ipt pkd
Details
| Last Update: | 2008-07-26 03:28:43 |
| Version: | ipt_pkd 1.1 |
| License/Program Type: | GPL (GNU General Public License) |
| Publisher: | Eric |
| Price: | $0.00 |
Description:
ipt_pkd is an iptables extension implementing port knock detection. ipt_pkd provides 3 parts: the kernel module ipt_pkd, the iptables user space module libipt_pkd.so, and a user space client knock program. For the knock packet, it uses a UDP packet sent to a random port that contains a SHA-256 of a timestamp, small header, random bytes, and a shared key. ipt_pkd checks the time window of the packet and does the SHA-256 to verify the packet. The shared key is never sent.
Some examples:
Protecting ssh (port 22).
iptables -A INPUT -p udp -m pkd --key test -m recent --set --name PKD
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --rcheck --name PKD --seconds 60 --hitcount 1 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -j DROP
These rules will drop any new ssh connection attempts unless a valid knock packet was seen for the incoming client ip in the last 60 seconds. You can use hitcount to control how many times you have to knock, though in the above rules you'd also need to change the --set to --update otherwise the hitcount wouldn't go over 1. You could also use it to control how long a session could be by adding a drop on all packets to --dport 22 and setting --seconds to be how long you wanted a session to last.
iptables -A INPUT -p udp -m pkd --key 0xAA0693aB -m recent --set --name PKD
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --rcheck --name PKD --seconds 60 --hitcount 1 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -m state --state ESTABLISHED,RELATED -m recent --name PKD --rcheck --seconds 600 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j DROP
libipt_pkd.c -- iptables user space portion, becomes libipt_pkd.so
pkd.c -- iptables kernel portion, becomes ipt_pkd.ko
knock.c -- client knock program becomes knock
knock.py -- client knock in python
ipt_pkd.h -- common header
knock (c version) gets the host from the command line and asks for a password knock.py (python version) reads its information out of an ini file (default ~/.ipt_pkd.ini) and example ini file is included in the distribution.
To build you need your kernel headers for the kernel module, iptables-dev for the iptables user space portion, and libssl-dev for knock as it uses the sha256 library from openssl. Then just make; make install. For the make install you need to run as root.
libipt_pkd.so get installed in /lib/iptables, so if your iptables modules are in a different directory you'll need to move it.
The kernel module uses the kernel installer so who knows where it puts it. Also sometimes you have to manually run depmod -a afterward, if you see an error like, iptables: No chain/target/match by that name, then most likely depmod -a will fix it. On my system its been putting the module in /lib/modules//extra.
knock doesn't get put anywhere so put it whereever. I'm guessing if packaged it'll end up in /usr/bin or /usr/local/bin.
You might need to set the IPT_VERS in the Makefile manually. It tries to get it by running /sbin/iptables -V, which can fail if its in a different location on your system. I also don't know which iptables its compatible with. I tested it with 1.3.6 and 1.3.8 and it seemed to be fine with those versions.
Machines tested on:
VMWare client 32 bit running Ubuntu Fiesty 2.6.20-16 kernel and iptables 1.3.6
x86 32bit running Debian unstable 2.6.22-686 kernel and iptables 1.3.8
x86_64 64bit running Sidux unstable 2.6.23 (vanilla) kernel and iptables 1.3.8
Sparc 64bit running Debian unstable 2.6.22-2-sparc64 kernel and iptables 1.3.8
What's New in This Release:
· This release removes the source port from hash, which fixes NAT traversal problems. Please update, as 1.0 will effectively be broken for a lot of people.
0 comments
Downloadtube.com agrees that pirated software hurts software
developers and does not support such practices. We acknowledge and
agree that software piracy is theft. Using ipt pkd crack,
ipt pkd key generator, ipt pkd keygen, as well as any
pirated ipt pkd serial number/serial numbers and ipt pkd
registration code/codes, warez, keys, torrents, passwords, is illegal
and does not support the future development of ipt pkd.
Downloadtube.com advises that ipt pkd should be only used in
accordance with the rules of intellectual property and the existing
Criminal Code. Downloadtube.com does not allow the inclusion of any
crack, serial or keygen and disclaims any liability for the
inappropriate use of ipt pkd.
Add to
ipt pkd Version History
Related Software
|
|
From category: Security |
| Apso 0.1.0 is security software developed by J. Pellegrini. Apso project is a framework for adding secrecy to version control systems. Usually, version control systems support transfer of encrypted... |
|
|
From category: Other-Tools |
| updated on Tue, 17 Jun 2008 09:38:35 CDT
- No Adware Pro helps to get rid of spywares, adware, keyloggers and trojans.... |
|
|
From category: Security |
| cosign 1.9.3 is security software developed by Regents of the University of Michigan. cosign is a Web single sign on system that allows users to authenticate once per session and access any protect... |
|
|
From category: Other-Tools |
| AVIRA Antivirus for Linux Server is an VB100 award-winning antivirus solution for Linux file servers with a real-time scanner and multifunctional performance features, designed to ensure complete prot... |
|
|
From category: Antivirus |
| Win Spy Software Pro is a Complete Stealth Monitoring Software that can both monitor your Local PC and Remote PC. Win Spy Software also includes Remote Install. Win Spy Software will capture anything... |
|
|
From category: Security |
| Cryptonit 0.9.7 is security software developed by IDEALX S.A.S. Cryptonit project is a client side cryptographic tool which allows you to encrypt/decrypt and sign/verify files with PKI (Public Key... |
|
|
From category: Security |
| UnHash is a program that tries to find a collision in a given hash.... |
|
|
From category: Other-Tools |
| Aexpl uses the dazuko kernel-module and md5 hashes (signatures are planed) to identify bad files when they are created or used by listenning to the kernel file systemcalls. So you can immediately inte... |
|
|
From category: Security |
| antidote is a daemon for detecting ARP spoofing (sometimes called "poisoning") on a network and alerting appropriately.... |
|
|
From category: Encryption |
| MyWallet is a powerful and easy to use manager of your confidential information... |
|
|
From category: Security |
| Digital Invisible Ink Toolkit 1.5 is security software developed by Kathryn H. The Digital Invisible Ink Toolkit is a Java steganography tool that can hide any sort of file inside a digital image (... |
|
|
From category: Security |
| Firewall Builder for PIX 2.1.8 is security software developed by NetCitadel, LLC. Firewall Builder is multi-platform firewall configuration and management tool. It consists of a GUI and set of poli... |
|
|
From category: Security |
| Corbicula Anti Virus 0.0.20060505-1 is security software developed by Pascal de Bruijn. Corbicula Anti Virus is a GNOME HIG compliant front end for ClamAV. Corbicula Anti Virus tries to be... |
|
|
From category: Security |
| Authentic 0.7.1 is security software developed by Frederic Peters. Authentic project is a Liberty-enabled identity provider aiming to address a broad range of needs, from simple to complex setups.\... |
|
|
From category: Security |
| Ciphire Mail Security Reports for Thunderbird 0.4.0 is security software developed by Ciphire Labs. Ciphire Mail Security Reports for Thunderbird is an extension for Mozilla Thunderbird (Version 1.... |
Leave a comment