Has anyone found a way to build a port-knocking listener with cryptographic hash checking (to prevent sniffing/replay attacks) for RouterOs/Mikrotik?
it would need to be something for which a client can be built on Linux/Mac and also Android and iOS clients.
http://www.cipherdyne.org/fwknop/docs/SPA.html describes such a scheme in general using a tool called fwknop..
Not sure how one would build the daemon for this in routeros. It would require the ability to call a script from a firewall rule (with the packet as parameter) and then a script like http://forum.mikrotik.com/viewtopic.php?t=62895.
The script called from the packet filter could then hash a known password,timestamp etc and compare the result with the received packet data.if successful, the source address of the packet coudl be added to an address-list for a while to allow access..