Are you familiar with the practice of port knocking? This is a best practice in IT security that enables you to control access to a server by using a sequence of connection attempts to closed ports. This technique is often used to conceal services such as SSH (Secure Shell) from automatic port scanners and potential attackers.
This method adds an extra layer of security, as the ports needed to access your server are not constantly open and, therefore, not always visible.
If you want to set this up, there are different methods available. One of the easiest is to use Knockr, a script written in Go. It can be installed like this:
go install email@example.com
Or like this:
git clone https://github.com/solutionroute/knockr.git
This will allow you to specify the ports to be monitored, as well as the waiting time between each keystroke, the network protocol used, or the waiting time before a new sequence is issued.
The default behavior of the tool is to hit the specified ports using the TCP protocol, with a delay of 100 milliseconds between keystrokes and a timeout of 1.5 seconds for each keystroke. To hit on three ports, 1234, 8923, and 1233, you would use the following command, replacing ‘hostname’ with your machine’s network name:
knockr hostname 1234,8923,1233
This command will send a TCP SYN packet to each of the specified ports, waiting for a response before sending the next packet. If a response is not received within 1.5 seconds, the typing is considered unsuccessful.
To specify a different protocol and delay between keystrokes, you can use the
-d options, respectively. For example, to hit port 22 (SSH) using UDP with a 200-millisecond delay between keystrokes, you would use the following command:
knockr hostname 22 -n udp -d 200ms
To enable silent mode, which displays only error outputs, use the
-s option. For instance, to hit port 22 (SSH) using TCP with a delay of 200 milliseconds and suppress all output except for error output, use this command:
knockr hostname 22 -n tcp -d 200ms -s
It is recommended to include the port(s) that you expect to be unlocked both at the beginning and end of the chain to observe their status before and after the typing process. For example, if you intend to unlock port 22 (SSH) on a specific host, you can use the following command:
knockr hostname 22,1234,18923,1233,22
This command will hit port 22, wait for the expected response, then hit the remaining ports, and finally check the status of port 22 again. This ensures that the specified ports are unlocked after the typing process.
From the examples, you will have understood that:
-doption specifies the delay in milliseconds between keystrokes, with the default being 100 milliseconds.
-noption specifies the protocol to be used for keystrokes, with possible values being
udp. The default value is
-soption puts the tool in silent mode, meaning that only error outputs will be displayed.
Check it out and good luck with your port-knocking adventures!