42.23

logout

In my article, I benefited from

https://erenn-uygun.medium.com/port-knocking-nedir-5fc13e0f01a5

Cybersecurity
Port Security
Port Knocking

--

--

Hacer Dalkiran

Written by Hacer Dalkiran

20 Followers

Mathematician and Cybersecurity girl

Help

Status

About

Careers

Blog

Privacy

Terms

Text to speech

Teams