Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Basic Port Knocking support for $100

    Scheduled Pinned Locked Moved Expired/Withdrawn Bounties
    2 Posts 2 Posters 4.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • I
      InsolentDreams
      last edited by

      I'm contributing $50 towards this goal.  Basic port knocking with a rather simple web-gui to administrate the knocking server/daemon.

      As simple as the following tutorial, with just simple port increments.

      http://gentoo-wiki.com/Port_Knocking

      I'm trying to revive what kinda started here: http://forum.pfsense.org/index.php/topic,4168.0.html

      This will be a good first step, and once implemented I'd like to see a "v2" of this feature come out which lets you use time-based and/or private-key based algorithms to have the port sequence be dynamic.

      I can imagine it possibly going in the firewall or the services menu.  This may take a bit of work seeing as how it needs to play nice with other aspects of pfSense such as the Firewall, where I would see it auto-add rules to the firewall/NAT as a result of a successful port knock.

      Knock daemons are rather small and simple and I'd really like to see it get 100% stable and pushed into the default builds, especially for embedded.  That isn't part of the requirements for the bounty.

      P.S. Before I get similar flame on here than was on the previous post above, let me just clarify for anyone that doesn't know, port knocking is not an excuse for good security practices.  Security by obscurity does not work alone, but it works well when in combination with known security practices.  With ports closed, less "attempts" and port scans reveal open ports, and less attempts at breaking your router's passwords are made, especially when you're hosting unencrypted and/or insecure services (eg. FTP).  I do want to see the knock support get very advanced, but I'm willing to see/pay this through in phases.  Phase 1, get the basics in there, get it working, and get feedback.  :)

      Anyone else want to chip in a little bit or add a comment to this?

      (I will also gladly do beta testing and assist in the development of this module in any way I can.  I'm a PHP guru, but little BSD experience)

      Thanks,

      • I
      1 Reply Last reply Reply Quote 0
      • H
        heiko
        last edited by

        in few words, i will spend 50 $ USD, so the total amount of this bounty is 100 $ now!
        Greetings
        Heiko

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.