Collaborate Disseminate
The title probably says it all. I just wanna know what are the best technics to avoid having a port scanner detecting open ports on my server. I’m using a Linux distro as my OS (Ubuntu Server).
Continue reading What are the best pratices to avoid my server being port scanned
The title probably says it all. I just want to know the best techniques to avoid having a port scanner detecting open ports on my server. I’m using a Linux distro as my OS (Ubuntu Server).
Please, don’t consider the use of external devices… Continue reading What are the best pratices to avoid my server being port scanned
I setup port knocking rules on CentOS 7, iptables as follow:
-I INPUT -p tcp –dport 1 -m recent –set –rsource –name KNOCK1 -m limit –limit 5/min -j LOG –log-prefix “knock 1” –log-level 7
-I INPUT -p tcp –dport 2 -m r… Continue reading Iptables DROPS SSH after port knock rules, but nmap shows it as OPEN
In order to increase security, for example on ssh remote connections, I:
open a non stardard port.
use mandatory digital certificates for authentication.
allow connection from a ip range only.
But I wonder if this is enou… Continue reading there is any port opening script or solution to increase security? I mean port is opened just when some port sequence detected on log
So i’m busy setting up a knockd service on a VM to enable SSH login when the correct sequence of ports are “knocked on” using knockd and ufw.
The issue that I am currently having is that when the correct sequence of ports ar… Continue reading Setting up Knockd issues
Port knocking is an additional layer of security that can be added to an already existing security concept for a server. The web server runs the SSH service behind a port, e.g. the default port 22, but this port is only opened after a certain sequence of ports is tried (knocked) before, for example 1022, 2022, 3022.
The situation is now the following: the server is running behind a consumer product router which forwards port 22. To enable port knocking, the router also has to forward ports 1022, 2022, 3022. The other ports in the router and server are closed.
Can a random attacker detect that certain ports are open in the router and thus guess at least the ports used for the knocking sequence such that it is basically useless?
I think of something like this “Oh, ports 22, 1022, 2022, 3022 look different, probably I can try a random sequence of these ports?”
Is it in fact true that from outside it can be detected whether the router is forwarding and the port is blocked on the server or the router blocks ports?
Are there any other reasons that would render port knocking less useful in such a scenario?
Regarding the answer from schroeder♦: are there consumer product router that support this if it has to run on the router?
Continue reading Does port knocking increase security behind a router?
im currently building a simple vulnerable machine. I had implemented a port knocking to hide an application services which vulnerable to remote code execution via knockd + iptables. I successfully able to open the hidden/filt… Continue reading iptables rules to enable reverse shell
I was wondering, how can I bypass the port knocking method.
Is there any public vulnerability or method for attacking port knocking services?
For example: I know an SSH port is behind a port knocking service,
and I want t… Continue reading Is there any practical attack on port knocking method?
Normally for a server I like to lock down SSH and other non-public service to only be accessible by certain IP addresses. However this is not always practical if the business doesn’t have static IP addresses or if outside developers need a… Continue reading Port Knocking is it a good idea?