Practical Secure Port Knocking
by John Graham-Cumming 


Listing One

#!/usr/bin/perl -w
use strict;
my @knocks;
while ( <> ) {
   my $packet = $_;
   $packet =~ /^((\d+\.){3}\d+)\.(\d+) > ((\d+\.){3}\d+)\.(\d+)/;
   my ($src_ip,$src_port,$dest_ip,$dest_port ) = ($1,$3,$4,$6);
   if ( $packet =~ / ack / ) {
      @knocks = grep( !/^$src_ip:$src_port$/, @knocks );
   } else {
      push @knocks, "$dest_ip:$dest_port";
   }
}
foreach my $k (@knocks) {
   print "Knock on $k\n";
}


Listing Two

# The common section contains configuration options for the tumblerd daemon,
#  here we set the UDP port to listen on to 8675 and a log file
[common]
   port = 8675
   log = /var/log/tumblerd.log
# Each door that a user can knock on is defined by a unique [door-X] section, 
# the first section is for opening the SSH port, and second for closing
#
# Each door has a secret (i.e. the password for this
# door that is part of the knock) and a command to execute.
#
# In the command it's possible to use the macros %IP% for the IP address of 
# the person who knocked and %NAME% for the name of the door (in the 
# first door here the name is open-ssh)
[door-open-ssh]
   secret = open-pAsSwOrD
   command = iptables -I INPUT -p tcp -s %IP% --dport 22 -j ACCEPT
[door-close-ssh]
   secret = close-pAsSwOrD
   command = iptables -D INPUT -p tcp -s %IP% --dport 22 -j ACCEPT






1


