Talk:Port knocking

From ArchWiki
Revision as of 14:38, 16 August 2013 by Lahwaacz (Talk | contribs) (Merge tag with iptables: re)

Jump to: navigation, search

For me the supplied script did not work. Instead of


nmap -P0 --host_timeout 201 -p $2 $1 &> /dev/null

nmap -P0 --host_timeout 201 -p $3 $1 &> /dev/null


I use


nmap -PN --host_timeout 201 --max-retries 0 -p $2 $1 &> /dev/null

nmap -PN --host_timeout 201 --max-retries 0 -p $3 $1 &> /dev/null


The Flag P0 seems to have been renamed to PN in a more recent nmap version. But the important part is max-retries. If it is not set to 0 nmap sends several TCP SYN packets to the target host. This then causes serveral knocks on Port 1 and 2 instead of just one - thus knocking 'out of order'.

Please edit if you agree - I'm not an 'expert' by all means, this are just my thoughts after examining iptables logs. I'll edit the page in a few days if there is no respone - I just wanted to have feedback before I do.

Merge tag with iptables

Hi, I would not merge this to iptables. Three reasons: (1) Iptables is a massive topic. It's basics are hard enough to cover on one page. (2) This here is pretty specialised and only few users will ever have contact with the concept of port knocking. It's likely out-of-bounds on the main page. (3) More adequate imo would be a merge to the stateful-firewall page (port knocking with iptables is great, but boils down to advanced state handling). But that is too large itself and has a small section regarding knockd (maybe that bit could be merged here?). I think it would be enough to link the pages together a bit more. Thoughts? --Indigo (talk) 19:30, 11 August 2013 (UTC)

I just don't like the current state, it seems it could use merging into some page with better context (you're absolutely right about Simple Stateful Firewall). But, if this page is rewritten to be more like a guide and not just presenting a (commented) config file, then it could be useful standalone page. (Perhaps I should have added a 'Poor writing' tag instead of 'Merge'.) -- Lahwaacz (talk) 08:34, 12 August 2013 (UTC)
I'd enjoy contributing to making the page more proper, but it'll take some time with leisure. I just re-read the Simple_stateful_firewall#Port_knocking and think one should move that here and link from stateful firewall. Although the explained knockd has (obviously) great history, I personally find it going too far for that page. Also I dislike introducing daemons on the Simple_stateful_firewall page and knockd is the only daemon explained there on top of iptables itself. Moving that para here would make it a section on the daemon (automatic way to setup) and a manual way (like on the wireless page). For the manual way the rules on the page could be split up a bit further in blocks moving the comments into verbose for starters.
Additionally, as an light intro one could take up a (1) simple example of state-checking ssh bruteforce, leading over to (2) port knocking as a concept, to (3) introducing knockd (and maybe alternatives), then the (4) manual script in more verbose and (5) Resources. What do you think? --Indigo (talk) 22:31, 13 August 2013 (UTC)
Sounds great! I'll see if I can help too. -- Lahwaacz (talk) 14:38, 16 August 2013 (UTC)