Difference between revisions of "Fwknop"
Jump to navigation
Jump to search
↑ https://serverfault.com/a/608976
Tags: Mobile web edit, Mobile edit |
|||
(10 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
− | "FireWall KNock OPerator" implements an authorization scheme called [[Single Packet Authorization]] (SPA) | + | "FireWall KNock OPerator" implements an authorization scheme called [[Single Packet Authorization]] (SPA) (encrypted, non-replayed, with an [[HMAC]] [[SHA]]-256) |
+ | |||
+ | * [[macOS]] installation: <code>brew install fwknop</code> | ||
+ | * Config files: <code>/etc/fwknop/access.conf</code> | ||
+ | |||
+ | |||
+ | == Quick Start == | ||
+ | * <code>fwknop --key-gen</code> Ref: https://www.cipherdyne.org/fwknop/docs/fwknop-tutorial.html#quick-start | ||
+ | * Send [[SPA]] packet: <code>fwknop -n DESTINATION_SERVER_OR_IP --verbose -R</code> | ||
== See also == | == See also == | ||
Line 7: | Line 15: | ||
* {{Firewall commands}} | * {{Firewall commands}} | ||
* {{nmap}} | * {{nmap}} | ||
− | + | ||
[[Category:Linux]] | [[Category:Linux]] | ||
− | [[Category:Security]] | + | [[Category:IT Security]] |
Latest revision as of 04:38, 3 April 2020
"FireWall KNock OPerator" implements an authorization scheme called Single Packet Authorization (SPA) (encrypted, non-replayed, with an HMAC SHA-256)
- macOS installation:
brew install fwknop
- Config files:
/etc/fwknop/access.conf
Quick Start[edit]
fwknop --key-gen
Ref: https://www.cipherdyne.org/fwknop/docs/fwknop-tutorial.html#quick-start- Send SPA packet:
fwknop -n DESTINATION_SERVER_OR_IP --verbose -R
See also[edit]
- Port knocking,
fail2ban
[1]fwknop
, DenyHosts - OpenSSH (changelog):
/etc/ssh/sshd_config
|/etc/ssh/ssh_config
|~/.ssh/
|openSSL | sshd logs
|sftp
|scp
|authorized_keys
|ssh-keygen
|ssh-keyscan
|ssh-add
|ssh-agent
|ssh
|Ssh -O stop
|ssh-copy-id
|CheckHostIP
|UseKeychain
, OpenSSF iptables
ufw
firewalld
nftables
firewall-cmd
ipfw (FreeBSD)
PF (OpenBSD)
, netsh advfirewall- Security tools: Vulnerability scanner, port scan, Host sweep,
nmap
,nping
,ncat, nc
,psad
, Gordon Lyon
Advertising: