0% found this document useful (0 votes)
45 views5 pages

Slides04-Port Knocking

Port knocking is a method that enables access to a router firewall by sending a sequence of connection attempts to specific ports with predefined parameters. When the firewall receives the correct sequence, it adds the client's IP address to a whitelist for a set timeout period, granting access. After the timeout expires, the client's IP is removed to restore security. It is recommended to organize port knocking within a user-chain on the firewall.

Uploaded by

Anton Fortov
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
45 views5 pages

Slides04-Port Knocking

Port knocking is a method that enables access to a router firewall by sending a sequence of connection attempts to specific ports with predefined parameters. When the firewall receives the correct sequence, it adds the client's IP address to a whitelist for a set timeout period, granting access. After the timeout expires, the client's IP is removed to restore security. It is recommended to organize port knocking within a user-chain on the firewall.

Uploaded by

Anton Fortov
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 5

Firewall port-knocking

Port knocking is a method that enables access to


the router only after receiving a sequenced
connection attempts (or packets) with a set of
prespecified parameters (port numbers, packet size)
After receiving prespecified sequence, firewall
dynamically adds clients IP to “whitelist” address list
for specified timeout.
It remove clients IP when timeout exceed to
restore security.
Recommended to organize it in a user-chain

182
Firewall port-knocking

Port knocking is a method that enables access to


the router only after receiving a sequenced
connection attempts (or packets) with a set of
prespecified parameters (port numbers, packet size)
After receiving prespecified sequence, firewall
dynamically adds clients IP to “whitelist” address list
for specified timeout.
It remove clients IP when timeout exceed to
restore security.
Recommended to organize it in a user-chain

183
Firewall ICMP-knocking algorithm

Got Packet
We will use two
temporary address-lists
and the sequence of Add SRC-IP
to “White”
Yes Size 70=bytes
AND
ICMP packets with address-list for 10m (In list “stage2”)

prespecified size to No
place Source IP to the Add SRC-IP Yes Size 60=bytes

“whitelist” address-list in to “stage2”


address-list for 10s
AND
(In list “stage1”)

the firewall user-chain


No

Add SRC-IP Yes


1. Packet size=90 bytes to “stage1” Size 90=bytes
address-list for 10s
2. Packet size=60 bytes
No
3. Packet size=70 bytes
Exit

184
ICMP-knocking LAB
LAB

• Login to router via MAC winbox, and add laptop IP


to “blacklist”
• Create user-chain “icmpknock” in firewall
• On the top of input chain create firewall rule that
sends incoming icmp traffic to “icmpknock” chain
• Implement rules to adding sender IP in stages
address-lists, step-by-step according received
icmp packet size and sequence (see prev algo)
• Use timeouts
Note: windows “ping” command adds 28 bytes header to icmp packet size
defined by “-l” option

185
ICMP-knocking LAB
LAB

186

You might also like