Has anyone seen (or written) any port knocking implementations in Ruby?
I couldn’t see any in the RAA or RubyForge (unless it’s under a name I
missed). Is there any interest for this sort of thing? I wrote a
mini-script to do it with ICMP but I’m not a programmer and it most
likely bites.
Port knocking is normally TCP and UDP although there are a number of
implementations with ICMP. It wouldn’t be much harder to do with UDP
but that means that a client would be required as I don’t know of
any(standard) unix programs that can send custom TCP or UDP packets.
I’m looking at fixing a few of the things in the script like the
timeout so I might throw in an option for TCP/UDP and a
small client.
Port knocking is normally TCP and UDP although there are a number of
implementations with ICMP. It wouldn’t be much harder to do with UDP
but that means that a client would be required as I don’t know of
any(standard) unix programs that can send custom TCP or UDP packets.
I’m looking at fixing a few of the things in the script like the
timeout so I might throw in an option for TCP/UDP and a
small client.
Port knocking is normally TCP and UDP although there are a number of
implementations with ICMP. It wouldn’t be much harder to do with UDP
but that means that a client would be required as I don’t know of
any(standard) unix programs that can send custom TCP or UDP packets.
I’m looking at fixing a few of the things in the script like the
timeout so I might throw in an option for TCP/UDP and a
small client.
If you are wanting to test, hping ( http://www.hping.org/ ) can send
arbitrary packets (of pretty much any type).
Has anyone seen (or written) any port knocking implementations in Ruby?
I couldn’t see any in the RAA or RubyForge (unless it’s under a name I
missed). Is there any interest for this sort of thing?
Probably. I’ve been using Ruby more and more frequently in place of
Perl for system administration tasks, and every little google hit helps.
You might also be interested in the recent Ars Technica article about
monitoring packets with libpcap and Ruby:
Thanks for the tip. I’ve been wanting to implement a proper timeout.
The current one is packet dependant. It works, but it’s not nice.
I tried telnet and netcat to portknock but if there’s no port open,
nothing comes up in the dump. I don’t know why that is but I’m guessing
that libpcap only shows the packets if the TCP session is established.
Maybe there is an option to change that behaviour but I couldn’t find
it. You can try it just with tcpdump -n. When you try to connect to
the local ip address using port 7000, it doesn’t show up in the dump.
Same deal with ruby-libpcap(same library).
require ‘pcap’
dev = Pcap.lookupdev
cap = Pcap::Capture.open_live(dev)
cap.loop do |pkt|
puts pkt
end
I am using MacOS 10.4 so it may be some Mac weirdness at the kernel
level or how libpcap talks to the kernel but I’ve had no success so
far. That’s why I was interested to see if anyone else had done it.
Sven
This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.