Fwknop - Unmarried Bundle Say-So & Port Knocking
fwknop implements an authorisation scheme known every bit Single Packet Authorization (SPA) for strong service concealment. SPA requires only a unmarried bundle which is encrypted, non-replayable, as well as authenticated via an HMAC inwards gild to communicate desired access to a service that is hidden behind a firewall inwards a default-drop filtering stance. The principal application of SPA is to utilisation a firewall to drib all attempts to connect to services such every bit SSH inwards gild to brand the exploitation of vulnerabilities (both 0-day as well as unpatched code) to a greater extent than difficult. Because at that topographic point are no opened upwards ports, whatever service that is concealed past times SPA naturally cannot endure scanned for amongst Nmap. The fwknop projection supports 4 unlike firewalls: iptables, firewalld, PF, as well as ipfw across Linux, OpenBSD, FreeBSD, as well as Mac OS X. There is every bit good back upwards for custom scripts so that fwknop tin endure made to back upwards other infrastructure such every bit ipset or nftables.
SPA is essentially side past times side generation Port Knocking (PK), but solves many of the limitations exhibited past times PK land retaining its center benefits. PK limitations include a full general difficulty inwards protecting against replay attacks, asymmetric ciphers as well as HMAC schemes are non unremarkably possible to reliably support, as well as it is trivially slowly to mountain a DoS assault against a PK server but past times spoofing an additional bundle into a PK sequence every bit it traverses the network (thereby convincing the PK server that the customer doesn't know the proper sequence). All of these shortcomings are solved past times SPA. At the same time, SPA hides services behind a default-drop firewall policy, acquires SPA information passively (usually via libpcap or other means), as well as implements criterion cryptographic operations for SPA bundle authentication as well as encryption/decryption.
SPA packets generated past times fwknop leverage HMAC for authenticated encryption inwards the encrypt-then-authenticate model. Although the usage of an HMAC is currently optional (enabled via the
--use-hmac
command line switch), it is highly recommended for 3 reasons:- Without an HMAC, cryptographically strong authentication is non possible amongst fwknop unless GnuPG is used, but fifty-fifty so an HMAC should yet endure applied.
- An HMAC applied after encryption protects against cryptanalytic CBC-mode padding oracle attacks such every bit the Vaudenay assault as well as related trickery (like the to a greater extent than recent "Lucky 13" assault against SSL).
- The code required past times the fwknopd daemon to verify an HMAC is much to a greater extent than simplistic than the code required to decrypt an SPA packet, so an SPA bundle without a proper HMAC isn't fifty-fifty sent through the decryption routines.
The in conclusion argue inwards a higher house is why an HMAC should yet endure used fifty-fifty when SPA packets are encrypted amongst GnuPG due to the fact that SPA information is non sent through libgpgme functions unless the HMAC checks out first. GnuPG as well as libgpgme are relatively complex bodies of code, as well as hence limiting the might of a potential assailant to interact amongst this code through an HMAC functioning helps to keep a stronger safety stance. Generating an HMAC for SPA communications requires a dedicated fundamental inwards add-on to the normal encryption key, as well as both tin endure generated amongst the
--key-gen
option. fwknop encrypts SPA packets either amongst the Rijndael block nada or via GnuPG as well as associated asymmetric cipher. If the symmetric encryption method is chosen, so every bit usual the encryption fundamental is shared betwixt the customer as well as server (see the
/etc/fwknop/access.conf
file for details). The actual encryption fundamental used for Rijndael encryption is generated via the criterion PBKDF1 fundamental derivation algorithm, as well as CBC manner is set. If the GnuPG method is chosen, so the encryption keys are derived from GnuPG fundamental rings.Use Cases
People who utilisation Single Packet Authorization (SPA) or its security-challenged cousin Port Knocking (PK) unremarkably access SSHD running on the same organization where the SPA/PK software is deployed. That is, a firewall running on a host has a default-drop policy against all incoming SSH connections so that SSHD cannot endure scanned, but a SPA daemon reconfigures the firewall to temporarily grant access to a passively authenticated SPA client:
"Basic SPA usage to access SSHD"
fwknop supports the above, but every bit good goes much farther as well as makes robust usage of NAT (for iptables/firewalld firewalls). After all, important firewalls are unremarkably gateways betwixt networks every bit opposed to but existence deployed on standalone hosts. NAT is commonly used on such firewalls (at to the lowest degree for IPv4 communications) to furnish Internet access to internal networks that are on RFC 1918 address space, as well as every bit good to allow external hosts access to services hosted on internal systems.
Because fwknop integrates amongst NAT, SPA tin endure leveraged to access internal services through the firewall past times users on the external Internet. Although this has enough of applications on modern traditional networks, it every bit good allows fwknop to back upwards cloud computing environments such every bit Amazon's AWS:
"SPA usage on Amazon AWS cloud environments"
User Interface
The official cross-platform fwknop customer user interface fwknop-gui (download, github) is developed past times Jonathan Bennett. Most major client-side SPA modes are supported including NAT requests, HMAC as well as Rijndael keys (GnuPG is non yet supported), fwknoprc stanza saving, as well as more. Currently fwknop-gui runs on Linux, Mac OS X, as well as Windows - hither is a screenshot from OS X:
"fwknop-gui on Mac OS X" Similarly, an updated Android client is available every bit well.
