Evan Martin (evan) wrote in evan_tech,
Evan Martin

hax0rs / knock

Today Matt, annoyed at our latent connection, was looking at a tcpdump and shouted down the hall, "Are you on IRC?"
I looked at his screen and pointed out those packets were coming from his computer. Whoops. Turns out he'd forwarded a port through the NAT to his desktop, his desktop had had a "test" account from way back, and some IRC kids from Italy (?) had figured this out. Double whoops. At least the DoS mystery is solved.

I stuck my Ruby NAT-PMP library into version control to check in simple program for ssh "knocking". The idea is that you send a UDP packet to a special port to get the real ssh forwarded port open. So now there are no "open" ports, in that you don't get any response to your UDP "knock". It's easy to imagine more complicated variations on this (like sending a pre-password "open sesame" bit in the UDP packet so that an attacker couldn't just spray UDP at the machine and then port-scan TCP), but that's expecting a lot out of people.

Does anyone know how to get netcat to send a UDP packet and quit? The "-z" option sends two for some reason, while "echo foo | nc ..." has to be ctl-C'd to quit.
Tags: project

  • socks5 proxying flash via ssh

    Suppose you're in Germany and want to watch some Flash-based videos that are IP-limited to the US for whatever reason. At first you'd think you could…

  • your vcs sucks

    I've been hacking on some Haskell stuff lately that's all managed in darcs and it's reminded me of an observation I made over two years ago now (see…

  • ghc llvm

    I read this thesis on an LLVM backend for GHC, primarily because I was curious to learn more about GHC internals. The thesis serves well as an…

  • Post a new comment


    default userpic
    When you submit the form an invisible reCAPTCHA check will be performed.
    You must follow the Privacy Policy and Google Terms of use.