Port Knocking with Cerberus

Since I have received a bunch of emails this morning for a copy of my presentation I did last night on my 'Cerberus' ICMP port knocker, I have decided to just put it online and be done with it. You can get it here.

If you weren't at the LUG meeting last night, many of the slides won't make a lot of sense. Five years ago I wrote a ICMP listening daemon that would look for specially crafted packets. When a pattern within the icmp type 8 packet (ping) was found, a simple but effective auth lookup can be performed and then action can be taken based on authorized rights for the requesting party.

I have used this technique for years. It allows me to send a single ping anywhere in the world and have machines execute code without having to actually log in. I use this to open up firewall ports dynamically (kinda like what traditional port knockers do), run Nessus and nmap scans against targets while in the field and even use it to establish point to point VPN with FreeSwan. It has been very beneficial to be on a client site, and be able to use my WAP enabled phone to connect to a page with a perl backend with Net::RawIP, enter in an IP of the clients outside port and have a complete scan report sent to his email while sitting in a meeting.

Now adays port knockers have the potential of doing a lot more (remember I wrote this 5 years ago) so this is pretty much boring to most of you. But Cerberus has served me well. And I decided to finally talk about it at the user group meeting last night. And you are welcome to take away anything you can from the presentation if you like.