Fwknop in BackTrack 5 Repository

Just a quick update to say that fwknop (Single Packet Authorization tool) has made it into the BackTrack 5 repository. Although it’s not installed by default, it’s a few keystrokes away, and can be installed by typing the following into the terminal:

apt-get install fwknop-client

apt-get install fwknop-server (if you want to use the server on your BackTrack install)

Note that it’s still version 1.9.12 of the Perl implementation, as the the C++ port (v 2.0) is still in the Release Candidate stage. Those of you who have been meaning to experiment with Single Packet Authorization and have already downloaded BT5, now’s a good time to install fwknop and give it a try! When installing fwknop-server it brings up an ultra-simple config screen that allows you to set up your initial passphrase.

After installing fwknop-server, you need to configure your default-drop firewall. This will vary depending on your setup, but in most cases it’s best to start with a closed firewall, and then open the ports you need. The bash script below is a good baseline iptables default-drop ruleset:

#!/bin/sh

IPTABLES=/sbin/iptables

$IPTABLES -F

$IPTABLES -F -t nat

$IPTABLES -X

$IPTABLES -A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT

$IPTABLES -A FORWARD -m state –state ESTABLISHED,RELATED -j ACCEPT

$IPTABLES -A INPUT -j LOG –log-prefix “DROP ”

$IPTABLES -A INPUT -j DROP

$IPTABLES -A FORWARD -j LOG –log-prefix “DROP ”

$IPTABLES -A FORWARD -j DROP

exit

Be careful if you’re configuring a server over SSH, as this will probably get you locked out. Always test locally if you can and make sure fwknop works before applying your default-drop firewall.