Fwknop in BackTrack 5 Repository
Just a quick update to say that fwknop (Single Packet Authorization tool) has made it into the BackTrack 5 repository. Although it’s not installed by default, it’s a few keystrokes away, and can be installed by typing the following into the terminal:
apt-get install fwknop-client
apt-get install fwknop-server (if you want to use the server on your BackTrack install)
Note that it’s still version 1.9.12 of the Perl implementation, as the the C++ port (v 2.0) is still in the Release Candidate stage. Those of you who have been meaning to experiment with Single Packet Authorization and have already downloaded BT5, now’s a good time to install fwknop and give it a try! When installing fwknop-server it brings up an ultra-simple config screen that allows you to set up your initial passphrase.
After installing fwknop-server, you need to configure your default-drop firewall. This will vary depending on your setup, but in most cases it’s best to start with a closed firewall, and then open the ports you need. The bash script below is a good baseline iptables default-drop ruleset:
#!/bin/sh
IPTABLES=/sbin/iptables
$IPTABLES -F
$IPTABLES -F -t nat
$IPTABLES -X
$IPTABLES -A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -m state –state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A INPUT -j LOG –log-prefix “DROP ”
$IPTABLES -A INPUT -j DROP
$IPTABLES -A FORWARD -j LOG –log-prefix “DROP ”
$IPTABLES -A FORWARD -j DROP
exit
Be careful if you’re configuring a server over SSH, as this will probably get you locked out. Always test locally if you can and make sure fwknop works before applying your default-drop firewall.