1.13 GPL (GNU General Public License)    
3.2/5 21
An extension for the iptables firewall application that implements port knock detection

editor's review





ipt_pkd is a free command-line software that provides an open-source iptables extension that has been designed from the ground up to implement a port knock detection system with SPA (Single Packet Authorization) functionality.

Divided in three important parts

The project is divided in three important parts, the kernel module, a user space client knock program, and the iptables user space module, called libipt_pkd.so. ipt_pkd is capable of verifying a packet with SHA256, as well as to check the time window of a packet. However, it does not sends the shared key and has limited proc support.

How does it work?

ipt_pkd’s knock packet can be described as a SHA256 has of a small header, a timestamp, a shared key and some random bytes sent via the UDP (User Datagram Protocol) protocol. Both the random bytes and the timestamp are passed in the packet, in order for the server to create the SHA256 hash and do a results comparison. If they match, the pkd module will return true. If not, it will return false.

I want to see some examples!

A simple example of using the ipt_pkd package is for protecting a SSH (Secure Shell) connection on port 22. Using the iptables rules displayed below, any new SSH connection attempt will be dropped, unless a valid knock packet is provided:

iptables -A INPUT -p udp -m pkd --key test --tag SSHK -m recent --set --name PKD

iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --rcheck --name PKD --seconds 60 --hitcount 1 -j ACCEPT

iptables -A INPUT -p tcp --dport 22 -m state --state NEW -j REJECT --reject-with tcp-reset

It has only three options

As mentioned, ipt_pkd is a command-line applications that runs on a console environment, using an X11 terminal emulator or directly from a text-mode session. It has only three options, one that sets a shared key, one that sets the time in seconds, and another one that sets the tag for the knock key.

ipt_pkd was reviewed by Marius Nestor
Last updated on September 9th, 2014
ipt_pkd - ipt_pkd is an iptables extension that can implement a port knock detection system

0 User reviews so far.