Port knocking is a very easy and simple way to secure your network
services. There are many ways to use port knocking: using a series of
UDP packes towards different ports with some content, or just sending a
series of SYN packets on different ports.
These methods usually requires a program to do the task.
Ping, however, is usually available from any device.
We now want to open for SSH in to our Mikrotik by pinging the WAN adresse with a packet size of 5000 :
Type in your favorite number / code + 28
i.e: my favorite number is 5000, but because of some overhead we have to add 28 to the number
5000 + 28 = 5028
Then you have to add you src address to an address list:
Now make a new rule:
Add the src address list :
Testing:
Perfect!
http://www.datapels.com/?p=162
These methods usually requires a program to do the task.
Ping, however, is usually available from any device.
We now want to open for SSH in to our Mikrotik by pinging the WAN adresse with a packet size of 5000 :
Type in your favorite number / code + 28
i.e: my favorite number is 5000, but because of some overhead we have to add 28 to the number
5000 + 28 = 5028
Then you have to add you src address to an address list:
Now make a new rule:
Add the src address list :
Testing:
Perfect!
http://www.datapels.com/?p=162
