Knockknock socket uml4/15/2023 The content of these packets is not important here, which means that this step can be performed using any program, like telnet, ssh, or even a web browser. This means that to open a connection, a packet on a specific closed port (let’s call it port #1) has to be sent, followed by another packet on another closed port (let’s call it port #2) within a time interval. Now, how do we know if a connection can be trusted?Īs explained above, several methods for port scheme and timing are possible, but I wanted something really simple that would not require any additional program or file. Knock-knock is modifying the content of the permission tables on the fly to allow trusted connections. On most versions of Linux, port access can be allowed and forbidden using the network permission tables, which are located at /etc/hosts.allow and /etc/ny on a Ubuntu server (the location might change on a different version of Linux). The code for knock-knock is given at the end of the article, here I am just going to explain the idea behind it. So I decided to code my own port knocking solution using raw sockets, it is called “Knock-knock”. I wanted something simple that I could understand and install on my server easily, and that would not require any additional program for me to open the port to my ssh server. Open source solutions for port knocking already exist, but most of them require the use of a specific port knocking client program. Variants include possibilities for encrypted packets or complex port knocking timed schemes. In our case, we want to send a packet to open the access to a ssh server. This reduces dramatically the number of possible threats on your server. I am not saying that the server will be made completely safe, but it will be made hard enough to hack for the average 13-year old script kiddie. With port knocking, one has to send a packet to a specific closed port in order for another port to be opened by the system or the firewall. Indeed, whether you want it or not, you will undergo the continuous scans of script kiddies in desperate search for a computer to hack. This can be extremely useful if you have a small server at home. This means that they are not even allowed to interact with the service they want to hack: they just can’t access it. Port knocking is used in network security to prevent malicious users from seeing services they should not have access to. Finally, I decided to use port knocking to solve my problem, avoiding unnecessary traffic and preventing brute force hacking. Using an ssh key instead of a password could also be very effective, but it implies that I have the key available anywhere I need it need, which could be an issue. A solution for that is to use IPTable to block brute force attacks, but I don’t want my server to use its processor to deal with unnecessary traffic. But this will not stop the brute-forcing to happen. This implies at least 12 characters, including upper and lower case letters, numbers and punctuation. Another important point is to have a strong password. However, a complete scan of all the ports on the machine will quickly reveal the server. By default, ssh is reachable through the port 22, therefore choosing a different port is a good way to prevent the server to be discovered too easily. In search of a solution…Ī non-conventional port number is a good start. I had to find a solution for this to never happen again. Luckily I noticed the intrusion, but I had to reinstall the server completely to make sure it was clean, which was an unnecessary hassle. The fault is totally mine, for a poor choice of password. After a year, some guy managed to break into the server by brute-forcing the ssh server. I thought that except for me, the box would not be of any interest to anybody, and that anyway, it would take them quite long to hack into it using brute force. In order to log into the box, I just set up an ssh server. I have been using an old computer running under Linux as a personal server for three years now. I have been using Knock-knock daily on a Ubuntu server for two years without any problem, and the code is small and simple enough for anybody to understand it. In this article, I present a small raw socket daemon coded in C called “Knock-knock”, that allows port knocking to secure services under Linux.
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |