Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

knockd sometimes fails to close a door #14

Open
cramhead opened this issue Nov 13, 2014 · 2 comments
Open

knockd sometimes fails to close a door #14

cramhead opened this issue Nov 13, 2014 · 2 comments
Labels
needs-info

Comments

@cramhead
Copy link

Thanks for making such a great package.

Since installing knockd I have some messages odd messages showing up in my logs and I was hoping you might have some insight.

knockd:  90.221.146.158: openSSH: Stage 1
knockd:  24.86.218.141: openSSH: Stage 1
knockd:  79.179.107.54: openSSH: Stage 1
knockd:  115.239.248.56: openSSH: Stage 1
knockd:  115.239.248.56: openSSH: sequence timeout knockd:  99.109.92.21: openSSH: Stage 1
knockd:  99.109.92.21: openSSH: sequence timeout (knockd:  24.86.218.141: openSSH: Stage 1
knockd:  24.86.218.141: openSSH: Stage 1
knockd:  24.86.218.141: openSSH: sequence timeout (knockd:  203.177.21.205: openSSH: Stage 1

When I'm not connected via the network and list my iptables I have;

-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -j DROP

When I knock the port opens correctly.
When I unknock the port usually closes, but sometimes not. If I manually call run the iptables delete command it always works.
I have noticed that calling knock multiple times keeps inserting the same input rule even though it exists, but that the unknock doesn't always remove it.

My knock.conf

[options]
  UseSyslog
[openSSH]
  sequence    = theSequence
  seq_timeout = 5
  tcpflags    = syn
  command     = /sbin/iptables -I INPUT 1 -s %IP% -p tcp --dport 525 -j ACCEPT

[closeSSH]
 sequence    = theSequence
 seq_timeout = 5
 command     = /sbin/iptables -D INPUT -s %IP% -p tcp --dport 525 -j ACCEPT
 tcpflags    = syn
@jvinet
Copy link
Owner

jvinet commented Dec 22, 2014

Okay, sounds like two separate things.

  1. The log messages you're seeing suggest that these are random one-off port hits to your server, possibly from port scans. The scanning machine hits the first port of your sequence (probably b/c it's scanning the entire 65536 port range), sees no reaction from your machine, and moves on. This is normal, and doesn't indicate any foul play... unless you consider a port scan to be foul play.

  2. I can't verify a bug where knockd fails to close a door. Can you post a log excerpt (with debug/verbose enabled) showing a case where it doesn't correctly close the door?

@jvinet jvinet changed the title Question: knockd sometimes fails to close a door Dec 22, 2014
@ghost
Copy link

ghost commented Oct 27, 2016
edited by ghost
Loading

had same issue change time-out to 15 sec, and its working

krayon pushed a commit to krayon/knockd that referenced this issue Mar 11, 2020
@airwoflgh
Merge pull request jvinet#14 from airwoflgh/master
f0017f0 
Issue jvinet#38 fix
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
needs-info
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jvinet @cramhead