Community discussions

MikroTik App
 
GiovanniG
Member
Member
Topic Author
Posts: 341
Joined: Sun Nov 15, 2015 4:12 pm

A version of Winbox with port knocking?

Wed Jan 18, 2023 9:06 am

Hi, sorry if somebody asked about it already, can we have a new version which autumatically knock a sequennce of ports? As I kno by now I have to manyually knock every time 3 different ports, I don't see why, this Winbox is on my super password protected PC and I can type there the sequences, as well as the login password.
Thank you

PS: about security which some guys here often complain to, Winbox saves a file into appdata profile's folder with all password typed clear, anyone who knows about and have eventually an access to my PC can read them
 
holvoetn
Forum Guru
Forum Guru
Posts: 5405
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: A version of Winbox with port knocking?

Wed Jan 18, 2023 9:36 am

In my view this is not something to be included in an application as Winbox.

Either you foresee a VPN for secure access or you have a tool which does the port knocking for you before launching Winbox.
Those tools exist. No need to duplicate that behavior (and have a whole load of other bugs because of it).
E.g. Epinox Port Knocking Tool

My view. Others might chime in with a different opinion.
 
Kindis
Member
Member
Posts: 434
Joined: Tue Nov 01, 2011 6:54 pm
Location: Sweden

Re: A version of Winbox with port knocking?

Wed Jan 18, 2023 10:06 am

I disagree! I would love to have it in the same tool to be part of the Winbox. So you can check have it perform the portknock while connecting. For me this makes sense so avoid different tool this feature would not have to be used if you do not to. Would solve this issue of making sure to have the second portknock script with me if I need access to equipment as I avoid exposing VPN to internet.
 
holvoetn
Forum Guru
Forum Guru
Posts: 5405
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: A version of Winbox with port knocking?

Wed Jan 18, 2023 10:21 am

No problem.
Everyone is entitled to an opinion, as long as we can keep the discussion civil and factual.

My approach is using a VPN like Wireguard. I can ONLY access my home network (and Winbox) when my PC has wireguard activated.
Otherwise it will not work.
No port knocking needed.

... as I avoid exposing VPN to internet.
This comment I do not understand ?
The whole point of VPN is to be completely safeguarded from whatever intermediate step there is.
But no internet = no VPN.

Or do you mean something else ?
 
GiovanniG
Member
Member
Topic Author
Posts: 341
Joined: Sun Nov 15, 2015 4:12 pm

Re: A version of Winbox with port knocking?

Wed Jan 18, 2023 10:41 am

I'm just trying to make our life easier,
I'm keep installing mikrotik and I need a fast way to manage them remotely, I don't want VPN, I need to do it anywhere in the world with any device, whan needed. I can't loose time with different apps knocking here and there to access then with WInbox, I don't like to work such complicated, I need a fast tool. For this reason I'm avoiding now to use knocking and I've NAT on a highest port the Winbox, please don't wash my head about securuty issues, I'm aware of them, for me i'ts more important the way I work, thanks for understanding.

I don't think I'm asking something that may cause bugs or degrade the quality of Winbox, I'm asking something optional, who doesn't like it may simply not use it, that's all :)
IMHO: I think it's time to implement it as a main function, really useful, Mikrotik has to encurage its use, if used by all as defaut way to access devices, may improve the general Mikrotik safeness.
 
Kindis
Member
Member
Posts: 434
Joined: Tue Nov 01, 2011 6:54 pm
Location: Sweden

Re: A version of Winbox with port knocking?

Wed Jan 18, 2023 1:56 pm

... as I avoid exposing VPN to internet.
This comment I do not understand ?
The whole point of VPN is to be completely safeguarded from whatever intermediate step there is.
But no internet = no VPN.

Or do you mean something else ?
The more service exposed to internet the more can break or be hacked. I could set VPN behind port knocking perhaps but have not done so. I like the equipment to drop all inbound traffic by default and not popup on Shodan at all. Is the risk high? Probably not but not having VPN available at all is the option I went with.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19106
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: A version of Winbox with port knocking?

Wed Jan 18, 2023 2:00 pm




This comment I do not understand ?
The whole point of VPN is to be completely safeguarded from whatever intermediate step there is.
But no internet = no VPN.

Or do you mean something else ?
The more service exposed to internet the more can break or be hacked. I could set VPN behind port knocking perhaps but have not done so. I like the equipment to drop all inbound traffic by default and not popup on Shodan at all. Is the risk high? Probably not but not having VPN available at all is the option I went with.
Thats why banks use port knocking ;-PPPPPPPPPPPPPP
 
Kindis
Member
Member
Posts: 434
Joined: Tue Nov 01, 2011 6:54 pm
Location: Sweden

Re: A version of Winbox with port knocking?

Wed Jan 18, 2023 2:43 pm

No but banks have something I do not, a crapton of money :-)
 
User avatar
k6ccc
Forum Guru
Forum Guru
Posts: 1490
Joined: Fri May 13, 2016 12:01 am
Location: Glendora, CA, USA (near Los Angeles)
Contact:

Re: A version of Winbox with port knocking?

Wed Jan 18, 2023 8:10 pm

PS: about security which some guys here often complain to, Winbox saves a file into appdata profile's folder with all password typed clear, anyone who knows about and have eventually an access to my PC can read them
Only if you save them - I don't. For my router at home, I remember the password, but for the others I manage, I have a password manager that remembers them.

Who is online

Users browsing this forum: Cr4shOnPc, own3r1138 and 62 guests