Community discussions

MikroTik App
 
gregsowell
Member Candidate
Member Candidate
Topic Author
Posts: 128
Joined: Tue Aug 28, 2007 1:24 am
Contact:

Windows Port Knock Application

Wed Jul 21, 2010 7:36 pm

For all of my port knock peeps, I wrote a GUI windows port knock app. It will knock TCP and/or UDP...you can even add text to your UDP port knock. Have a look my friends :D . http://gregsowell.com/?p=2020
Hit my blog for video tutorials of Mikrotik and Cacti.
Just so I look as cool as everyone else ->CCNA / CCNP / CCIE W / MCNA / MCRE / MCIE / Certified Trainer / A+ / N+ / Partridge in pear tree <- *sigh* I'll never know enough...
 
leonset
Member Candidate
Member Candidate
Posts: 256
Joined: Wed Apr 01, 2009 9:09 pm

Re: Windows Port Knock Application

Thu Jul 22, 2010 12:02 pm

Nice!!

Seems useful, even if I'm not using port knocking right now...

Thanks!
 
gregsowell
Member Candidate
Member Candidate
Topic Author
Posts: 128
Joined: Tue Aug 28, 2007 1:24 am
Contact:

Re: Windows Port Knock Application

Fri Jul 23, 2010 5:06 pm

NP bud...happy knocking! :D
Hit my blog for video tutorials of Mikrotik and Cacti.
Just so I look as cool as everyone else ->CCNA / CCNP / CCIE W / MCNA / MCRE / MCIE / Certified Trainer / A+ / N+ / Partridge in pear tree <- *sigh* I'll never know enough...
 
patrickmkt
Member Candidate
Member Candidate
Posts: 170
Joined: Sat Jul 28, 2012 5:21 pm

Re: Windows Port Knock Application

Sun Mar 01, 2015 7:26 pm

Any update on the compiled version that incorporate the DNS and delay?
 
gregsowell
Member Candidate
Member Candidate
Topic Author
Posts: 128
Joined: Tue Aug 28, 2007 1:24 am
Contact:

Re: Windows Port Knock Application

Tue Apr 24, 2018 9:48 pm

Indeed, I finally added the DNS resolution piece.
Hit my blog for video tutorials of Mikrotik and Cacti.
Just so I look as cool as everyone else ->CCNA / CCNP / CCIE W / MCNA / MCRE / MCIE / Certified Trainer / A+ / N+ / Partridge in pear tree <- *sigh* I'll never know enough...
 
User avatar
CZFan
Forum Guru
Forum Guru
Posts: 1693
Joined: Sun Oct 09, 2016 8:25 pm
Location: South Africa, Randburg
Contact:

Re: Windows Port Knock Application

Tue Apr 24, 2018 10:43 pm

Looks awesome, perfect timing to bump this thread after the recent vulnerability :-)
MTCNA, MTCTCE, MTCRE & MTCINE
 
gregsowell
Member Candidate
Member Candidate
Topic Author
Posts: 128
Joined: Tue Aug 28, 2007 1:24 am
Contact:

Re: Windows Port Knock Application

Wed Apr 25, 2018 4:02 pm

@CZ, it's no accident...I needed a reason to get off my butt ;)
Hit my blog for video tutorials of Mikrotik and Cacti.
Just so I look as cool as everyone else ->CCNA / CCNP / CCIE W / MCNA / MCRE / MCIE / Certified Trainer / A+ / N+ / Partridge in pear tree <- *sigh* I'll never know enough...
 
msatter
Forum Guru
Forum Guru
Posts: 1710
Joined: Tue Feb 18, 2014 12:56 am
Location: Netherlands / Nīderlande

Re: Windows Port Knock Application

Wed Apr 25, 2018 6:13 pm

Thanks for the nice port-knocking program. :-)
One RB4011 (cooled) and a RB760iGS (hEX S) in series. The 4011 Does PPPoE/IKEv2.
The cooler: viewtopic.php?f=3&t=138613&start=300#p799879
Running:
RouterOS 6.47 / Winbox 3.24 / MikroTik APP 1.3.14
 
gregsowell
Member Candidate
Member Candidate
Topic Author
Posts: 128
Joined: Tue Aug 28, 2007 1:24 am
Contact:

Re: Windows Port Knock Application

Wed Apr 25, 2018 8:36 pm

:D Always happy to help!
Hit my blog for video tutorials of Mikrotik and Cacti.
Just so I look as cool as everyone else ->CCNA / CCNP / CCIE W / MCNA / MCRE / MCIE / Certified Trainer / A+ / N+ / Partridge in pear tree <- *sigh* I'll never know enough...
 
