Home

Port Knock Lite

Tue, 02/24/2009 - 01:24 — dannys
portknock_lite-1.0-20090224-noad.png

This page is quite old.
Please go to Sung Heroes instead.

About PortKnock Lite
This is a very simple port knocker for the iPhone/iPod Touch.


Download from iTunes

What is Port Knocking: For the layman
Imagine you left your kids at home alone. You don't want them to open the door for strangers. And when a stranger comes knocking, you don't even want them to come to the door, because you don't want them to know your kids are there. But, when you or other family members come, you might want them to open the door for you. So you teach them to listen for a certain rattat-tat-tat or special knock that only you and your family know.

This is the same concept you can apply to your servers. If you run a knock daemon on your server, this app then lets you send the special knock to it.

What is Port Knocking: A technical summary
Port Knocking is a technique to secure services behind a firewall until a specific knock sequence is given. Once that sequence is given, the IP address that initiated the knock may be allowed to access the service for a short period of time.

A knock sequence is typically only a few TCP or UDP packets. To use the screenshot as an example, the remote server 1.2.3.4 has an ssh server running protected with a knock server. Our knock sequence to unlock the ssh service is then 4 TCP packets. Each packet is destined in turn to the following ports: 1234, 5678, 9876, and finally 55321. When the remote knock server detects this sequence of packets in that exact order, it will then allow me to connect to the ssh server. For security purposes, the server will typically not send any feedback that this has occurred. This makes it much more difficult for someone to guess your knock sequence, let alone the services you may have available hidden behind it.

Note that the port knocker simply sends the sequence to the remote server. You will still need your own client software (be it ssh, vpn, web, or whatever) to access the service on the remote server once the knock is sent.

A much more detailed explanation can be found at Wikipedia.

How you can use this app
This app is ideal if you're on a WiFi network but don't have a port knocker on the available computers. If you're sitting behind a NAT, the iPhone/iPod Touch will have the same IP as any of the other computers on your network.

This is also great to use with TouchTerm or any other ssh or telnet software for the iPhone.

Just give it the hostname and a list of ports, and whether you want it to send TCP or UDP packets.

Other Port Knocking Software
If you're in need of a knock server, I personally use Judd Vinet's knock daemon for linux. It's quite easy to use and works well with this app. He also includes a simple desktop-based knock client. You can find it at: http://www.zeroflux.org/projects/knock

You can find of information and a nice list of other knock clients and servers over at http://www.portknocking.org/

Support
For support question regarding this software, please email: portknock-support@dannysung.com

Available on