Port knocking for SSH on a Tor node
Hi, I am putting together a blog post with tips and tools for administrating a node and then I have discovered the technique of "port knocking". I decided to experiment with it and I have created a guide that puts it together with the default configuration for iptables by torservers/moba[1a][1b]. I have searched on this list and the topic of port knocking has been discussed very rarely (last discussions in late 2014). This is the guide I have writen: https://balist.es/blog/2016/05/03/configure-port-knocking-for-a-tor-node/ I would like to receive some feedback and I hope this can be useful for other operators. Cristian [1a]: https://www.torservers.net/wiki/setup/server [1b]: https://raw.githubusercontent.com/torservers/server-config-templates/master/...
I would no longer recommend port knocking using a static port sequence. Instead, I'd recommend knockknock by moxie, https://github.com/moxie0/knockknock/blob/master/README On 3 May 2016 14:58, "Cristian Consonni" <kikkocristian@gmail.com> wrote:
Hi,
I am putting together a blog post with tips and tools for administrating a node and then I have discovered the technique of "port knocking".
I decided to experiment with it and I have created a guide that puts it together with the default configuration for iptables by torservers/moba[1a][1b].
I have searched on this list and the topic of port knocking has been discussed very rarely (last discussions in late 2014).
This is the guide I have writen: https://balist.es/blog/2016/05/03/configure-port-knocking-for-a-tor-node/
I would like to receive some feedback and I hope this can be useful for other operators.
Cristian
[1a]: https://www.torservers.net/wiki/setup/server [1b]: https://raw.githubusercontent.com/torservers/server-config-templates/master/... _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
2016-05-03 16:25 GMT+02:00 Diarmaid McManus <diarmaidmcmanus@gmail.com>:
I would no longer recommend port knocking using a static port sequence. Instead, I'd recommend knockknock by moxie, https://github.com/moxie0/knockknock/blob/master/README
I have discovered knockknock project just little before finishing the post and I really liked the reasoning behind the project, I will try it. However I was almost done with writing the post and I though it could be useful nonetheless because you do not need any additional software to set it up. One thing concerns me is that it seems that knockknock is unmaintained at the moment (no commits since 3.5 years). Cristian
On Tue, 3 May 2016 15:58:22 +0200 Cristian Consonni <kikkocristian@gmail.com> wrote:
Hi,
I am putting together a blog post with tips and tools for administrating a node and then I have discovered the technique of "port knocking".
Have you looked into Single Packet Authorization? http://www.cipherdyne.org/fwknop/
Hi, 2016-05-03 17:30 GMT+02:00 goll <goll@kset.org>:
Have you looked into Single Packet Authorization?
I saw it mentioned in one of the 2014 threads, but I didn't dig into it. I will take a look. Thanks. C
participants (3)
-
Cristian Consonni -
Diarmaid McManus -
goll