Archive

Articles taggués ‘knockd’

How to Hide Application Port Using knockd in Linux

04/11/2015 Comments off

Source: linoxide.com

As a system administrator, we should do everything to secure our server from attackers. As the internet grows, threats to our server is also growing. One of the popular entrances to attack our server is through the port on your server that open. If your SSH server is running on your machine, then usually the SSH port is listening. Which means it is open, waiting for the connection.

Leaving the port open for 24 hours, is not recommended because it is vulnerable. Because we can scan the machine to see the open port. Nmap is one of the most popular port scanner that can be used by anyone to scan your machine.

Nmap

How if we can open the on demand and close the port when it’s not used? Sounds interesting. Now we can do it using knockd application.

What is knockd

Knockd is a port-knock server. It listens to all traffice on an ethernet (or PPP) interface, looking for special “knock” sequences of port-hits. (Source : http://www.zeroflux.org/projects/knock)

How it works

Every application needs a port as a “door” for “listening” requests from other clients. This port usually on open state or close state. There are a lot of ports that available on the server. But there are some ports that agreed by consensus, such as SSH (22), Web (80) and FTP (21).

A basic rule of server security is to open only used ports and close the rest. You may have some ports that are sometimes used and sometimes not. Leaving those ports open while is not being used is not recommended.

When you install knockd, you can let the client “knock” the server with pattern. The knocking sequence can be custom by you. So this knocking pattern will be unique to each other. If the pattern is match, then the port you need will be opened for a period of time and the request can enter your server.

Once you have done with the application, you can close the port manually or automatically.

Lire la suite…

Categories: Réseau, Sécurité Tags: , ,

How To Use Port Knocking to Hide your SSH Daemon from Attackers on Ubuntu

04/06/2015 Comments off

Introduction

Servers, by definition, are implemented as a means of providing services and making applications and resources accessible to users. However, any computer connected to the internet is inevitably targeted by malicious users and scripts hoping to take advantage of security vulnerabilities.

Firewalls exist and should be used to block access on ports not being utilized by a service, but there is still the question of what to do about services that you want access to, but do not want to expose to everybody. You want access when you need it, but want it blocked off otherwise.

Port knocking is one method of obscuring the services that you have running on your machine. It allows your firewall to protect your services until you ask for a port to be opened through a specific sequence of network traffic.

In this guide, we will discuss how to implement port knocking as a method of obscuring your SSH daemon on an Ubuntu 12.04 VPS using the knockd package.

Note: This tutorial covers IPv4 security. In Linux, IPv6 security is maintained separately from IPv4. For example, « iptables » only maintains firewall rules for IPv4 addresses but it has an IPv6 counterpart called « ip6tables », which can be used to maintain firewall rules for IPv6 network addresses.

If your VPS is configured for IPv6, please remember to secure both your IPv4 and IPv6 network interfaces with the appropriate tools. For more information about IPv6 tools, refer to this guide: How To Configure Tools to Use IPv6 on a Linux VPS

Lire la suite…

How To Configure Port Knocking Using Only IPTables on an Ubuntu VPS

04/06/2015 Comments off

Source: digitalocean.com

Introduction

Servers that are connected to the internet are subjected to all manners of attacks and probes by malicious users, scripts, and automated bots. It is sometimes a balancing act to secure your server from attacks without affecting legitimate access to your services and resources.

Certain types of services are meant to be visible and consumable to the public internet. An example of this is a web server. Other types of services are typically used by only the system administrator or a select number of individuals and are not meant to be a public resource.

A concept known as port knocking is a way of shielding processes that fit into the latter description. Port knocking works by covering the ports associated with a process behind a firewall until a specific, predetermined sequence of network activity occurs. At this point, the port knocking service reconfigures the firewall to allow access to the protected application.

In a previous article, we discussed how to enable port knocking through a specially designed port knocking service. In this article, we will discuss an alternative method of configuring port knocking.

This method does not rely on an external application to alter the firewall rules. Instead, the iptables firewall can take advantage of a state-tracking module called « recent » to do all of this within the firewall rules themselves.

We will be configuring this on an Ubuntu 12.04 droplet, but any kind of Linux server should operate in a similar manner.

Note: This tutorial covers IPv4 security. In Linux, IPv6 security is maintained separately from IPv4. For example, « iptables » only maintains firewall rules for IPv4 addresses but it has an IPv6 counterpart called « ip6tables », which can be used to maintain firewall rules for IPv6 network addresses.

If your VPS is configured for IPv6, please remember to secure both your IPv4 and IPv6 network interfaces with the appropriate tools. For more information about IPv6 tools, refer to this guide: How To Configure Tools to Use IPv6 on a Linux VPS

Lire la suite…

Port Knocking : sécuriser l’accès à un port

28/01/2014 Comments off

source: http://doc.ubuntu-fr.org/port-knocking

Le port-knocking est une méthode permettant de modifier le comportement d’un firewall en temps réel pour provoquer l’ouverture d’un port suite au lancement préalable d’une suite de connexions sur des ports distincts dans le bon ordre, à l’instar d’un code frappé à une porte.

Cette technique est notamment utilisée pour protéger l’accès au port 22 dédié au Secure shell (SSH) ; elle ne nécessite pas beaucoup de ressources et reste facile à mettre en œuvre.

En résumé, le port knocking est donc une méthode simple pour autoriser un accès distant sur un port non constamment ouvert. Cela permet d’éviter les scans de ports et certaines attaques.

La méthode de port-knocking est considérée comme sécurisée étant donné qu’elle est située à un niveau bas des couches TCP/IP et qu’elle ne requière pas de port ouvert (le service knockd est lui aussi invisible). C’est donc une méthode, mais pas infaillible, permettant de masquer la présence d’un serveur derrière un port.

Lire la suite…

Knockd : Sécuriser vos connexions

07/11/2013 Comments off
source: http://www.debianworld.org/securite.knockd

Knockd est un petit daemon qui autorise ou non une connexion à votre serveur. Pour cela il écoute les ports de votre machine et attend une séquence bien précise de connexions sur les ports que vous avez définis. Si la séquence définie est exécuté dans le bon ordre, le daemon va ouvrir le port et permettre une connexion pour un temps déterminé sur le port ssh par exemple. La séquence peut utiliser des connexions TCP ou UDP ou les deux.

Ainsi, d’un point de vue extérieur le serveur n’a aucun port d’ouverts exception faite pour les clients qui ont la séquence « magique ».

Lire la suite…