Open cramhead opened 8 years ago
Are you running a service on port 80 as well and have TCP flags configured as part of the sequence?
Yes. I did. When I removed port 80 the issue was resolved.
What was your configuration out of interest (particularly interested in the tcpflags setting)?
Am relatively new to the codebase so might be wrong, but I have spotted something interesting that might cause this. In the sniff function, there's a check to see if the TCP flags match on the first port and if they don't skip over them:
if(!flags_match(door, ip, tcp)) {
continue;
}
My guess is if you happen to be using the service at the same time as the knock with different TCP flags, it would invalidate the knock sequence at that time.
I see a way of mitigating this would be to send known encoded information in the IP packet using something like IND-CCA possibly so knockd can determine between a knock request and other usage of the service running on the knock port.
In this case all the port requests were made using tcp.
Have added this to the TODO file and have slated it for a 0.9 release.
Question: I'm not sure what the problem exactly is, but when I used port 80 as part of the knock sequence it would often fail. I switched another port and it seemed to work correctly. Is this expected?