[TriLUG] Port Knocking Alternatives?

Jeff Groves jgroves at krenim.org
Fri Feb 4 11:56:14 EST 2005 

Rick DeNatale wrote:

>I've been thinking about ways to keep ports like ssh closed to the
>internet until I need them.
>
>Port knocking seems to be a popular technique but I'm not sure that
>that's what I want.  For one thing it won't work if the incoming
>client is behind a firewall which blocks outgoing traffic on one or
>more of the knock ports.
>
>So I was thinking of something like a cgi on my webserver which I
>could talk to via ssl. This could accept a passphrase and alter the
>firewall rules to open up another port for the client's ip address,
>perhaps for some time period, or whatever policy I wanted to apply.
>
>Is anyone aware of anything which does this or something similar?
>
>Another nice thing to support might be, under client request, instead
>of opening up port 22 for sshd, redirect port 443 to 22 for that
>client in order to let ssh tunnel through a firewall which allows
>outgoing https but not ssh,
>
>I've also thought of setting up a "fake" sshd, which would make
>intruders "think" that they had gotten in, only to get a "MOTD" which
>said something like:
>
>Thank you for participating in the NSAs cyber-hacker registration program.
>We have noted your information and entered it into our target database.
>Retaliation will be performed at a random time, under the authority of
>the US Patriot Act.
>Have a great day!
>
>and then they would be disconnected.
>
>I think that this could be done with iptables and a small bit of programming.
>  
>
I prefer to use /etc/hosts.allow and set it up so that IP addresses that 
I use on a regular basis are only allowed to connect via ssh.  For the 
situation where I'm at an IP address that isn't in my /etc/hosts.allow, 
I log on to a friend's machine who is far more adventuresome than I and 
then ssh in from his box to my box only long enough to add the new IP 
address my /etc/hosts.allow.

Someone on this list earlier suggested using your trilug ssh account for 
the same purpose which sounds good to me as well.

Jeff G.

-- 
Law of Procrastination:
        Procrastination avoids boredom; one never has
        the feeling that there is nothing important to do.

More information about the TriLUG mailing list