Projects / ipt_pkd

ipt_pkd

ipt_pkd is an iptables extension implementing port knock detection with SPA (single packet authorization). This project provides 3 parts: the kernel module ipt_pkd, the iptables user space module libipt_pkd.so, and a user space client knock program. For the knock packet, it uses a UDP packet sent to a random port that contains a SHA-256 of a timestamp, small header, random bytes, and a shared key. ipt_pkd checks the time window of the packet and does the SHA-256 to verify the packet. The shared key is never sent.

Tags
Licenses
Operating Systems
Implementation

RSS Recent releases

  •  16 Feb 2014 16:37

Release Notes: This release fixes a bug in knock.py when sending a knock to a site not in the configuration file or when the configuration file doesn't exist.

  •  11 Feb 2014 23:52

Release Notes: Updated to work with iptables 1.4.21 and Linux kernels up to 3.10. The procfs entry was turned off in kernels >= 3.7; for older kernels, it is now /proc/ipt_pkd/stats. knock.py was switched to be a loadable module that can be imported into other Python scripts.

  •  22 Jan 2012 02:22

Release Notes: This release has been updated for Linux 3.x, and tested with Linux 3.2 and iptables 1.4.12.2

  •  16 Jun 2011 21:07

Release Notes: Support for iptables 1.4.10, 1.4.11, and 1.4.11.1. Support for kernels through 2.6.39.

  •  21 Sep 2010 22:24

Release Notes: This release adds support for iptables 1.4.9 and Linux kernel 2.6.35.

Screenshot

Project Spotlight

Quenlig

An online interactive tutorial and free text assesments.

Screenshot

Project Spotlight

JSON-delta

A diff/patch library for JSON-serialized data structures.