If you have read our last few posts, you already what a port knock is. We had mentioned about it here when we wrote about winKnocks. Today, we are going to blog about ipt_pkd.
Port knocking per se can be very dangerous if you were to try it on your own firewall without any authentication mechanism. winKnocks is a good option though its implementation is mainly for Windows. So what do you do to protect your Linux based firewall, when you do want to use an option of port knocking? Simple – use ipt_pkd! ipt_pkd is an iptables extension implementing port knock detection. It makes use of single packet authorization. The knock packet is a sha256 of a timestamp, some random bytes, a small header, and a shared key, sent via udp. The timestamp and the bytes are passed in the packet so the server can do the sha256 and compare the results. If its a match then the pkd module returns true, otherwise false and any more packets from the sender are dropped. To eliminate a replay attack, the source and destination ports are used in the hash!
There are two versions – one in C and the other in Python. The open source package has a small python script-knock.py which is a python implementation of ipt_pkd which reads the necessary information from ipt_pkd.ini. You can have it accept 3 options – a 40 bytes long-hex-shared key, a window (time until it waits for a valid knock from a system) and a 4 byte long tag which helps in speeding up the processing. You can make use of “hitcount” to maintain a control over the number of times you would like the knock until it is dropped,reset, etc.
Download ipt_pkd here.
You must log in to post a comment.