Lately, I have been doing some research on how to best implement port knocking using iptables. During my research, I came across a pretty interesting critique against the effectiveness of port knocking. It is certainly not stealth but, in my opinion, it is a nice tool to have in your firewall arsenal.

All of the port knocking iptables recipes I came across used different chains for each knocking phase. As far as I could tell, this is the only way to accomplish port knocking if you want to use more than one knock before opening up the destination port. However, if you find one knock sufficient, I wrote up an alternative recipe that does not create new chains and just relies on the ipt_recent module. It is certainly a trade-off between security and simplicity but still effective.

Got to thinking that port-scanning detection–and subsequent blocking–would be a nice firewall feature to implement.

I decided to use some of the low common service ports that go unused on my server as honeypots. Connections to these ports would trigger a temporary block of incoming traffic from the remote IP address.

I documented the iptables recipe in my wiki.

In my opinion this is a very effective solution to blocking port scanning. I am surprised I have not seen it recommended by anyone else.

Now that I am done with school and I have completed work on some money-earning projects, I am switching my focus to my pending personal projects:

• Changing server hardware – Something less power hungry than what I have now. More details later.
• Upgrading Fedora – Since I am changing hardware, taking the opportunity to upgrade Fedora. FC13 release is only a week away.
• A Django project – Still not sure what exactly I will do but I want something that takes advantage of the newly released 1.2.
• Network security – Research new (or new to me…) tools to enhance the security of my network.
• Studying new subjects – Things like SELinux and a refresh on iptables are on the table.

I plan on using this blog and the wiki to document throughout these next few months. Very excited/amped about this.