SourceFiles.org - Use the Source, Luke
Home | Register | News | Forums | Guide | MyLinks | Bookmark

Related Sites

Latest News
  General News
  Reviews
  Press Releases
  Software
  Hardware
  Security
  Tutorials
  Off Topic


Back to files

DrKnock

Compile

To create the executables
in Drknock diretory : 

        chmod +x ./build.sh
        ./build.sh

This will create the executable files : 

        drknockc in directory drknockc
        drknockd in directory drknockd
        drknockd_useradd in directory drknockd_useradd

Server

Installation

  1. Copy drknockd and drknockd_useradd into a directory.
  2. Create user account file (user.txt) in the same directory by copying over the sample file (user.sample).
  3. Run drknockd_useradd to generate user accounts and paste them into (user.txt). WARNING : there is a test user (password : test) defined in this file

    don't forget to remove it.

  4. Copy drknockd.conf to the same directory. This is the configuration file for drknockd. Use the configuration file to config the "forward to" IP and port number.
  5. Set proper directory and file permissions to prevent uses from accessing the above mentioned files. Note that the user accounts in user.txt use non-salted passwords. So care should be taken to prevent other users from viewing this file.
  6. Add non-privileged user "drknock" to /etc/passwd. drknockd runs with privilege separation, so majoritity of the code runs as "sig2kd" user. The home directory of the "drknock" user will be used for chroot, so you should set this to an empty directory.
  7. Execute drknockd as root. Using the root account is required since drknockd needs to open libpcap in promiscuous mode. Subsequently, root privilege will be dropped when running the packet processing code.

Command Line

Running drknockd from the terminal without any commandline arguments will display a list of libpcap interfaces. Use the interface number with the following commandline arguments to start drknockd.

drknockd can run either as a terminal program or as a daemon.

Usage: ./drknockd -i <interface> 

       ./drknockd -i <interface> -D    (to run as daemon)
       ./drknockd -i <interface> -D -S (to run as daemon and use syslog)
Example: ./drknockd -i eth0     (to run on terminal and sniff on interface eth0)

If syslog is not used, program logs to /var/log/drknockd.log when running as daemon.

iptables setup

drknockd will only allow the client that has completed the knock sequence to connect to the dynamically allocated port based on its IP. In addition, drknockd also uses iptables to block unauthorized connections to the allocated ports. In order for this to work correctly, the "iptables" executable must be in the path, so that drknockd can execute it to add/remove rules.

The following iptables configuration has been tested to work with SSH forwarding, with SSH running on 127.0.0.1:22

# Default policy DROP all
-P INPUT DROP
-P OUTPUT DROP
-P FORWARD DROP

# Allow localhost connections
-A INPUT -i lo -j ACCEPT
-A OUTPUT -o lo -j ACCEPT

# Allow outgoing UDP packets. This is required to enabled drknockd to # send reply back to the client.
-A OUTPUT -p udp -j ACCEPT

Client

Usage

drknokc [options] <DrKnockd Server IP Address> <port>

Options

-u username / --user username set user to username

-p pw / --password pw set password to pw

-s service / --service service set requested service to service 

-r portRange / --ports portRange        set requested port range
                                        (if allowed) to portRange


Other Sites

Discussion Groups
  Beginners
  Distributions
  Networking / Security
  Software
  PDAs

About | FAQ | Privacy | Awards | Contact
Comments to the webmaster are welcome.
Copyright 2006 Sourcefiles.org All rights reserved.