hi,all
how do i use port knocking?
I use command below in winbox terminal
/ip firewall filter
Knock.exe 192.168.0.2 1337:tcp 7331:tcp
it not work for me how do I make it correct?
It is correct, but that command is not for RouterOS - it is for WINDOWS !!!hi, is httP://wiki.mikrotik.com means anyone can change information there,so there may not be correct?
/ ip firewall filter
add chain=input protocol=tcp dst-port=1337 action= add-src-to-address-list address-list=temp address-list-timeout=15s
add chain=input protocol=tcp dst-port=7331 src-address-listddress-list=temp action= add-src-to-address-list address-list=safe address-list-timeout=15m
shouldn't you add some more rules to complete this setup? like rules that block people not in the safe listAdd firewall rules:
Now you can download knock.exe http://www.zeroflux.org/proj/knock/file ... cygwin.zipCode: Select all/ ip firewall filter add chain=input protocol=tcp dst-port=1337 action= add-src-to-address-list address-list=temp address-list-timeout=15s add chain=input protocol=tcp dst-port=7331 src-address-listddress-list=temp action= add-src-to-address-list address-list=safe address-list-timeout=15m
and execute Knock.exe 192.168.0.2 1337:tcp 7331:tcp from windows terminal ( you will be able to access router for 15 minutes ).
/ ip firewall filter
add chain=input src-address-list=safe action=accept
add chain=input protocol=tcp dst-port=1337 action= add-src-to-address-list address-list=temp address-list-timeout=15s
add chain=input protocol=tcp dst-port=7331 src-address-listddress-list=temp action= add-src-to-address-list address-list=safe address-list-timeout=15m
add chain=input action=drop
those who will know how to knock will be able to access router.
why when I execute knock.exe ,it close automatic I have no chance to typing command.Add firewall rules:
Now you can download knock.exe http://www.zeroflux.org/proj/knock/file ... cygwin.zipCode: Select all/ ip firewall filter add chain=input protocol=tcp dst-port=1337 action= add-src-to-address-list address-list=temp address-list-timeout=15s add chain=input protocol=tcp dst-port=7331 src-address-listddress-list=temp action= add-src-to-address-list address-list=safe address-list-timeout=15m
and execute Knock.exe 192.168.0.2 1337:tcp 7331:tcp from windows terminal ( you will be able to access router for 15 minutes ).
I have not chance to type ,when I double click knock.exe ,it close immediatelyYou have to type the command line all at once, it's not interactive, it won't prompt you for variables.
I use this batch file for my system
>>knock 172.125.3.203 45:tcp
pause
knock 172.125.3.203 46:tcp<<
that way I have to hit the enter key, that helps me to know that the command has run correctly.