User avatar
strods
MikroTik Support
MikroTik Support
Posts: 1438
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

Re: Windows Port Knock Application

Wed Apr 25, 2018 8:48 pm

Nice!
Seems that I will be using it too :D
However, nothing beats mAP lite + DHCP client with script that does port knocking and establishes IPsec tunnel back to home, while traveling :)
 
User avatar
jspool
Member
Member
Posts: 419
Joined: Sun Oct 04, 2009 4:06 am
Location: Oregon

Re: Windows Port Knock Application

Wed Apr 25, 2018 9:28 pm

I understand the use case for port knocking but I prefer using DDNS clients on mobile management devices. Set your routers to allow "ddnshostname.domain.com"
 
patrickmkt
Member Candidate
Member Candidate
Posts: 170
Joined: Sat Jul 28, 2012 5:21 pm

Re: Windows Port Knock Application

Thu Apr 26, 2018 9:41 pm

Bitdefender fund a trojan in the file :-(
 
User avatar
jspool
Member
Member
Posts: 419
Joined: Sun Oct 04, 2009 4:06 am
Location: Oregon

Re: Windows Port Knock Application

Thu Apr 26, 2018 9:47 pm

I doubt Greg is including trojans in his files. Most likely a false positive. upload it to https://www.virustotal.com/#/home/upload and see what it finds.
 
gregsowell
Member Candidate
Member Candidate
Topic Author
Posts: 128
Joined: Tue Aug 28, 2007 1:24 am
Contact:

Re: Windows Port Knock Application

Thu Apr 26, 2018 10:47 pm

The program has a separate little app it unpacks to fire off the individual knocks(tcp.exe). Some virus progs don't like an additional application being unzipped and dropped in. This was my lazy way of having the program fire off the connections.
Hit my blog for video tutorials of Mikrotik and Cacti.
Just so I look as cool as everyone else ->CCNA / CCNP / CCIE W / MCNA / MCRE / MCIE / Certified Trainer / A+ / N+ / Partridge in pear tree <- *sigh* I'll never know enough...
 
silversword
newbie
Posts: 43
Joined: Tue Jul 23, 2013 3:36 pm

Re: Windows Port Knock Application

Fri Apr 27, 2018 3:31 pm

Yeah, lots of AV's have it listed (and that's before even running the app to get it to extract tcp.exe):

https://www.virustotal.com/#/file/148f0 ... /detection

I'm sure any kind of util that is built for hitting network ports will get caught up in lots of false positives because it's going to be a main job most viruses replication packages.

I'm trying to create a task scheduler item that would I could automate daily firewall hits

So far I've found Powershell: Test-NetConnection <host> -port <port>
long timeouts, need to see if I can shorten it
Sysinternals Util: psping
tcping.exe - https://www.elifulkerson.com/projects/tcping.php

Anything else someone can think of that's built into windows and can be called from command line preferably? :)

There's gotta be a one-liner that'll do the job ;) <ba-dum-ching>
 
squeeze
Member Candidate
Member Candidate
Posts: 146
Joined: Thu Mar 22, 2018 7:53 pm

Re: Windows Port Knock Application

Fri Apr 27, 2018 5:04 pm

Why not just use AutoIt itself for sending packets since that's what you're using already?
 
gregsowell
Member Candidate
Member Candidate
Topic Author
Posts: 128
Joined: Tue Aug 28, 2007 1:24 am
Contact:

Re: Windows Port Knock Application

Fri Apr 27, 2018 6:12 pm

I don't 100% remember why I did it that way; I believe that when I wrote it autoit would hang waiting on the connection before it would knock the next port. I suppose I can rewrite it real quick to see if it works as expected.
Hit my blog for video tutorials of Mikrotik and Cacti.
Just so I look as cool as everyone else ->CCNA / CCNP / CCIE W / MCNA / MCRE / MCIE / Certified Trainer / A+ / N+ / Partridge in pear tree <- *sigh* I'll never know enough...
 
anav
Forum Guru
Forum Guru
Posts: 4641
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada

Re: Windows Port Knock Application

Sat Apr 28, 2018 9:58 pm

Is this a method to avoid VPN to the router while in remote locations?
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
 
sindy
Forum Guru
Forum Guru
Posts: 5379
Joined: Mon Dec 04, 2017 9:19 pm

Re: Windows Port Knock Application

Sat Apr 28, 2018 10:56 pm

Is this a method to avoid VPN to the router while in remote locations?
No. It is a method to mitigate the risk that someone breaks in to your VPN which is open for login from anywhere because you do not know in advance from where you're gonna connect next time.

