search for: knock

Displaying 20 results from an estimated 761 matches for "knock".

2009 Dec 14
2
Manual Chains Knock.pm DNAT-
I am attempting to use the Knock.pm from http://www.shorewall.net/ManualChains.html I am not having much luck making the DNAT- knock work for some reason. Anyone else using this on 4.4.4 that can verify if this still works as documented? Thanks ------------------------------------------------------------------------------ Retu...
2005 Sep 06
0
Knock SSHD call in and SSH call out scripts
Okay, I finally took the time to re-write the scripts that I had talked about a few threads earlier. I have 2 versions of them, and they currently work for Redhat Enterprise 4 and SuSE Enterprise 9. (using iptables, and xinetd.d) The 2 varieties are: #1 knock, to be allowed to connect from the IP address written by the knock sequence. This adds an iptable entry to allow the specified IP address to connect to specified knock ssh port (I used 32022 for my example), opens a listener for 30 seconds, then kills the listener and drops the iptable entry....
2017 Apr 24
3
Log Level and Failed Authentication Attempts
...> >> For those of you who have had to sift through Samba logs for clues on how to determine what caused an account to lock after repeated failed logon attempts, what "log level" settings have you found to be most helpful? >> >> Thanks, >> Matthew > > ©2017 KNOCK, inc. All rights reserved. KNOCK is a registered trademark of KNOCK, inc. This message and any attachments contain information, which is confidential and/or privileged. If you are not the intended recipient, please refrain from any disclosure, copying, distribution or use of this information. Pleas...
2005 Jun 26
1
Knocked port timeout...
I''ve been using the port knocking technique described in the Shorewall docs to control ssh access on one of our servers: http://www.shorewall.net/PortKnocking.html It works great, but occasionally one of the admins forgets to perform the close port operation. This leaves ssh open to the world until one of us notices. I'...
2006 Jul 15
1
patch to add built-in support for port knocking
All, A friend gave me access to an svn(+ssh) repository the other day, and told me that I needed to do some port knocking to open up ssh. It occurred to me that it would be extremely convenient if I could add a "knock" configuration option for the host to my ~/.ssh/config file and never think about this again (rather than creating a shell script to accomplish this behavior, and remembering to use...
2013 Sep 24
1
Port Knocking?
I haven't been keeping up with the internals, I'm afraid. Does OpenSSH have support for Port Knocking? I might be interested in looking into that, as a way of reacquainting myself with the current code base. --- Scott Neugroschl | XYPRO Technology Corporation 4100 Guardian Street | Suite 100 |Simi Valley, CA 93063 | Phone 805 583-2874|Fax 805 583-0124 |
2004 Sep 27
7
X100P knock-off price jump
Anyone know why the knock-off X100p prices have jumped? -Nate
2014 Dec 21
2
[PATCH] LocalPreCommand: Support for executing command before ssh connection (like port knock before ssh)
Hi guys, I've made a patch adding LocalPreCommand to ssh_config. It mimics behaviour of LocalCommand, but is executed right before the connection is opened. This makes possible e.g. to integrate ssh with port knocking. It also removes "-oPermitLocalCommand=no" from scp allowing the same functionality to be used for file transfers. Applies cleanly on vanilla OpenSSH 6.7p1. http://software.klolik.org/patches/openssh+localprecommand.diff Best regards, Bartlomiej Korupczynski
2017 Apr 20
2
Log Level and Failed Authentication Attempts
Hello Samba Friends, For those of you who have had to sift through Samba logs for clues on how to determine what caused an account to lock after repeated failed logon attempts, what "log level" settings have you found to be most helpful? Thanks, Matthew ©2017 KNOCK, inc. All rights reserved. KNOCK is a registered trademark of KNOCK, inc. This message and any attachments contain information, which is confidential and/or privileged. If you are not the intended recipient, please refrain from any disclosure, copying, distribution or use of this information. Pleas...
2020 Nov 07
3
Error Upgrading Schema
....ldb -b 'cn=Schema,cn=Configuration,dc=samdom,dc=example,dc=com' -s base objectVersion Altered for your setup. Rowland -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba ? 2020 KNOCK, inc. All rights reserved. KNOCK, inc, is a registered trademark of KNOCK, inc. This message and any attachments contain information, which is confidential and/or privileged. If you are not the intended recipient, please refrain from any disclosure, copying, distribution or use of this information....
