Linux Firewalls - Michael Rash [134]
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 65535 bytes
02:21:46.652478 IP 192.168.10.3.30401 > 192.168.10.1.5005: UDP, length 0
0x0000: 4510 001c 0000 4000 4011 a56c c0a8 0a03 E.....@.@..l....
0x0010: c0a8 0a01 76c1 138d 0008 deed 0000 0000 ....v...........
0x0020: 0000 0000 0000 0000 0000 0000 0000 ..............
Encrypted Port-Knocking Sequences
Port-knocking sequences can be encrypted with a symmetric cipher, such as the Rijndael cipher chosen for the US Advanced Encryption Standard by the National Institutes of Standards and Technology (NIST). This introduces a strong cryptographic layer to port-knocking sequences at the slight expense of the obligatory associated key management.
It is advantageous to encode as much information as possible into an encrypted port-knocking sequence in order to shield it from prying eyes. At a minimum, the source IP address that should be allowed access through the packet filter, along with the protocol and port number, should all be encoded within the encrypted payload, and should note the following:
An IP address is a 32-bit unsigned integer, which can be represented as four 8-bit values—for example, 187.23.1.4.
An IP number is a single 8-bit value—for example, 1 (ICMP), 6 (TCP), or 17 (UDP).
A port number is a 16-bit unsigned short integer, which can be represented as two 8-bit values—for example, 6000 = (0x17 << 8) | 0x70.
To represent the IP address, protocol, and port number in order, we need seven bytes of information. If we want the port-knocking server to grant access to TCP port 22 for the IP address 207.44.10.34, we need to encrypt the bytes 6, 22, 207, 44, 10, and 34, or 0x06, 0x16, 0xcf, 0x2c, 0x10, and 0x22.
Because the Rijndael cipher has a minimum block size of 16 bytes, we have to fill the remaining nine bytes. Let's use eight bytes for a username and one byte as a kind of minimal checksum value. For the username, I will use my mbr username, or its equivalent in hex bytes: 0x6d, 0x62, 0x72 (padded with five zeros for our needs).
Finally, we calculate the checksum as the sum of all values mod 256:
(0x06 + 0x16 + 0xcf + 0x2c + 0x10 + 0x22 + 0x6d + 0x62 + 0x72) % 256 = 0x96
Hence, our unencrypted port-knocking sequence looks like this:
0x06 (TCP)
0x00 (Port 22 upper bits)
0x16 (Port 22 lower bits)
0xcf (207)
0x2c (44)
0x10 (10)
0x22 (34)
0x6d (m)
0x62 (b)
0x72 (r)
0x00 (repeated five times)
0x96
Now, we don't want to send one of our port-knocking packets to TCP port 22 or any other well-known port, because these ports are most likely already servicing traffic, and it would place an undue burden on the port-knocking server to have to include such traffic in its calculations. Because each byte within the knock sequence can be represented as a single byte of information (0 through 255), we'll designate the port range from 64400 to 64650 as the range of ports for the knocking sequence. That is, we'll add 64,400 to each of the port values in the encrypted sequence. Our final sequence is generated with the following Perl program, which uses the Rijndael cipher and the encryption key knockingtest:
$ cat enc_knock.pl
#!/usr/bin/perl -w
use Crypt::CBC;
use strict;
my @clearvals = (0x06, 0x00, 0x16, 0xcf, 0x2c, 0x10, 0x22, 0x6d,
0x62, 0x72, 0x00, 0x00, 0x00, 0x00, 0x00, 0x96);
my $key = 'knockingtest';
$key .= '0' while length $key < 32;
my $cipher = Crypt::CBC->new({
'key' => $key,
'cipher' => 'Rijndael',
'header' => 'none',
'iv' => 'testinitvectorab',
'literal_key' => 1,
});
my $cleartext = '';
$cleartext .= chr($_) for @clearvals;
my $ciphertext = $cipher->encrypt($cleartext);
my @arr = split //, $ciphertext;
print 64400 + ord($_), ',' for @arr;
print "\n";
exit 0;
$ ./enc_knock.pl
64591,64613,64641,64614,64434,64436,64514,64620,64498,64401,64482,64631,64565,64440,
64482,64643,64624,64561,64471,64462,64426,64493,64413,64476,64423,64484,64457,64567,
64623,64548,64599,64495
Listing 12-2: A sample encrypted