Read the documentation to determine whether this Perl implementation is right for you. It is a prototype - it implements a large number of features but is not specifically designed for production environments. There are many other implementations.
I am no longer maintaining the prototype. This script is considered dormant.
- listens to network interface or arbitrarily-formatted firewall log file
- variety of ciphers supported using Crypt::CBC
- implements persistent state permitting creation of rules based on past knocks
- flexible rules based on TCP and persistent state variables
- multiple/delayed actions
- non-contiguous, user-defined port spans (up to 2^15 ports)
- encodes knock into user-defined port spans (up to 2^15 ports, not necessarily contiguous)
- checksum support
- special knock fields provide support for run-time encoding of time and random variables
- write knock to network or local log file
The news items here pertain to my Perl implementation of port knocking. Many other implementations are available.
31-dec-2004 | tabulated all known (to me) implementations of port knocking; removed links to other's code from the download section.
14-nov-2004 | v0.30 Perl prototype release. Stephan Muller sent a patch to make the daemon work with pcaplib. You no longer need to log the knock ports to a firewall log file (although you can still use the file-based mode if you want). The daemon now requires Net::Pcap and NetPacket.
12-jul-2004 | v0.25 Perl prototype release. I've added the ability to trigger rules for the IP address reported by the firewall (LOGIP), in addition to the IP that may be stored in the knock. This is designed for cases when you cannot predict the IP under which the client appears to the server.
10-jul-2004 | v0.24.1 Perl prototype release. Ingo Roessler reported a bug that caused incorrect mapping of the ports in a knock to the knock data.
5-jul-2004 | v0.24 Perl prototype release. Thanks to Thom Harrison for pointing out a bad modulo bug and for suggesting that I expand the range of the port variable int the knock to 0-65,535. This motivated me to also expand the range of the target knock port to 32,768. The user can now specify a port span larger than 256 ports (still need 2^N) to keep knocks short.
16-apr-2004 | v0.23 Perl prototype bug fixes. Regular expressions for protocol and interface were fixed. Embarrassing checksum bug was also fixed. Thanks to Sean for report these. Added links to a couple of implementations. Noticed that there was another Slashdot thread about port knocking.
11-apr-2004 | v0.22 Perl prototype. Now non-contiguous port ranges are supported.
05-apr-2004 | I've received a BASH port knocking implementation. Had to create a BASH section - never thought that I'd actually see it done in BASH :) Posted a link to TocToc, a Linux backdoor, in the FAQ. Worked the site CSS over.
01-apr-2004 | I'm reminded of the fact that I have a Sourceforge placeholder for port knocking and that I have not done anything with it yet. Looking for assistant project administrators.
23-feb-2004 | Rewrote the original Perl prototype to include support for arbitrary knock and firewall formats. Thanks to Chris Rigby and Eduardo Imposti for contributing the changes required to support IPTABLES.
9-feb-2004 | Link to jportknock from the contributions section.
8-feb-2004 | Linked to a detailed article discussing spread spectrum TCP/IP.
6-feb-2004 | combo.c and a python port knocking implementation
30-may-2003 | Adam Ceccetti has added TK functionality to the Perl client prototype.