The bad guys target VPNs because everyone uses them without being able to assess their actual security. So if you need to keep your VPN open for login from anywhere, use of port knocking is a useful kind of additional reinforcement against possible vulnerabities of the VPN software.

Its drawbacks are that unless you use some kind of "rolling code", it provides zero protection against a replay attack taken by a man in the middle (like the IT guy in the hotel from which you connect or the guy who has broken into the hotel's AP or the guy next room who records the wireless communication of your PC which uses the WPA passphrase which is common for all clients of the hotel AP), and that if you knock from behind a NAT which randomly spreads the connections among several public addresses, your router will not let you in because all knocks must come from the same IP for the whole sequence to work.
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.
 
User avatar
jspool
Member
Member
Posts: 419
Joined: Sun Oct 04, 2009 4:06 am
Location: Oregon

Re: Windows Port Knock Application

Sat Apr 28, 2018 11:12 pm

Port knocking seems like a decent approach to add an additional level of security. I used it when I first started using Mikrotik products but have since migrated to other methods.

1. DDNS (My management gear has DDNS client that updates the dynamic DNS record with the IP of the management equipment. If the DDNS IP has been the same for over x hrs it changes it to 127.0.0.1 ) Even if the DDNS was compromised the attacker would have no clue what equipment you have that watches that record.

2. Linux server running OpenVPN server with 2FA for remote management. Even if it were compromised they would have no clue what equipment that VPN IP is allowed to connect to.
 
sindy
Forum Guru
Forum Guru
Posts: 5379
Joined: Mon Dec 04, 2017 9:19 pm

Re: Windows Port Knock Application

Sat Apr 28, 2018 11:40 pm

Even if the DDNS was compromised the attacker would have no clue what equipment you have that watches that record.
I agree that compromising the DDNS itself could reveal something useful only if the VPN "server" would query the DDNS server directly. But if you update the DDNS from the hotel just before connecting to the VPN "server", the MITM can see the source IP of the updating device and if that device then initiates a VPN connection to some destination IP, that destination IP is the server, so it remains open for an attack from behind the same public IP until you stop renewing the DDNS record. And the attacker doesn't even need to know the DNS name you use.
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.
 
User avatar
jspool
Member
Member
Posts: 419
Joined: Sun Oct 04, 2009 4:06 am
Location: Oregon

Re: Windows Port Knock Application

Sun Apr 29, 2018 1:47 am

Even if the DDNS was compromised the attacker would have no clue what equipment you have that watches that record.
I agree that compromising the DDNS itself could reveal something useful only if the VPN "server" would query the DDNS server directly. But if you update the DDNS from the hotel just before connecting to the VPN "server", the MITM can see the source IP of the updating device and if that device then initiates a VPN connection to some destination IP, that destination IP is the server, so it remains open for an attack from behind the same public IP until you stop renewing the DDNS record. And the attacker doesn't even need to know the DNS name you use.
My laptop has built in LTE modem for when I am outside my own networks. I avoid public WiFi as much as possible. I typically use the Linux OpenVPN server with 2FA and then connect from the VPN IP to the equipment. And DDNS is available as needed in a pinch. No solution is 100% effective. The idea is to make it no easy task to gain access to critical infrastructure.
 
squeeze
Member Candidate
Member Candidate
Posts: 146
Joined: Thu Mar 22, 2018 7:53 pm

Re: Windows Port Knock Application

Sun Apr 29, 2018 2:38 am

The most secure method is VPS, because it does not expose anything directly on the Internet interface, is securely authenticated up front and not subject to replay.

Port knocking is ideally just another backup. Just like, for example, running a Tor Hidden Service ...
 
mayday
just joined
Posts: 1
Joined: Tue Jul 03, 2018 5:49 pm

Re: Windows Port Knock Application

Tue Jul 03, 2018 5:52 pm

I want to use this application over openvpn client, is it possible? I want port knock a vps throgh this application over a vpn connection so that my real ip remain obfuscated.

Thnx in advance
May
 
silversword
newbie
Posts: 43
Joined: Tue Jul 23, 2013 3:36 pm

Re: Windows Port Knock Application

Wed Jul 04, 2018 7:46 pm

I want to use this application over openvpn client, is it possible?
A VPN will forward all your source traffic thru the tunnel, so yes if the tunnel is up your knock will go thru it.

Who is online

Users browsing this forum: eworm, sindy and 92 guests