Tutorial
Influenza A virus subtype H5N1 comprehensive tutorial on fwknop tin endure found here:
http://www.cipherdyne.org/fwknop/docs/fwknop-tutorial.html
Features
The next is a consummate listing of features supported past times the fwknop project:
- Implements Single Packet Authorization closed to iptables as well as firewalld firewalls on Linux, ipfw firewalls on *BSD as well as Mac OS X, as well as PF on OpenBSD.
- The fwknop customer runs on Linux, Mac OS X, *BSD, as well as Windows nether Cygwin. In addition, at that topographic point is an Android app to generate SPA packets.
- Supports both Rijndael as well as GnuPG methods for the encryption/decryption of SPA packets.
- Supports HMAC authenticated encryption for both Rijndael as well as GnuPG. The gild of functioning is encrypt-then-authenticate to avoid diverse cryptanalytic problems.
- Replay attacks are detected as well as thwarted past times SHA-256 digest comparing of valid incoming SPA packets. Other digest algorithms are every bit good supported, but SHA-256 is the default.
- SPA packets are passively sniffed from the wire via libpcap. The fwknopd server tin every bit good larn bundle information from a file that is written to past times a split Ethernet sniffer (such every bit amongst
tcpdump -w
), from the iptables ULOG pcap writer, or straight via a UDP socket inwards--udp-server
mode. - For iptables firewalls, ACCEPT rules added past times fwknop are added as well as deleted (after a configurable timeout) from custom iptables chains so that fwknop does non interfere amongst whatever existing iptables policy that may already endure loaded on the system.
- Supports inbound NAT connections for authenticated SPA communications (iptables firewalls only for now). This agency fwknop tin endure configured to create DNAT rules so that yous tin accomplish a service (such every bit SSH) running on an internal organization on an RFC 1918 IP address from the opened upwards Internet. SNAT rules are every bit good supported which essentially turns fwknopd into a SPA-authenticating gateway to access the Internet from an internal network.
- Multiple users are supported past times the fwknop server, as well as each user tin endure assigned their ain symmetric or asymmetric encryption fundamental via the /etc/fwknop/access.conf file.
- Automatic resolution of external IP address via https://www.cipherdyne.org/cgi-bin/myip (this is useful when the fwknop customer is run from behind a NAT device). Because the external IP address is encrypted inside each SPA bundle inwards this mode, Man-in-the-Middle (MITM) attacks where an inline device intercepts an SPA bundle as well as only forwards it from a unlike IP inwards an effort to gain access are thwarted.
- Port randomization is supported for the finish port of SPA packets every bit good every bit the port over which the follow-on connexion is made via the iptables NAT capabilities. The after applies to forwarded connections to internal services as well as to access granted to local sockets on the organization running fwknopd.
- Integration amongst Tor (as described inwards this DefCon 14 presentation). Note that because Tor uses TCP for transport, sending SPA packets through the Tor network requires that each SPA bundle is sent over an established TCP connection, so technically this breaks the "single" facial expression of "Single Packet Authorization". However, Tor provides anonymity benefits that tin outweigh this consideration inwards some deployments.
- Implements a versioned protocol for SPA communications, so it is slowly to extend the protocol to offering novel SPA message types as well as keep backwards compatibility amongst older fwknop clients at the same time.
- Supports the execution of musical rhythm out commands on behalf of valid SPA packets.
- The fwknop server tin endure configured to house multiple restrictions on inbound SPA packets beyond those enforced past times encryption keys as well as replay assault detection. Namely, bundle age, source IP address, remote user, access to requested ports, as well as more.
- Bundled amongst fwknop is a comprehensive examination suite that issues a serial of tests designed to verify that both the customer as well as server pieces of fwknop piece of employment properly. These tests involve sniffing SPA packets over the local loopback interface, edifice temporary firewall rules that are checked for the appropriate access based on the testing config, as well as parsing output from both the fwknop customer as well as fwknopd server for expected markers for each test. Test suite output tin easily endure anonymized for communication to 3rd parties for analysis.
- fwknop was the showtime programme to integrate port knocking amongst passive OS fingerprinting. However, Single Packet Authorization offers many safety benefits beyond port knocking, so the port knocking manner of functioning is by as well as large deprecated.
Building fwknop
This distribution uses GNU autoconf for setting upwards the build. Please meet the
INSTALL
file for the full general basics on using autoconf.There are some "configure" options that are specific to fwknop. They are (extracted from ./configure --help):
--disable-client Do non construct the fwknop customer component. The default is to construct the client. --disable-server Do non construct the fwknop server component. The default is to construct the server. --with-gpgme back upwards for gpg encryption using libgpgme [default=check] --with-gpgme-prefix=PFX prefix where GPGME is installed (optional) --with-gpg=/path/to/gpg Specify path to the gpg executable that gpgme volition utilisation [default=check path] --with-firewalld=/path/to/firewalld Specify path to the firewalld executable [default=check path] --with-iptables=/path/to/iptables Specify path to the iptables executable [default=check path] --with-ipfw=/path/to/ipfw Specify path to the ipfw executable [default=check path] --with-pf=/path/to/pfctl Specify path to the pf executable [default=check path] --with-ipf=/path/to/ipf Specify path to the ipf executable [default=check path] Examples: ./configure --disable-client --with-firewalld=/bin/firewall-cmd ./configure --disable-client --with-iptables=/sbin/iptables --with-firewalld=no