STATE: broken: looks like
bit32 lua lib no longer there.
NOTE: fwknop is probably better in many ways.
Based on knock, instead uses lua for configuration and both plain and sha256-based port orders.
sha256-based port orders limit replay attacks to a short periods. Note that it's still just an extra layer of protection.
There is also an option to change the order whenever too much of the sequence is observed, at the cost of being more complicated to use. You could even start a server, where the port it uses is based on the sha256.
make knockoff, you need
(last one is .. less needed)
Just exists for archlinux at the moment, get the
sudo pacman -U knockoff*.pkg.tar.xz as you'd usually do
make home_install will put things in
~/.config/knockoff, you must add
(or just move the binary somewhere where it is in
Suggestions below assume root level install. (replace
~/.config/knockoff/ for the local-install interpretation)
The server(receiver of the knocks) needs to be run as root.
On both the server and knocker side,
cp /etc/knockoff/examples/sha2.lua /etc/knockoff/$SERVERNAME.lua
local secret = .. value to the secret you agreed on.
Change the element in the
interfaces list to the interface you want to sniff of the current device.
ip links lists some (it might be something like
(values possibly differ for server and knocker)
local port value to the port you need open,
or just change the
success function directly.
To run the knocking-sniffer, as root,
knockoff watch $SERVERNAME -v 2
-v just increases verbosity somewhat)
To knock the server:
knockoff knock $SERVERNAME $IP, and then within ten
A look at the
src/etc/examples/ directory might help. There is also a
doc/ contains more documentation.
There is support for different events after a knock. The above assumes the
end-event is simply
success. For instance
./knockoff knock example/simple_choose $ip A # Trigger A ./knockoff ports example/simple_choose B # Show port sequence for B.
doc/features.md for more other options. (todo list of some which don't
Jasper den Ouden. (me)
Judd Vinet's knock, which i copied, it would have been pretty hard for me to get the sniffing part right.
Licensed under the GPLv2 (text in
gplv2.txt) Note that it has the option "or any later version".