2016 Apr 18
2
GSSAPI authentication setup
...: > > > > Did you check your setup against > http://wiki2.dovecot.org/Authentication/Kerberos I did. ?Of course, it's possible I've still managed to overlook something.? > Also can you provide klist -k on server? I assume you mean the kerberos server: [ root at knock ~]# klist -k Keytab name: FILE:/etc/krb5.keytab KVNO Principal ---- -------------------------------------------------------------------------- ???2 host/knock.endoframe.net at ENDOFRAME.NET ???2 host/knock.endoframe.net at ENDOFRAME.NET ???2 host/knock.endoframe.net at ENDOF...
2020 Nov 10
2
Error Upgrading Schema
...tVersion > > Altered for your setup. > > Rowland > > > > -- > To unsubscribe from this list go to the following URL and > read the > instructions: https://lists.samba.org/mailman/options/samba > > > ? 2020 KNOCK, inc. All rights reserved. KNOCK, inc, is a > registered trademark of KNOCK, inc. This message and any attachments > contain information, which is confidential and/or privileged. If you > are not the intended recipient, please refrain from any disclosure, > copying, distribution or use...
2013 Oct 10
0
Port knocking and DNAT rules
So I found an excellent port knocking tutorial using ONLY iptables rules that looks to be among the best I've ever seen. (warning: techno music, tough to read screen, you don't need to type it in because I post a link to script below) http://www.youtube.com/watch?v=0zFQocf7C_0 It works fabulously for simply opening a po...
2003 Sep 15
3
X100P & T100P knock-off boards
Do they fall under FCC certification if they're built to the same specifications as the ones from Digium? If I build my own T100Ps from the schematics and board layouts that are available, are they legal to plug into the PSTN?
2020 Nov 10
0
Error Upgrading Schema
...ur setup. > > Rowland > > > > -- > To unsubscribe from this list go to the following URL and > read the > instructions: https://lists.samba.org/mailman/options/samba > > > ? 2020 KNOCK, inc. All rights reserved. KNOCK, inc, is a > registered trademark of KNOCK, inc. This message and any attachments > contain information, which is confidential and/or privileged. If you > are not the intended recipient, please refrain from any disclosure, > copying, dist...
2005 May 12
12
New Article at Shorewall.net
This article describes how to implement "Port Knocking" in Shorewall. http://shorewall.net/PortKnocking.html -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
2023 Mar 19
1
Minimize sshd log clutter/spam from unauthenticated connections
To radically cut down on SSH log spam you can also hide it completely behind a firewall, and allow access only by some port knocking sequence. I quite like having a process listen on port 53 and wait for a dns query containing a totp string to grant (temporary) access; that's a 2fa, and doing a "host 123456. my-ip" is easily automated in a shell script as well...
2007 Feb 19
0
Quick demo guide for SPA ( re: the port knocking thread )
...m -i fwknop-1.0.1-1.i386.rpm Proof : Try to connect to server on port 22 #nc -v 10.1.1.155 nc will apear to hang waiting for a response. -> no response. (unless you skipped the step above for changing the firewall rules, in which case i think you get a 'no route to host' message) Now knock to open the port, using the usercode and password as above; (password will be prompted for ) #fwknop -A tcp/22 -k 10.1.1.155 --Spoof-user mbr -a 10.1.1.8 -A is the port to send the SPA packet to -k is the server to send to --Spoof-user is because we are not mbr (i am root) we wouldnt need this if...
2005 Dec 09
4
rsync to a port other than 22
I am trying to use rsinc to tranfer my ftp directory from one server to another. I have port 22 closed off due to port knocking and I am trying to direct rsync to use another port. Unfortunately I can't seem to get it to use the specified port. Here is my command, if someone could point out my error I would appreciate it: rsync -avr --port=XXX xxx.xxx.xxx.xxx:/var/ftp /var/ftp The error this generates is: ssh...
2017 Apr 24
0
Log Level and Failed Authentication Attempts
...e of you who have had to sift through Samba logs for clues on how to determine what caused an account to lock after repeated failed logon attempts, what "log level" settings have you found to be most helpful? >>> >>> Thanks, >>> Matthew >> >> ©2017 KNOCK, inc. All rights reserved. KNOCK is a registered trademark of KNOCK, inc. This message and any attachments contain information, which is confidential and/or privileged. If you are not the intended recipient, please refrain from any disclosure, copying, distribution or use of this information. Pleas...