Port knocking: more than one port or sequence
Posted: 13 Apr 2013, 04:25
Hello, and thank you for building this tool that I completely love.
I've been experimenting with Port Knocking and it works perfectly, but just for opening one port server-wide.
Is there a way to define multiple ports to open or different sequences for different ports?
For example: I have a server that acts as a Webmin controller for other servers, and also as a SSH proxy to the same servers. Some of my users would require http access to port 10000 to restart services etc, and other users would connect to the server to port 22 to SCP files on this server or others in the network.
I'd like to define 10000;TCP;20;port1;port2;port3 and 22;TCP;20;por1;port50;port649. Is there some sort of separator to add more than a sequence to that field/variable? Or can I define a range of ports to be opened as 22-10000;TCP;20;etc?
Here's my port knocking helper script. It works like a charm in Mac OS X:
I call it k and invoke it with "k hostDotCom port port port" right before ssh'ing or whatever I need to do.
Thanks in advance.
Cheers,
Argie
I've been experimenting with Port Knocking and it works perfectly, but just for opening one port server-wide.
Is there a way to define multiple ports to open or different sequences for different ports?
For example: I have a server that acts as a Webmin controller for other servers, and also as a SSH proxy to the same servers. Some of my users would require http access to port 10000 to restart services etc, and other users would connect to the server to port 22 to SCP files on this server or others in the network.
I'd like to define 10000;TCP;20;port1;port2;port3 and 22;TCP;20;por1;port50;port649. Is there some sort of separator to add more than a sequence to that field/variable? Or can I define a range of ports to be opened as 22-10000;TCP;20;etc?
Here's my port knocking helper script. It works like a charm in Mac OS X:
Code: Select all
#!/bin/bash
HOST=$1
shift
for ARG in "$@"
do
/usr/bin/curl --no-keepalive --connect-timeout 2 -o /dev/null --retry 0 -4fs http://$HOST:$ARG
done
Thanks in advance.
Cheers,
Argie