PINGKNOCK

This program is used for taking actions on special ICMP echo requests.

Introduction

This program was developed for the following reasons:
  1. Sometimes you need to do an action on a remote computer, but the firewall is blocking of any remote access. The only thing which goes through is... ping.
  2. You need a service or something else triggered on a remote machine, but you do not have a computer with you, only access to a Linux box with very few of the usual tools.

If one of the two reasons is true for you, then this program has its use for you.

It can be used to change firewall rules etc. Or it can run specific commands on specific ICMP echo requests. In the file test_pingknock.py an example of this usage is given.

Usage

This program uses SWIG to generate an interface of the code to an interpreted language. As a default a shared library is generated for python. The usage is explained with a small example (Python):

  #! /usb/bin/env python
  import pingknock
  from pingknock import cvar
  #set the global variables
  #set up an own iptables chain and jump into it
  cvar.com_init="""iptables -N ICMPKNOCK
  iptables -I INPUT -j ICMPKNOCK"""
  #When the program ends, clear the jump into the ICMPKNOCK chain
  #then flush the chain and remove it afterwards
  cvar.com_fini="""iptables -D INPUT -j ICMPKNOCK
  iptables -F ICMPKNOCK
  iptables -X ICMPKNOCK"""
  #If a valid IP address is found open the ssh tcp-port for it
  cvar.com_insert="""iptables -I ICMPKNOCK -s $SRC -p tcp --dport ssh -j ACCEPT"""
  #On removal close this port again
  cvar.com_delete="""iptables -D ICMPKNOCK -s $SRC -p tcp --dport ssh -j ACCEPT"""
  #The keyentries is a STL list type mapped onto python (via SWIG).
  #Therefore we have to append the keys manually from the python list.
  keyentries=pingknock.keylist()
  k=pingknock.key_entry(pingknock.KT_KeyStatic,"\x61\x19\x1f\xf5\x2c\x27\xfc\xd6\x58\xe3\x20\x26\x95\x70\xe8\x97")
  keyentries.push_back(k)
  #Now call the actual python main function
  pingknock.main_function(keyentries)

First of all some global variables are set (the cvar namespace is used by SWIG, see also globals.hh). On initialisation iptables is used to generate a new table and a jump command to this newly generated table is inserted in the input chain. To this chain new entries will be added. The default command adds a rule into the ICMPKNOCK chain which accepts ssh connection from $SRC which is the IP address which send the correct code.

Please remember that in the current setup somebody could highjack your static key and send it from his IP address.

Environment variables set before executing commands

The following environment variables are set prior to executing the commands

References

I have been inspired by the source of icmpinfo.

There is also a program which can react on udp/tcp and icmp portknocking: fwknop(?).

TODO


Generated on Thu Aug 17 21:12:17 2006 for pingknock by  doxygen 1.4.6