Community discussions

MikroTik App
 
User avatar
vklpt
just joined
Topic Author
Posts: 22
Joined: Mon Feb 18, 2019 1:13 pm
Location: Izhevsk
Contact:

Port knocking with URL

Mon Feb 18, 2019 4:14 pm

web_knocking_en_2020-04-13_19_51_26.png
Let's call it «Web Knocking».
The idea is simple - we open the ports just by clicking on the link.
This is a web server that sends IP addresses of valid requests to the white list and IP addresses of bad requests to the black list:
https://github.com/vikilpet/Web-Knocking
You do not have the required permissions to view the files attached to this post.
Last edited by vklpt on Mon Apr 13, 2020 11:46 pm, edited 6 times in total.
 
User avatar
sebastia
Forum Guru
Forum Guru
Posts: 1797
Joined: Tue Oct 12, 2010 3:23 am
Location: Antwerp, BE

Re: Port knocking alternative

Mon Feb 18, 2019 9:48 pm

Goal of port knocking is to keep it hidden to public except the ones in the know. But at least easy to use.
 
User avatar
vklpt
just joined
Topic Author
Posts: 22
Joined: Mon Feb 18, 2019 1:13 pm
Location: Izhevsk
Contact:

Re: Port knocking alternative

Tue Mar 05, 2019 7:31 pm

Update:
• New ini parameter: url_prefix
 
tippenring
Member Candidate
Member Candidate
Posts: 243
Joined: Thu Oct 02, 2014 8:54 pm
Location: St Louis MO
Contact:

Re: Port knocking alternative

Wed Mar 06, 2019 6:28 pm

Besides being less practical than nping, I suspected the executable might be malicious. VT Detection ratio: 11 / 70

Check VirusTotal: https://www.virustotal.com/en/file/d81c ... /analysis/
 
User avatar
vklpt
just joined
Topic Author
Posts: 22
Joined: Mon Feb 18, 2019 1:13 pm
Location: Izhevsk
Contact:

Re: Port knocking alternative

Wed Mar 06, 2019 8:53 pm

Besides being less practical than nping
You did not get the idea.

I suspected the executable might be malicious. VT Detection ratio: 11 / 70
Check VirusTotal: https://www.virustotal.com/en/file/d81c ... /analysis/
If you believe in power of heuristic algoritms of noname antiviruses you better not use winbox too:
https://www.virustotal.com/#/file/b300a ... /detection
 
User avatar
vklpt
just joined
Topic Author
Posts: 22
Joined: Mon Feb 18, 2019 1:13 pm
Location: Izhevsk
Contact:

Re: Port knocking with URL

Mon Apr 13, 2020 7:59 pm

The code is now publicly available.
It also may work with non-routeros devices with help of netmiko but i have MikroTik's only.
 
User avatar
jvanhambelgium
Member Candidate
Member Candidate
Posts: 295
Joined: Thu Jul 14, 2016 9:29 pm
Location: Belgium

Re: Port knocking with URL

Mon Apr 13, 2020 8:58 pm

Although I understand the idea, there is a couple of possible issues.

- Continuous open-to-anyone-everywhere attack-vector of the DNAT-entry pointing to your web-page.
- Un-encrypted "admin" credentials in the Python files ; if ever compromised you have full power on the Mikrotik
- Only 1 "stage" , meaning making the request to the correct URL and you are in.


I also use port-knocking in a 3-stage setup, meaning 3 knocks are required (random ports, mix of UDP/TCP), within a certain time-frame (seconds) to give access for a specified duration.
Much,much more secure, I would say near impossible to "guess" it and there is no permanent "patchhole" like you have pointing to your Phythong webserver.

Any smartphone could run such app where you can pre-configure the knocking-sequence. If your user is eg. sitting in a hotel he can use the Hotel Wifi and perform the sequence, then the laptop (also connected on Hotel-wifi) probably uses the same public-IP and is therefore also usable. (same applies if at home)
Or the use could use his phone on 4G in "tethering" mode and act as wireless AP for the laptop to work on after sequencing the port-knock.

The alternative offcourse is "VPN" ;-)
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 1746
Joined: Sat Dec 24, 2016 11:17 am
Location: jo.overland at gmail.com

Re: Port knocking with URL

Mon Apr 13, 2020 9:41 pm

I do not see the need of a URL to port knock. I will add more components to run the network.

To use normal port knock, you do not need any tools if its TCP to open the ports.

Eks port 1600, 2500 and 3456 needed to open.

Then from any browser open following pages in sequences.
http://router_os.ip:/1600
http://router_os.ip:/2500
http://router_os.ip:/3456
 
How to use Splunk to monitor your MikroTik Router(s)

MikroTik->Splunk
 
 
User avatar
jvanhambelgium
Member Candidate
Member Candidate
Posts: 295
Joined: Thu Jul 14, 2016 9:29 pm
Location: Belgium

Re: Port knocking with URL

Mon Apr 13, 2020 11:12 pm

I do not see the need of a URL to port knock. I will add more components to run the network.

To use normal port knock, you do not need any tools if its TCP to open the ports.

Eks port 1600, 2500 and 3456 needed to open.
Offcourse this will work too, but nice simple Windows, Android & IOS apps exist where 1 press of a button starts the sequence, putting some custom timers where needed etc.
In your case you need some favorites URL's stored or something, especially if you expect the sequences to arrives within max 1 or 2 seconds apart.
Many solutions exist.
 
User avatar
vklpt
just joined
Topic Author
Posts: 22
Joined: Mon Feb 18, 2019 1:13 pm
Location: Izhevsk
Contact:

Re: Port knocking with URL

Wed Apr 15, 2020 9:38 pm

v2020-04-15
+ Logging to a file
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 1746
Joined: Sat Dec 24, 2016 11:17 am
Location: jo.overland at gmail.com

Re: Port knocking with URL

Wed Apr 15, 2020 10:33 pm

Syslog is the best way (at least for me) to handle logs.
 
How to use Splunk to monitor your MikroTik Router(s)

MikroTik->Splunk
 
 
User avatar
vklpt
just joined
Topic Author
Posts: 22
Joined: Mon Feb 18, 2019 1:13 pm
Location: Izhevsk
Contact:

Re: Port knocking with URL

Mon Apr 20, 2020 6:02 pm

v2020-04-20
new logging format
web_knocking_2020-04-20_16_42_53.png
You do not have the required permissions to view the files attached to this post.
 
User avatar
vklpt
just joined
Topic Author
Posts: 22
Joined: Mon Feb 18, 2019 1:13 pm
Location: Izhevsk
Contact:

Re: Port knocking with URL

Thu Apr 23, 2020 1:29 pm

v2020-04-23 + hotkeys

Who is online

Users browsing this forum: brixsat, rofrigo2, sarakarumneha, sindy and 74 guests