Created
December 27, 2021 03:00
-
-
Save buananetpbun/dc63f1539acdcac713f41e0bca88cfde to your computer and use it in GitHub Desktop.
Port Knocking Maker or Generator Icmp + Packet Size
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| How Port Knocking Maker - Mikrotik Script RouterOS | |
| In computer networking, port knocking is a method of externally opening ports on a firewall by generating a connection attempt on a set of prespecified closed ports. Once a correct sequence of connection attempts is received, the firewall rules are dynamically modified to allow the host which sent the connection attempts to connect over specific port(s). A variant called single packet authorization (SPA) exists, where only a single "knock" is needed, consisting of an encrypted packet. | |
| The primary purpose of port knocking is to prevent an attacker from scanning a system for potentially exploitable services by doing a port scan, because unless the attacker sends the correct knock sequence, the protected ports will appear closed | |
| ########################################################### | |
| # Mikrotik Port Knocking Generator with Icmp + Packet Size | |
| # Date/Time: 2/14/2021, 12:14:10 PM | |
| # https://fb.me/buananet.pbun | |
| ########################################################### | |
| /ip firewall filter | |
| add action=add-src-to-address-list address-list="port-knocking-first" address-list-timeout="00:00:00" chain=input packet-size="100" protocol=icmp comment="Port Knocking By BNT | |
| add action=add-src-to-address-list address-list="port-knocking-second" address-list-timeout="00:00:00" chain=input packet-size="200" protocol=icmp src-address-list="port-knocking-first" | |
| add action=accept chain=input dst-port="8291,21,22,23,80,443" protocol=tcp src-address-list="port-knocking-second" | |
| add action=drop chain=input dst-port="8291,21,22,23,80,443" protocol=tcp src-address-list="!port-knocking-second" | |
| Copy-Paste Firewall Script into the Terminal! | |
| Unique Packet Size For Key Knocking: 72 and 172 | |
| Example Manually Open Key Ping in CMD Windows: | |
| First Key Knock -> ping -l 72 (IP Adrress) | |
| Second Key Knock -> ping -l 172 (IP Adrress) | |
| Example Manually Open Key Ping in Terminal Linux or MacOS: | |
| First Key Knock -> ping -s 72 (IP Adrress) | |
| Second Key Knock -> ping -s 172 (IP Adrress) | |
| Or you can use Port Knocking Maker or Port Knock Generator | |
| https://buananetpbun.github.io/port-knocking-icmp.html |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment