C Shell
Switch branches/tags
Nothing to show
Clone or download
jvinet Merge pull request #39 from airwoflgh/master
FIxes for Issue 33, 34, 35 and 38
Latest commit 258a27e Dec 27, 2015
Failed to load latest commit information.
doc fix non-escaped minus in man pages Sep 21, 2014
src Issue #38 fix Dec 18, 2015
.gitignore Updates to gitignore and Makefile (Michael Göhler) Nov 27, 2015
COPYING Updated FSF address Nov 27, 2015
ChangeLog Issue #33 makefile fix Dec 17, 2015
README.md smaller headers Dec 9, 2013
TODO first commit Jul 5, 2011
configure.ac Issue #33 makefile fix Dec 17, 2015
knockd.conf Port correction Nov 28, 2015


knock: A port-knocking implementation

Copyright (c) 2004, Judd Vinet jvinet@zeroflux.org


This is a port-knocking server/client. Port-knocking is a method where a server can sniff one of its interfaces for a special "knock" sequence of port-hits. When detected, it will run a specified event bound to that port knock sequence. These port-hits need not be on open ports, since we use libpcap to sniff the raw interface traffic.


To build knockd, make sure you have libpcap and the autoconf tools installed. Then run the following:

$ autoreconf -fi
$ ./configure --prefix=/usr/local
$ make
$ sudo make install


The example below could be used to run a strict (DENY policy) firewall that can only be accessed after a successful knock sequence.

  1. Client sends four TCP SYN packets to Server, at the following ports: 38281, 29374, 4921, 54918
  2. Server detects this and runs an iptables command to open port 22 to Client.
  3. Client connects to Server via SSH and does whatever it needs to do.
  4. Client sends four more TCP SYN packets to Server: 37281, 8529, 40127, 10100
  5. Server detects this and runs another iptables command to close port 22 to Client.


The accompanying knock client is very basic. If you want to do more advanced knocks (eg, setting specific tcp flags) then you should take look at hping, sendip or packit.


Here are some other implementations of port-knocking: