LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (http://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   Port knocking utility: How to monitor sshd? (http://www.linuxquestions.org/questions/linux-newbie-8/port-knocking-utility-how-to-monitor-sshd-4175452877/)

jddancks 03-05-2013 08:46 PM

Port knocking utility: How to monitor sshd?
 
I am looking around for a simple port knocking utility that will open, allow exception on port 22 for whatever IP, and immediately close when the connection is closed.

I was messing with cd00r.c, which appears to work, but I would need to edit the file for my purposes, but to do that I need to learn how to use pcap, and I was wondering if there was an easier way, like when cd00r gets the right combo, it would run (apparently you put this in yourself, cd00r.c does nothing by default)
Code:

execv(sprintf("iptables -A INPUT -i %s -s %s -j ACCEPT",CDR_INTERFACE,in_addr));
and then run an opposite command when cd00r detects a FIN packet. I wonder if there is some simple script or file I can edit that sshd would execute or execute when the sshd closes a connection?

bmrtin 03-07-2013 09:49 AM

I dont know if this will help but I have found these 2 sites:
https://help.ubuntu.com/community/PortKnocking
http://www.marksanborn.net/linux/add...xtra-security/

Looks like an interesting idea and I may have to try...


All times are GMT -5. The time now is 07:05 PM.