An advanced port-knocking server. Hopefully an improvement over knockd.
Warning: This project is still in early development and not usable at this moment.
Port knocking in the past has mostly been an additional layer of security through obscurity. With knockpwd the knocking sequence is different everytime and generated by the server. This way a passive attacker on the network cannot just replay the knocking sequence.
Just one more additional step is required. The knocking sequence is first requested from the server. The sequence retrieved from the server is encrypted with AES-CBC. Due to this the server and the client need to have a shared key.
This project is completely written in python. For development nix is used for dependency management.
Additionally if you also install direnv you can just clone this repository and allow the .envrc which automatically fetches all dependencies once you change into the project directoy.
nosetests is used for testing. Run the tests like this:
% nosetests