airwoflgh
commented
8 years ago Are you running a service on port 80 as well and have TCP flags configured as part of the sequence?
Open cramhead opened 8 years ago
airwoflgh
commented
8 years ago Are you running a service on port 80 as well and have TCP flags configured as part of the sequence?
cramhead
commented
8 years ago Yes. I did. When I removed port 80 the issue was resolved.
airwoflgh
commented
8 years ago What was your configuration out of interest (particularly interested in the tcpflags setting)?
Am relatively new to the codebase so might be wrong, but I have spotted something interesting that might cause this. In the sniff function, there's a check to see if the TCP flags match on the first port and if they don't skip over them:
if(!flags_match(door, ip, tcp)) {
continue;
}My guess is if you happen to be using the service at the same time as the knock with different TCP flags, it would invalidate the knock sequence at that time.
I see a way of mitigating this would be to send known encoded information in the IP packet using something like IND-CCA possibly so knockd can determine between a knock request and other usage of the service running on the knock port.
cramhead
commented
8 years ago In this case all the port requests were made using tcp.
airwoflgh
commented
8 years ago Have added this to the TODO file and have slated it for a 0.9 release.
Question: I'm not sure what the problem exactly is, but when I used port 80 as part of the knock sequence it would often fail. I switched another port and it seemed to work correctly. Is this expected?