-   Linux - Newbie (
-   -   Port knocking utility: How to monitor sshd? (

jddancks 03-05-2013 08:46 PM

Port knocking utility: How to monitor sshd?
I am looking around for a simple port knocking utility that will open, allow exception on port 22 for whatever IP, and immediately close when the connection is closed.

I was messing with cd00r.c, which appears to work, but I would need to edit the file for my purposes, but to do that I need to learn how to use pcap, and I was wondering if there was an easier way, like when cd00r gets the right combo, it would run (apparently you put this in yourself, cd00r.c does nothing by default)

execv(sprintf("iptables -A INPUT -i %s -s %s -j ACCEPT",CDR_INTERFACE,in_addr));
and then run an opposite command when cd00r detects a FIN packet. I wonder if there is some simple script or file I can edit that sshd would execute or execute when the sshd closes a connection?

bmrtin 03-07-2013 09:49 AM

I dont know if this will help but I have found these 2 sites:

Looks like an interesting idea and I may have to try...

All times are GMT -5. The time now is 04:31 AM.