Stoppt die Vorratsdatenspeicherung! Jetzt klicken && handeln!Willst du auch bei der Aktion teilnehmen? Hier findest du alle relevanten Infos und Materialien:
deutsche Version
»webknocking«
knock different :)
15.02.2008

Webknocking is a coined word that is inspired by portknocking. (step down to get it)

Background:
In 2003 I read something about portknocking(10.05.2006) for the first time. But I encountered some problems:
  1. It' s possible to spy out the knocking sequence by sniffing the network
  2. It' s necessary to have a special knocking-client
  3. There is one new service on the server that creates an ongoing systemload
  4. ... and this has to be trustworthy
Facing these facts I decided not to use portknocking at this time.
However - the concept got me :) and so one year later I had an idea to solve some of those problems.

Basic Idea:
The basic idea is to use websites instead of ports. So one requirement is a webserver (apache) running on the server.
A sequence of websites (webknockingsequence) will be requested from the concerning server. The webserver is configurated to log every pagerequest (default setting on the apache). The last page of the sequence is fixed. The request of this page starts an analysis of the webservers logfile. Once the knockingsequence is found, a script will be started (to open port 22 for example).

The sniffing-problem:
As I said in the introduction it is possible to spy out the sequence by sniffing on the net. Webknocking cannot prevent this. To counteract this type of attack you need to use a dynamic knockingsequence.
There are two possible approaches:
  1. The complete sequence is dynamic and changes regulary (maybe after every usage) (In the best case the last, triggering page is also changed on webknocking)
  2. The sequence consists of two parts: a dynamic and a static one.
A completely dynamic sequence provides the best protection because the sniffer can' t detect any pattern. However there is a big disadvantage with this approach: the user has to know the current active sequence.
It' s easier to remember a partly static sequence. But on this approach the attacker can detect the pattern of the static part and realise that there is a knocker.
The dynamic Part can be implemented by a question-answer-game. Thereby the webserver sends a question after matching the sequence and waits for the correlating answer. Question and answer can be connected by an algorithm (e.g. "What is 6 times 7?") or by an individual context (e.g. "Where are you born?").


The Implementation:
There's currently an implementation based on php, that puts the second approach into practice. After sending the knockingsequence whithin a set time period, the script webknocking.php has to be called. The script searches now in the apache-logfile for the sequence inner the correlative time period. If the sequence is found, depending on the configuration the script either executes a shellscript (wk-s_open.sh) to open port 22 for the knocker, or it sends a question to the user, that has to be answered by calling "webknocking.php?value=<answer>". The time between sending the question to awaiting the answer can be set. It's also possible to let webknocking.php execute another shellscript on a second call (wk-s_close.sh), e.g. to close the port 22.
All the settings can be done by editing the file wk-config.php.

Download:
The webknocking-implementation can be downloaded here.

Installation:
The installation of webknocking is simple. After unpacking the archive, all files should be copied into one directory into a webpath, the script install.sh should be run and the configuration can be done. All the parameters in the wk-config.php-file are documentated by comments. On purpose the shellscripts (wk-s_close.sh and wk-s_open.sh) can be customised.

Future plans:
At the time I'm working on my diploma thesis, so I don' t have much time left for further development. But from time to time ... :)
The following things are planed: Suggestions are welcome.

[update] I stopped the development because I don't have enought time and interest - sorry. Feel free to extend it.


License: Webknocking is published under GPL.

Download: webknocking_v1.0.2.tar.gz

Requirements:
History:

Thanx to Christine Schmidt for correcting the english translation of this website.
The first version (german only) of this website can be found here.