ipt pkd
Details
| Last Update: | 2008-07-26 03:28:43 |
| Version: | ipt_pkd 1.1 |
| License/Program Type: | GPL (GNU General Public License) |
| Publisher: | Eric |
| Price: | $0.00 |
Description:
ipt_pkd is an iptables extension implementing port knock detection. ipt_pkd provides 3 parts: the kernel module ipt_pkd, the iptables user space module libipt_pkd.so, and a user space client knock program. For the knock packet, it uses a UDP packet sent to a random port that contains a SHA-256 of a timestamp, small header, random bytes, and a shared key. ipt_pkd checks the time window of the packet and does the SHA-256 to verify the packet. The shared key is never sent.
Some examples:
Protecting ssh (port 22).
iptables -A INPUT -p udp -m pkd --key test -m recent --set --name PKD
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --rcheck --name PKD --seconds 60 --hitcount 1 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -j DROP
These rules will drop any new ssh connection attempts unless a valid knock packet was seen for the incoming client ip in the last 60 seconds. You can use hitcount to control how many times you have to knock, though in the above rules you'd also need to change the --set to --update otherwise the hitcount wouldn't go over 1. You could also use it to control how long a session could be by adding a drop on all packets to --dport 22 and setting --seconds to be how long you wanted a session to last.
iptables -A INPUT -p udp -m pkd --key 0xAA0693aB -m recent --set --name PKD
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --rcheck --name PKD --seconds 60 --hitcount 1 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -m state --state ESTABLISHED,RELATED -m recent --name PKD --rcheck --seconds 600 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j DROP
libipt_pkd.c -- iptables user space portion, becomes libipt_pkd.so
pkd.c -- iptables kernel portion, becomes ipt_pkd.ko
knock.c -- client knock program becomes knock
knock.py -- client knock in python
ipt_pkd.h -- common header
knock (c version) gets the host from the command line and asks for a password knock.py (python version) reads its information out of an ini file (default ~/.ipt_pkd.ini) and example ini file is included in the distribution.
To build you need your kernel headers for the kernel module, iptables-dev for the iptables user space portion, and libssl-dev for knock as it uses the sha256 library from openssl. Then just make; make install. For the make install you need to run as root.
libipt_pkd.so get installed in /lib/iptables, so if your iptables modules are in a different directory you'll need to move it.
The kernel module uses the kernel installer so who knows where it puts it. Also sometimes you have to manually run depmod -a afterward, if you see an error like, iptables: No chain/target/match by that name, then most likely depmod -a will fix it. On my system its been putting the module in /lib/modules//extra.
knock doesn't get put anywhere so put it whereever. I'm guessing if packaged it'll end up in /usr/bin or /usr/local/bin.
You might need to set the IPT_VERS in the Makefile manually. It tries to get it by running /sbin/iptables -V, which can fail if its in a different location on your system. I also don't know which iptables its compatible with. I tested it with 1.3.6 and 1.3.8 and it seemed to be fine with those versions.
Machines tested on:
VMWare client 32 bit running Ubuntu Fiesty 2.6.20-16 kernel and iptables 1.3.6
x86 32bit running Debian unstable 2.6.22-686 kernel and iptables 1.3.8
x86_64 64bit running Sidux unstable 2.6.23 (vanilla) kernel and iptables 1.3.8
Sparc 64bit running Debian unstable 2.6.22-2-sparc64 kernel and iptables 1.3.8
What's New in This Release:
· This release removes the source port from hash, which fixes NAT traversal problems. Please update, as 1.0 will effectively be broken for a lot of people.
0 comments
Add to
ipt pkd Version History
Related Software
|
|
From category: Firewalls |
| updated on Wed, 21 May 2008 01:37:08 CDT - Server application for user internet access control and network security... |
|
|
From category: Security |
| F-Prot GUI 0.5 is security software developed by FRISK Software International. F-Prot GUI is a graphical user interface for great (and free for individual users) command line antivirus called F-Pro... |
|
|
From category: Security |
| JSch is a pure Java implementation of SSH2.... |
|
|
From category: Security |
| Crypt 0.1 is security software developed by Fredrik Lindroth. Crypt is a small C program that utilizes the crypt(3) function to include DES password checking/encryption in shell scripts. Usa... |
|
|
From category: Firewalls |
| Userful&039;s DiscoverStation is the perfect solution to provide "indestructible" computer and Internet access. DiscoverStation&039;s unique design enables customers to deploy a secure, hardened and... |
|
|
From category: Encryption |
| Key logging software runs in stealth mode and periodically at equal interval of time track all typed keystrokes. Software specially designed to capture window screenshot including online internet scre... |
|
|
From category: Security |
| Advchk 1.02 is security software developed by Stephan Schmieder. Advchk (Advisory Check) reads security advisories so you don&039;t have to. Advchk gathers security advisories using RSS fee... |
|
|
From category: Security |
| Password Manager Daemon is a daemon that serves data to application via a socket.... |
|
|
From category: Security |
| Apso 0.1.0 is security software developed by J. Pellegrini. Apso project is a framework for adding secrecy to version control systems. Usually, version control systems support transfer of encrypted... |
|
|
From category: Other-Tools |
| AVIRA Antivirus for Exim is a comprehensive antivirus solution for Linux mailservers, functioning at high speed and filtering against malicious contents by checking both incoming and outgoing emails.... |
|
|
From category: Security |
| crypt_blowfish 1.0.2 is security software developed by Solar Designer. crypt_blowfish is a modern password hashing for your software and your servers. This is an implementation of a modern p... |
|
|
From category: Security |
| BitDefender FE 1.1 is security software developed by Archipel Software. BitDefender FE is just a frontend for BitDefender Antivirus Console. What\'s New in This Release: This version was... |
|
|
From category: Other-Tools |
| AVIRA Antivirus for Postfix is a comprehensive antivirus solution for Linux mailservers, functioning at high speed and filtering against malicious contents by checking both incoming and outgoing email... |
|
|
From category: Security |
| FlexiCrypt 1.0 is security software developed by FlexiCrypt Team. FlexiCrypt is a universal cryptography toolkit for managing certificates and symmetric keys. FlexiCrypt can perform many kinds of e... |
|
|
From category: Security |
| cosign 1.9.3 is security software developed by Regents of the University of Michigan. cosign is a Web single sign on system that allows users to authenticate once per session and access any protect... |
Leave a comment