Knockr – Easily set up a port knocking sequence on your server

Are you familiar with the practice of port knocking? This is a best practice in IT security that enables you to control access to a server by using a sequence of connection attempts to closed ports. This technique is often used to conceal services such as SSH (Secure Shell) from automatic port scanners and potential attackers.

This method adds an extra layer of security, as the ports needed to access your server are not constantly open and, therefore, not always visible.

If you want to set this up, there are different methods available. One of the easiest is to use Knockr, a script written in Go. It can be installed like this:

go install github.com/solutionroute/knockr@v0.2.0

Or like this:

git clone https://github.com/solutionroute/knockr.git
cd knockr
go install

This will allow you to specify the ports to be monitored, as well as the waiting time between each keystroke, the network protocol used, or the waiting time before a new sequence is issued.

The default behavior of the tool is to hit the specified ports using the TCP protocol, with a delay of 100 milliseconds between keystrokes and a timeout of 1.5 seconds for each keystroke. To hit on three ports, 1234, 8923, and 1233, you would use the following command, replacing ‘hostname’ with your machine’s network name:

knockr hostname 1234,8923,1233

This command will send a TCP SYN packet to each of the specified ports, waiting for a response before sending the next packet. If a response is not received within 1.5 seconds, the typing is considered unsuccessful.

To specify a different protocol and delay between keystrokes, you can use the -n and -d options, respectively. For example, to hit port 22 (SSH) using UDP with a 200-millisecond delay between keystrokes, you would use the following command:

knockr hostname 22 -n udp -d 200ms

To enable silent mode, which displays only error outputs, use the -s option. For instance, to hit port 22 (SSH) using TCP with a delay of 200 milliseconds and suppress all output except for error output, use this command:

knockr hostname 22 -n tcp -d 200ms -s

It is recommended to include the port(s) that you expect to be unlocked both at the beginning and end of the chain to observe their status before and after the typing process. For example, if you intend to unlock port 22 (SSH) on a specific host, you can use the following command:

knockr hostname 22,1234,18923,1233,22

This command will hit port 22, wait for the expected response, then hit the remaining ports, and finally check the status of port 22 again. This ensures that the specified ports are unlocked after the typing process.

From the examples, you will have understood that:

  • The -d option specifies the delay in milliseconds between keystrokes, with the default being 100 milliseconds.
  • The -n option specifies the protocol to be used for keystrokes, with possible values being tcp and udp. The default value is tcp.
  • The -s option puts the tool in silent mode, meaning that only error outputs will be displayed.

Check it out and good luck with your port-knocking adventures!

Mohamed SAKHRI
Mohamed SAKHRI

I'm the creator and editor-in-chief of Tech To Geek. Through this little blog, I share with you my passion for technology. I specialize in various operating systems such as Windows, Linux, macOS, and Android, focusing on providing practical and valuable guides.

Articles: 1306

Newsletter Updates

Enter your email address below and subscribe to our newsletter

Leave a Reply

Your email address will not be published. Required fields are marked *