Shimmer 0.1.0

An implementation of my C3PO that hides a critical server behind an ever changing set of ports.
Shimmer is a Perl implementation of my C3PO proposal which hides a critical server behind a changing set of ports.

Shimmer is a pair of small programs (a client and a server) that provide an alternative to port knocking program such as tumbler and are used to hide a valuable port (such as a hidden web server or SSH) on a public IP address.

Shimmer works by cryptographically changing a set of 16 ports (one of which forwards to the real service, and 15 others that lead to a trap to blacklist attackers). The 16 ports change every minute frustrating an attacker, but a legimitate user with access to a secret shared between the client and server can determine the real port, avoid blacklisting, and get a connection.

Since both client and server must be time synchronized to the nearest minute Shimmer actual holds 48 ports open at a time (16 for the previous minute, 16 for the current minute and 16 for the next minute) to avoid problems due to small amounts of clock drift.

Using Shimmer:

shimmerd is the daemon program that managers the collections of ports (known as mirages) on a server. shimmerd is configured using a simple text-based configuration file. Here's a simple configuration that hides an SSH server residing on port 22 (which should be firewalled off from the outside world) behind a collection of ports in the range 10000 to 109999.


log = /var/log/shimmer.log


secret = password
port = 22
range = 10000-10999

The log setting in the [common] section tells shimmerd where to write its log file. After [common] come an arbitrary number of mirages each with a unique name. Here, just one named ssh is defined in the section [mirage-ssh].

The port setting tells shimmerd to forward a connection to the right mirage port to the local port 22 (where SSH normally resides). The range setting gives the range of ports over which shimmerd will choose ports to hide behind.

Finally, the secret setting is a shared secret between the shimmerd server and any user connecting with the shimmer client program.

Starting shimmerd is as simple as

$ shimmerd --config=shimmer.conf &

The shimmer client does one thing only: it outputs the current legitimate port for a specific mirage, range and secret combination. This output can then be used to configure another program (such as an SSH client) with the port to connect to.

Here's shimmer being used to connect to a hidden SSH server:

ssh -p `./shimmer --open ssh:10000:10999 --secret password`

shimmer's --open gives the mirage name and range of ports configured. The secret can be passed on the command-line (with --secret) or entered interactively.

last updated on:
September 3rd, 2008, 14:39 GMT
license type:
GPL (GNU General Public License) 
developed by:
John Graham-Cumming
ROOT \ Security
Download Button

In a hurry? Add it to your Download Basket!

user rating



Rate it!

Add your review!