设为首页收藏本站
开启辅助访问

knock:端口敲门服务

 您所在的位置:网站首页 knock down的用法 knock:端口敲门服务

knock:端口敲门服务

2023-11-28 01:22| 来源: 网络整理| 查看: 265

knock:端口敲门服务

端口敲门服务,即:knockd服务。该服务通过动态的添加iptables规则来隐藏系统开启的服务,使用自定义的一系列序列号来“敲门”,使系统开启需要访问的服务端口,才能对外访问。不使用时,再使用自定义的序列号来“关门”,将端口关闭,不对外监听。进一步提升了服务和系统的安全性。

1 安装knockd apt install knockd 2 配置knockd服务 $ vim /etc/knockd.conf [options] # UseSyslog LogFile = var/knock/knock.log [openSSH] # 定义敲门暗号顺序 sequence = 7000,8000,9000 # 设置超时时间,时间太小可能会出错 seq_timeout = 30 # 设置敲门成功后所执行的命令      # 在ubuntu系统iptables规则默认是禁止所有的规则,如果直接添加规则默认是在drop all规则之后,因此需要先删除drop all的规则再添加所要设置的规则,最后重新添加drop all的规则。      # command = /sbin/iptables -D INPUT -p tcp --dport 22 -j DROP && /sbin/iptables -A INPUT -s [允许远程的IP] -p tcp --dport 22 -j ACCEPT && /sbin/iptables -A INPUT -p tcp --dport 22 -j DROP command = /sbin/iptables -A INPUT -s %IP% -p tcp --dport 22 -j ACCEPT tcpflags = syn [closeSSH] sequence = 9000,8000,7000 seq_timeout = 30 command = /sbin/iptables -D INPUT -s %IP% -p tcp --dport 22 -j ACCEPT tcpflags = syn [openHTTPS] sequence = 12345,54321,24680,13579 seq_timeout = 5 command = /usr/local/sbin/knock_add -i -c INPUT -p tcp -d 443 -f %IP% tcpflags = syn 3 启动knockd systemctl start knockd 4 实例

配置knock如下:

$ cat /etc/knockd.conf [options] UseSyslog [openSSH] sequence = 1356, 6784, 3409 seq_timeout = 5 command = /sbin/iptables -I INPUT 1 -s %IP% -p tcp --dport 22 -j ACCEPT tcpflags = syn [closeSSH] sequence = 3409, 6784, 1356 seq_timeout = 5 command = /sbin/iptables -D INPUT -s %IP% -p tcp --dport 22 -j ACCEPT tcpflags = syn

查看测试系统的SSH端口开启状态

┌──(kali㉿kali)-[~] └─$ nmap -A -p 22 192.168.50.71 -oA djinn Starting Nmap 7.92 ( https://nmap.org ) at 2022-03-28 11:03 CST Nmap scan report for 192.168.50.71 Host is up (0.00071s latency). PORT STATE SERVICE VERSION 22/tcp closed ssh

使用1356 6784 3409暗号敲门

┌──(kali㉿kali)-[~] └─$ knock 192.168.50.71 1356 6784 3409 ┌──(kali㉿kali)-[~] └─$ nmap -A -p 22 192.168.50.71 -oA djinn Starting Nmap 7.92 ( https://nmap.org ) at 2022-03-28 11:03 CST Nmap scan report for 192.168.50.71 Host is up (0.00051s latency). PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 7.6p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux; protocol 2.0) | ssh-hostkey: | 2048 b8:cb:14:15:05:a0:24:43:d5:8e:6d:bd:97:c0:63:e9 (RSA) | 256 d5:70:dd:81:62:e4:fe:94:1b:65:bf:77:3a:e1:81:26 (ECDSA) |_ 256 6a:2a:ba:9c:ba:b2:2e:19:9f:5c:1c:87:74:0a:25:f0 (ED25519) Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

使用3409 6784 1356 暗号关门

┌──(kali㉿kali)-[~] └─$ knock 192.168.50.71 3409 6784 1356 ┌──(kali㉿kali)-[~] └─$ nmap -A -p 22 192.168.50.71 -oA djinn Starting Nmap 7.92 ( https://nmap.org ) at 2022-03-28 11:03 CST Nmap scan report for 192.168.50.71 Host is up (0.00028s latency). PORT STATE SERVICE VERSION 22/tcp closed ssh


【本文地址】


今日新闻

推荐新闻

    CopyRight 2018-2019 办公设备维修网 版权所有 豫ICP备15022753号-3