Has anyone seen (or written) any port knocking implementations in Ruby?
I couldn’t see any in the RAA or RubyForge (unless it’s under a name I
missed). Is there any interest for this sort of thing? I wrote a
mini-script to do it with ICMP but I’m not a programmer and it most
likely bites.
http://www.spannermonkey.info/rknock.html
It requires libpcap and ruby-libpcap. Suggestions are welcome. I wanted
to be able to knock without a client, hence the ping thing.
Sven
Pretty neat… I was interested in doing this a while back but never
got around to it (and never will at this rate).
Are typical port-knocking setups tcp or udp based? I would think that
the handshake portion would be UDP…
Because ICMP is filtered by many ISPs, how difficult would it be to
set this up with udp?
Port knocking is normally TCP and UDP although there are a number of
implementations with ICMP. It wouldn’t be much harder to do with UDP
but that means that a client would be required as I don’t know of
any(standard) unix programs that can send custom TCP or UDP packets.
I’m looking at fixing a few of the things in the script like the
timeout so I might throw in an option for TCP/UDP and a
small client.
On 12/20/05, [email protected] [email protected] wrote:
Port knocking is normally TCP and UDP although there are a number of
implementations with ICMP. It wouldn’t be much harder to do with UDP
but that means that a client would be required as I don’t know of
any(standard) unix programs that can send custom TCP or UDP packets.
I’m looking at fixing a few of the things in the script like the
timeout so I might throw in an option for TCP/UDP and a
small client.
Check out Timeout, part of the standard library.
http://www.ruby-doc.org/stdlib/libdoc/timeout/rdoc/
Also, you can portknock on TCP with any web browser. Just in case that
helps. 
On 12/20/05, [email protected] [email protected] wrote:
Port knocking is normally TCP and UDP although there are a number of
implementations with ICMP. It wouldn’t be much harder to do with UDP
but that means that a client would be required as I don’t know of
any(standard) unix programs that can send custom TCP or UDP packets.
I’m looking at fixing a few of the things in the script like the
timeout so I might throw in an option for TCP/UDP and a
small client.
If you are wanting to test, hping ( http://www.hping.org/ ) can send
arbitrary packets (of pretty much any type).
Might look into that for udp/tcp testing.
Andy D.
Has anyone seen (or written) any port knocking implementations in Ruby?
I couldn’t see any in the RAA or RubyForge (unless it’s under a name I
missed). Is there any interest for this sort of thing?
Probably. I’ve been using Ruby more and more frequently in place of
Perl for system administration tasks, and every little google hit helps.
You might also be interested in the recent Ars Technica article about
monitoring packets with libpcap and Ruby:
Monitoring network traffic with Ruby and Pcap | Ars Technica
I wrote a
mini-script to do it with ICMP but I’m not a programmer and it most
likely bites.
All I know is your debugging output is great!
When it’s finished will it say “Chevron 7 locked” or “Chevron 7
engaged”, or both? 
On 21 Dec 2005, at 5:32am, [email protected] wrote:
You can try it just with tcpdump -n. When you try to connect to
the local ip address using port 7000, it doesn’t show up in the dump.
To dump packets to/from the loopback, you need to tell tcpdump to
look at the correct interface [otherwise it defaults to the Ethernet
Thanks for the tip. I’ve been wanting to implement a proper timeout.
The current one is packet dependant. It works, but it’s not nice.
I tried telnet and netcat to portknock but if there’s no port open,
nothing comes up in the dump. I don’t know why that is but I’m guessing
that libpcap only shows the packets if the TCP session is established.
Maybe there is an option to change that behaviour but I couldn’t find
it. You can try it just with tcpdump -n. When you try to connect to
the local ip address using port 7000, it doesn’t show up in the dump.
Same deal with ruby-libpcap(same library).
require ‘pcap’
dev = Pcap.lookupdev
cap = Pcap::Capture.open_live(dev)
cap.loop do |pkt|
puts pkt
end
I am using MacOS 10.4 so it may be some Mac weirdness at the kernel
level or how libpcap talks to the kernel but I’ve had no success so
far. That’s why I was interested to see if anyone else had done it.
Sven
This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.
Sponsor our Newsletter | Privacy Policy | Terms of Service | Remote Ruby Jobs