Table of Contents

FWKNOP

Single Packet Authorization (SPA) Port Knocking.

Port knocking is used to alter packet filter rules on a host dependant upon a packet encrypted with a secret key delivered to that host.

It can be used to open a normally closed port to an SSH server from a single host for a limited time duration.

Server

IPtables
iptables -t filter -A INPUT -i eth0 -p tcp --syn --destination-port 22 -j REJECT --reject-with icmp-port-unreachable
FWKNOP
Install
apt install fwknop-server
Run
/usr/sbin/fwknopd
access.conf
SOURCE: ANY
OPEN_PORTS: tcp/22
KEY: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
FW_ACCESS_TIMEOUT: 60
fwknop.conf
PCAP_INTF eth0;

Client

Install
apt install fwknop-client 
.fwknoprc
[default]

[hostname]
SPA_SERVER      x.x.x.x
ACCESS          tcp/22
ALLOW_IP        resolve
KEY             XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
.ssh/config
Match host hostname exec "fwknop -n hostname && sleep 0.5"

Resources

Home page