Umvirt Knocker

Knocker - is the set of scripts which can be used to simplify and speed up knockd configuration.

Knockd - is port knocking technology daemon which can execute comands after port knocking.

In conjuction with iptables, knockd can open hidden ports after port knocking. This is the useful protection feature from port-sniffering and futher attacking.

Than more commands is handled by knockd the composing of port knocking sequences  is become more difficult. To simplify configuration the knoker was writen.

Knocker can be used in next cases:

1. To one server assigned one real ip addres. All range of tcp/udp ports of ip-adress is owned by one server.

2. To multiple servers assigned one real ip addres. All range of tcp/udp ports of ip-adress is shared between multiple servers.

Knocker contain next scripts:

  • genckockd - knockd.conf file writer (should be used after creating knocker.conf)
  • knock4client - knocking instructions generator
  • knock4server - knockd.conf instructions generator (should be used after creating knocker.conf)
  • knockcomposer - knocker.conf generator
  • knockopen - script for opening tcp/udp ports and it futher automated clossing
  • knocktimeout - script which called by schudle to close opened ports.

Download & Install

You can download archive with Knocker scripts from "Downloads" page.

See futher instructions in "INSTALL" file.

Knocking sequence generating

1. Open file composer.conf and define:

- The minimal amount of items in port-knocking sequence (mincellcnt). Recommnded value: 3
- The maximal amount of items in port-knocking sequence (maxcellcnt). Recommnded value: 3
- Ranges of listened tcp and udp ports (ranges). Posible values: from 1 to 65536.
- List of ignored ports in ranges (ignore).
- Commands which you wish to execute (commands)

Warning: because composer.conf file is JSON-file and handled by PHP be careful with syntax errors.

2. Run 'knockcomposer' script as root, to create or rewrite knocker.conf:

a. To rewrite current knocker.conf or create new:

# knockcomposer --overwrite

b. To update instrictions only for specific user:

# knockcomposer --update joe

Knockd.conf generating

To view contents of generated knockd.conf file run 'knock4server' command.

To update existing knockd.conf use 'genknockd' command or:

# knock4server > /etc/knockd.conf

After updating /etc/knockd.conf file restart knockd daemon

Knocking instructions generating

To view knocking instructions use command:

$ knock4client <your_server_name> <user>

where,
your_server_name - is IP, or domain name of your server
user - is user which commands we wish to show. Use root to view all commands

Knockd commands sould be appear on stdout.
 

English