Friday, July 1, 2016

Forcing SaltStack to "knock harder"

I really like the "knocking harder" technique I developed.  I haven't seen it mentioned in any other places, and it effectively gives the protected service a smart layer of obscurity with minimal effort and complexity.

I also like SaltStack as a remote configuration and management tool.  It connects over two ports, and I was looking for a way to use my technique on this service.  Salt uses ports 4505 and 4506, where 4506 is first to connect and has several short-lived connections as well as a long-lasting session, and 4505 has a single long-lasting session.

I wanted to protect the first connection by requiring multiple SYN packets (a "hard knock"), but then allow connections to both ports with no delay as long as there's continuous traffic and sessions between them.  To that end, I've come up with the following patch to ufw's after.rules file.

Labels: , , , ,

1 Comments:

Blogger Pete said...

As of 2019.2.0, port 4505 appears to be the first port to attempt to connect. Swapping 4505 and 4506 in the above patch (or eliminating the RETURN line entirely) works like a charm.

September 20, 2019 at 7:55 AM  

Post a Comment

Subscribe to Post Comments [Atom]

<< Home