Successfully mastered port knocking technique, server security significantly boosted.

admin

Please translate the following text into English, and only return one translation result without any other characters or words. Do not use the terms 'Pstatus' and 'forum'. The translated result should not contain the word 'pseudo-original' or 'rewrite': The last edited by lilyhcn1 on July 20, 2024 14:49.

I wrote this article, so I can't control how it is displayed in the forum. I will just read it and see if there's anything interesting.


1. Firewall Preparation
Allow ports that are not safe, and block all other ports first.
Method 1: I installed the visualized firewall software gufw, but my virtual machines always have problems with them.

gufw installation method:

apt-get install gufw
Note:

If you are already connected to the server, do not disconnect it, otherwise the server will not disconnect even after connecting again.

Method 2: Use the following command directly:

ufw allow 22/tcp
ufw allow 10000:10010/tcp
Should be closed to enhance parts of the port, but it doesn't work for me.


2. Install knockd and Configure
On Debian-based systems, the following command can be used to install knockd:


apt-get install knockd
Edit the knockd configuration file:

nano /etc/knockd.conf
[options]
   log-file=/var/log/knockd.log

[open8080]
   sequence=30212
   seq_timeout=10
   command=/sbin/iptables -A INPUT -s %IP% -p tcp --dport 8080 -j ACCEPT; sleep 60; /sbin/iptables -D INPUT -s %IP% -p tcp --dport 8080 -j ACCEPT
   tcpflags=syn

[open63000]
   sequence=30212
   seq_timeout=10
   command=/sbin/iptables -A INPUT -s %IP% -p tcp --dport 63000:63999 -j ACCEPT; sleep 60; /sbin/iptables -D INPUT -s %IP% -p tcp --dport 63000:63999 -j ACCEPT
   tcpflags=syn


Modify the configuration file and restart the service:

systemctl daemon-reload && systemctl restart knockd
After hitting the port, check the logs to see if there are records:

nano /var/log/knockd.log
For example, my log:

root@VM-4-4-debian:~# cat /var/log/knockd.log
[2024-07-20 14:14] 49.89.xx.xx: open8080: Stage 1
[2024-07-20 14:14] 49.89.xx.xx: open8080: OPEN SESAME
[2024-07-20 14:14] 49.89.xx.xx: open63000: Stage 1
[2024-07-20 14:14] 49.89.xx.xx: open63000: OPEN SESAME
[2024-07-20 14:14] open8080: running command: /sbin/iptables -A INPUT -s 49

3. How to Use
Also included is a bat script written by myself, save as bat and it will be available.