![]() Knockd reads all knock/event sets from a configuration file. Knockd it’s available in the repository of the major distributions, i’m using it on Ubuntu/Debian where the package it’s available. This can be used to open up holes in a firewall for quick access. When the server detects a specific sequence of port-hits, it runs a command defined in its configuration file. ![]() This port need not be open - since knockd listens at the link-layer level, it sees all traffic even if it’s destined for a closed port. A client makes these port-hits by sending a TCP (or UDP) packet to a port on the server. It listens to all traffic on an ethernet (or PPP) interface, looking for special “knock” sequences of port-hits. In these cases you can close the ports and use knockd to knock on the ports of your Linux box and let you in. Today, i’ll show you how to use knockd to improve the security of your linux server, the more common use that i’ve saw so far is: “i’d like to connect on port 22 (ssh) but i don’t want to leave to port open for everyone.and i’ve a dynamic IP”.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |