stealth

Port-knocking

Table of Contents Introduction Enabling knockd Port-knocking Open the port Close the port Using Hping3 / Nmap Open the port Close the port Alternatives Introduction Port-knocking is a stealth method to open ports that the firewall keeps closed by default. A port-knock server listens to all traffic on an ethernet (or PPP) interface, looking for a special “knock” sequences of port-hits.

Hping3: Use Cases

Table of Contents hping3 and the firewall ICMP mode TCP mode UDP mode SCAN mode hping3 and the firewall Mode default mode TCP -0 --rawip RAW IP mode -1 --icmp ICMP mode -2 --udp UDP mode -8 --scan SCAN mode. Example: hping --scan 1-30,70-90 -S www.target.host -9 --listen listen mode ICMP mode The typical ping utility and the hping3 equivalent, sending ICMP-echo and receiving ICMP-reply: