Hack$Notes
Search…
Port Knocking

View the port knocking config

cat /etc/knockd.conf
Output will look something like this
[options]
logfile = /var/log/knockd.log
interface = ens31[openSSH]
sequence = 581,280,909
seq_timeout = 5
start_command = /sbin/iptables -I INPUT -s %IP% -p tcp --dport 22 -j ACCEPT
tcpflags = syn[closeSSH]
sequence = 909,280,581
seq_timeout = 5
start_command = /sbin/iptables -D INPUT -s %IP% -p tcp --dport 22 -j ACCEPT
tcpflags = syn

Port scanning in sequence.

for x in "581 280 909"; do nmap -Pn --max-retries 0 -p $x 10.10.10.10 && sleep 1; done

Re-scan the target

nmap 10.10.10.10
PORT STATE SERVICE
22/tcp open ssh <-- On the initial scan SSH was not open. Now it is.
80/tcp open http
443/tcp open https
Copy link
Outline