search for: portknocker

This article describes how to implement "Port Knocking" in Shorewall. http://shorewall.net/PortKnocking.html -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key

I''ve been using the port knocking technique described in the Shorewall docs to control ssh access on one of our servers: http://www.shorewall.net/PortKnocking.html It works great, but occasionally one of the admins forgets to perform the close port operation. This leaves ssh open to the world until one of us notices. I''ve considered adding a cron job to close the port every

When searching in google I could verify that many examples of used rules in shorewall do not exist to block port scanners external. Example: nmap. Somebody has some rule or example ? thanks.

Hi all! I have trouble with connection to AMI 1.1 wich enabled on Elastix "*Asterisk Call Manager/1.1* *Action: Login Username: admin Secret: qweasd123* *Response: Error* *Message: Missing action in request*" Elastix versions: "* Kernel* * Linux(x86_64)-2.6.18-348.1.1.el5* * Elastix* * elastix-2.4.0-1* * elastix-portknock-0.0.1-0* * elastix-agenda-2.4.0-1* *

We have a problem in that calls are dropped after 15 minutes (on both internal and out going calls, incoming calls do not seem to have that limit) How do we fix it? This is the version on that PBX Kernel Linux(x86_64)-2.6.18-371.1.2.el5 Elastix elastix-2.4.0-8 elastix-a2billing-1.9.4-5 elastix-addons-2.4.0-10 elastix-agenda-2.4.0-14 elastix-asterisk-sounds-1.2.3-1

Dear OpenSSH developers, a publicly accessible sshd on port 22 generates a lot of log clutter from unauthenticated connections. For an exemplary host on a university network, sshd accumulates 5~20k log lines on a single day (more than 90% of the total amount of syslog lines). That is despite the host having a restricted configuration (no SSH password authentication, firewall rate limit for

Hi folks Im currently doin firewall project.. the scenario is like this.. my application server open port number 3079 the server ip is 202.188.0.132. and now the port can be accessed from everywhere. Now i want to block all the everywhere accessed. But my problem is, the application will be accessed by few locations that doing transaction with the application server. and the said locations are

Hi, the attached patch adds support for the keywords "OpenCommand" and "CloseCommand" to ssh_config. They are commands which are executed before the connection is established (or ProxyCommand started) and after the connection has been closed (or ProxyCommand ended). this is usefull for stuff like portknocking or (that's what I wrote the patch for) talking with trapdoor2

All, A friend gave me access to an svn(+ssh) repository the other day, and told me that I needed to do some port knocking to open up ssh. It occurred to me that it would be extremely convenient if I could add a "knock" configuration option for the host to my ~/.ssh/config file and never think about this again (rather than creating a shell script to accomplish this behavior,

I have two CentOS servers running SSH on two different non-standard ports. So far as I can tell, they have identical /etc/ssh/sshd_config files with the exception of the different port (both are 22xx). However, when running nmap on them, one betrays the port that SSH is running on, and the other does not. I have shut down iptables on both machines and the behaviour remains this way. What could be

I was wondering if anyone had implemented rules like this in shorewall: http://blog.andrew.net.au/tech I see tons of brute force attempts on the machines I administer, and I like the idea of limiting them without the need for extra daemons scanning for attacks. Thanks, Dale -- Dale E. Martin - dale@the-martins.org http://the-martins.org/~dmartin

Hi all, Another Debian Etch fan here, running shorewall (shell) 3.2.6-2 (and Yes I''m going to upgrade when Lenny goes stable). I already have the SSHKnock working, as documented on the website: http://www.shorewall.net/PortKnocking.html Thanks, works great! In addition to the knock to open 22, I want to also ADD a redirect, from 2222 to 22 on an internal box. So, when I knock on 1600

Good Day! I think we have a serious problem. One of our old server running FreeBSD 4.9 have been compromised and is now connected to an ircd server.. 195.204.1.132.6667 ESTABLISHED However, we still haven't brought the server down in an attempt to track the intruder down. Right now we are clueless as to what we need to do.. Most of our servers are running legacy operating systems(old

Hi all, I was trying to test ROUTE specific code with a multi-isp serviced box. There is a bug somewhere, but I''m not able to understand what the real problem is: when I issue a "shorewall show capabilities" I get: Loading /usr/share/shorewall/functions... Processing /etc/shorewall/params ... Processing /etc/shorewall/shorewall.conf... Loading Modules... Shorewall has