Windows Port Knock Application

gregsowell · July 21, 2010, 4:36pm

For all of my port knock peeps, I wrote a GUI windows port knock app. It will knock TCP and/or UDP…you can even add text to your UDP port knock. Have a look my friends . http://gregsowell.com/?p=2020

leonset · July 22, 2010, 9:02am

Nice!!

Seems useful, even if I’m not using port knocking right now…

Thanks!

gregsowell · July 23, 2010, 2:06pm

NP bud…happy knocking!

patrickmkt · March 1, 2015, 5:26pm

Any update on the compiled version that incorporate the DNS and delay?

gregsowell · April 24, 2018, 6:48pm

Indeed, I finally added the DNS resolution piece.

CZFan · April 24, 2018, 7:43pm

Looks awesome, perfect timing to bump this thread after the recent vulnerability

gregsowell · April 25, 2018, 1:02pm

@CZ, it’s no accident…I needed a reason to get off my butt

msatter · April 25, 2018, 3:13pm

Thanks for the nice port-knocking program.

gregsowell · April 25, 2018, 5:36pm

Always happy to help!

strods · April 25, 2018, 5:48pm

Nice!
Seems that I will be using it too
However, nothing beats mAP lite + DHCP client with script that does port knocking and establishes IPsec tunnel back to home, while traveling

jspool · April 25, 2018, 6:28pm

I understand the use case for port knocking but I prefer using DDNS clients on mobile management devices. Set your routers to allow “ddnshostname.domain.com”

patrickmkt · April 26, 2018, 6:41pm

Bitdefender fund a trojan in the file

jspool · April 26, 2018, 6:47pm

I doubt Greg is including trojans in his files. Most likely a false positive. upload it to https://www.virustotal.com/#/home/upload and see what it finds.

gregsowell · April 26, 2018, 7:47pm

The program has a separate little app it unpacks to fire off the individual knocks(tcp.exe). Some virus progs don’t like an additional application being unzipped and dropped in. This was my lazy way of having the program fire off the connections.

silversword · April 27, 2018, 12:31pm

Yeah, lots of AV’s have it listed (and that’s before even running the app to get it to extract tcp.exe):

https://www.virustotal.com/#/file/148f082f18ded2bceea7316cf950d3f6faf124e66da023f5e8d3e1887083aaa0/detection

I’m sure any kind of util that is built for hitting network ports will get caught up in lots of false positives because it’s going to be a main job most viruses replication packages.

I’m trying to create a task scheduler item that would I could automate daily firewall hits

So far I’ve found Powershell: Test-NetConnection -port
long timeouts, need to see if I can shorten it
Sysinternals Util: psping
tcping.exe - https://www.elifulkerson.com/projects/tcping.php

Anything else someone can think of that’s built into windows and can be called from command line preferably?

There’s gotta be a one-liner that’ll do the job

squeeze · April 27, 2018, 2:04pm

Why not just use AutoIt itself for sending packets since that’s what you’re using already?

gregsowell · April 27, 2018, 3:12pm

I don’t 100% remember why I did it that way; I believe that when I wrote it autoit would hang waiting on the connection before it would knock the next port. I suppose I can rewrite it real quick to see if it works as expected.

anav · April 28, 2018, 6:58pm

Is this a method to avoid VPN to the router while in remote locations?

sindy · April 28, 2018, 7:56pm

No. It is a method to mitigate the risk that someone breaks in to your VPN which is open for login from anywhere because you do not know in advance from where you’re gonna connect next time.

The bad guys target VPNs because everyone uses them without being able to assess their actual security. So if you need to keep your VPN open for login from anywhere, use of port knocking is a useful kind of additional reinforcement against possible vulnerabities of the VPN software.

Its drawbacks are that unless you use some kind of “rolling code”, it provides zero protection against a replay attack taken by a man in the middle (like the IT guy in the hotel from which you connect or the guy who has broken into the hotel’s AP or the guy next room who records the wireless communication of your PC which uses the WPA passphrase which is common for all clients of the hotel AP), and that if you knock from behind a NAT which randomly spreads the connections among several public addresses, your router will not let you in because all knocks must come from the same IP for the whole sequence to work.

jspool · April 28, 2018, 8:12pm

Port knocking seems like a decent approach to add an additional level of security. I used it when I first started using Mikrotik products but have since migrated to other methods.

DDNS (My management gear has DDNS client that updates the dynamic DNS record with the IP of the management equipment. If the DDNS IP has been the same for over x hrs it changes it to 127.0.0.1 ) Even if the DDNS was compromised the attacker would have no clue what equipment you have that watches that record.
Linux server running OpenVPN server with 2FA for remote management. Even if it were compromised they would have no clue what equipment that VPN IP is allowed to connect to.