port knocking tools
JavaScript Python
Switch branches/tags
Nothing to show
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.


nodeKnock 0.2 by freddyb
     for nodeJS 0.2.5


Q: What is nodeKnock, what does it do?
A: nodeKnock is going to be (i.e. it IS NOT YET) a port knocking tool written
    with nodeJS - just for fun.
   Its protocol is designed under the assumption that the port is known to
   client and server beforehand, i.e. the port is not and should never be
   transmitted over the wire. Apart from the port, both partys already have to
   share a common secret.
   The current state (0.2) only implements the authentication between client and
   server and a simple iptables-based reaction.
   It is not completely decided whether nodeKnock should handle the
   transmission to the protected port by itself (like a proxy) or if the
   successful will still trigger only an iptables-command (or maybe something

Q: What is the secret?
A: The secret is to be defined a priori in nodeKnock.cfg. It's a string of
    arbitrary length. It is never transmitted in the clear. Still, you shouldn't
    set your config file world-readable.

Q: How long does an authorization last?
A: User-defined amount of seconds in config['duration'] (nodeKnock.cfg). If no
    duration is specified the default value of 3600 is used.

Q: Why do I have to set my own IP for the client?
A: Because the user usually knows best ;)

Protocol (abstract):
- One-Way Protocol
- Client sends header, timestamp, sha1(client_ip + secret + timestamp)
- Server decides whether timestamp is not too old and builds his own hash based
  on the timestamp provided and the client-ip extracted from the IP header.
  When both hashes match, the server adds client_ip to the list of authorized IPs.

Protocol (detailed):
- The protocol is underlying ICMP Echo Requests. Usually Echo Requests leave
  room for a few custom bytes of our own. We use them to send messages to
  the server.
  The first three bytes are (probably subject to change for future nodeKnock
  versions) 0x786875. After that, the client will send a 4 Byte timestamp
  (the highest byte first) followed by 9 bytes of the sha1 sum of:
   client-ip, secret, timestamp.
     all inputs are transformed into strings on beforehand.
     e.g. sha1(''+'foobar'+'1234567').