Using knockd and FlowTraq to Secure Your SSH Server
Every network has its own set of security measures, intended
to enforce policy, protect assets, and otherwise ensure the proper running of operations
without interference.
In addition to its other uses,...
More
Using knockd and FlowTraq to Secure Your SSH Server
Every network has its own set of security measures, intended
to enforce policy, protect assets, and otherwise ensure the proper running of operations
without interference.
In addition to its other uses, FlowTraq can be used to keep tabs on
some of these measures.
Some of these uses are obvious: checking your NetFlow history for
connection attempts by IPs in your blacklist, for example, or checking traffic volume on ports
that should be firewalled off.
But there are non-obvious uses as well.
For example, a FlowTraq user mentioned their use
of knockd to secure their SSH server, and wondered if it were possible to get a quick listing
of all the IP addresses that succeeded, and those that failed.
Knockd is a service that allows you to leave a port (such as TCP/22, for SSH) closed except
to people who know the “secret knock”: a pattern of ports to connect to first.
For example, a
simple knock would be to make a connection attempt to
Less