[Melbourne-pm] Knockd for Web

scottp at dd.com.au scottp at dd.com.au
Mon Jun 1 20:03:38 PDT 2009 

Hey Guys 

This is more of a security question than perl, but I wasn't sure where else to get the answer :-) 

We use knockd to protect our SSH connections. It works great, anywhere I can ssh from, I can usually get fairly open outgoing ports, so I can just type 4 telnet commands to send TCP packets to 4 ports, opening my SSH port from my source IP. For those not in the know - check out here: http://www.zeroflux.org/projects/knock. Once successfully received, it adds a IP Tables rule opening the connection. One thing that makes it work so well is that it is listening silently on those ports, so port scanners etc can't even know which ports to access. 

I am looking at doing the same process for Web reqeusts. Now the first question you may ask is "what's the difference"? And the answer is Firewalls and Proxies. In many office, work and even share network situations you are restricted to using only well know ports (possibly even only 80) and via a proxy. 

So it occurs to me that we can easily write a web server / CGI that can achieve almost the same as knockd via URLs. 

E.g. 
http://special.host/1137 
http://special.host/1199 
http://special.hsot/4922 

or really any url you like. Any url you get on that server can return a '500' server error - so successul or not requests won't look any different. The same rules would apply - must be in that order within a given time, and the same commands can be run - e.g. iptables opening a connection. The service itself can be run on a separate port (e.g. well known and supported ports like 8080) or a separate IP (probably on the same box, or even near by with trusted SSH access - it doesn't matter, because it just executs the command you ask, and that could be an "ssh realhost iptables ..." or local, or even could modify a .htaccess file to allow an IP - anything". 

Not a hard script to write and secure, but my first thought was - maybe it already exists. My second thought was - maybe I am barking up the wrong tree and there is another way. 

Thoughts? 

Ta 

Scott 
-- 
http://scott.dd.com.au/ 
scottp at dd.com.au 


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.pm.org/pipermail/melbourne-pm/attachments/20090601/6db150fb/attachment.html>

More information about the Melbourne-pm mailing list