“The first time I have seen the knockd project I liked it instantly. The idea is so simple, and though so effective. Knockd is a port-knocking application that silently runs on a server passively listening to network traffic. Once it will see a port sequence it has an action configured for it, it will run that action. We can see this as a remote control to our server: once we hit the right button it will take the appropriate action!”
You don’t need a special program to do that. You only have to configure the rules straight into the iptables config. This knockd thing might make it easier, but it is most certainly not essentail for port knocking.
Agreed.
Here is a brief writeup of doing this just in iptables:
http://www.debian-administration.org/articles/268
Security through obscurity.
But obscurity is fine as long as you have actual security behind it and I’m sure it would reduce the failed hits in my ssh logs.
– Jesse McNelis
The reason I started using it a while ago was for precisely that, reducing the size of the log files relating to the services I was running. Smaller log files are easier to read and spot trouble.
Problems can occour, however, when you have a large number of people trying to make use of the services hidden behind port knocking. Larger sequences are more secure, but longer sequences are also harder to remember, which means that shorter sequences tend to be prefered.
I think it’s great for personal use or use by a small number of people, but not much more than that.
First this idea of port knocking was seen i trojans/rootkits i wonder why it took so long to implement it for the good reasons?
This isn’t really any more secure than just disabling password logins and only use keys with ssh.
It might cut down on the failure hits in the logs but so does simply just running sshd on a different port.
I completely agree. I used to get all sorts of login attempts when I had SSH running on the standard port. So I moved it to a non-standard port (one well above 1024) and absolutely nobody tries to log in now. The ports scanners usually don’t find it because they usually only try common ports.
Port knocking is a cool idea though, and it’s just one more layer that can deter a non-motivated wannabe intruder.
I used to get all sorts of login attempts when I had SSH running on the standard port. So I moved it to a non-standard port (one well above 1024) and absolutely nobody tries to log in now.
So did I. Of course, you can’t use it as a security measure because you must secure SSH properly as you would normally do, but what it does do is stop pointless log in attempts from automated attacks on port 22 and stop your logs filling up with them.
ah, i get it now. this is a substitute for the sekret decoder ring and sekret handshakes of my youth.
It would be good to have a knock sequence implemented in putty.exe client. Now I have a knock.bat script I run before starting a putty client.
if Putty session had a knock port sequence to be given…