Port Knocking

BY using port knocking, we can open or close the port if we know the knock order

VM: KALI2 (Server) KALI2 (Client)

KALI2 (Server)
# apt-get install knockd -y
# cat /etc/default/knockd
START_KNOCKD=1

# cat /etc/knockd.conf
[options]
UseSyslog
Interface=eth1
#change eth1 accordingly
[openSSH]
sequence = 7000,8000,9000
seq_timeout = 5
command = /sbin/iptables -I INPUT -s %IP% -p tcp –dport 22 -j ACCEPT
tcpflags = syn
[closeSSH]
sequence = 9000,8000,7000
seq_timeout = 5
command = /sbin/iptables -D INPUT -s %IP% -p tcp –dport 22 -j ACCEPT
tcpflags = syn

# iptables -A INPUT -i lo -j ACCEPT
# iptables -A INPUT -m conntrack –ctstate ESTABLISHED,RELATED -j ACCEPT
# iptables -A INPUT -p tcp –dport 22 -j REJECT
# iptables -S
# mkdir /etc/iptables
# iptables-save > /etc/iptables/rules.v4
# iptables-restore < /etc/iptables/rules.v4
-if using ip6
# ip6tables-save > /etc/iptables/rules.v6
# ip6tables-restore < /etc/iptables/rules.v6
# service knockd start

KALI2 (Client)
-nmap shown ssh port filtered
# nmap 10.0.1.12
PORT STATE SERVICE
22/tcp filtered ssh
80/tcp open http
111/tcp open rpcbind
139/tcp open netbios-ssn
445/tcp open microsoft-ds

# apt-get install knockd -y
# ssh root@ 10.0.1.12
connection refused
# knock 10.0.1.12 7000 8000 9000
# ssh root@ 10.0.1.12
connection successful
# knock 10.0.1.12 9000 8000 7000
# ssh root@ 10.0.1.12
connection refused

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s