PortKnock Lite 1.0Category: Utilities
Price: Free (iTunes)
Description:This is a very simple port knocker for the iPhone. You must have a port knock daemon running on your server for this application to be useful.
Port Knocking is a technique to secure services behind a firewall until a specific knock sequence is given. Once that sequence is given, the IP address that initiated the knock may be allowed to access the service for a short period of time. The services remain secure, not only by being inaccessible, but typically the server will provide no feedback whatsoever when a correct knock sequence has been found. Because of this, it is impossible for the knock client (like this one) to know whether the server it's sending the packets to is in fact online or not.
A knock sequence is typically only a few TCP or UDP packets. To use the screenshot as an example, the remote server 1.2.3.4 has an ssh server running protected with a knock server. Our knock sequence to unlock the ssh service is then 4 TCP packets. Each packet is destined in turn to the following ports: 1234, 5678, 9876, and finally 55321. When the remote knock server detects this sequence of packets in that exact order, it will then allow me to connect to the ssh server. For security purposes, the server will typically not send any feedback that this has occurred. This makes it much more difficult for someone to guess your knock sequence, let alone the services you may have available hidden behind it.
Note that the port knocker simply sends the sequence to the remote server. You will still need your own client software (be it ssh, vpn, web, or whatever) to access the service on the remote server once the knock is sent.
This app is ideal if you're on a WiFi network but don't have a port knocker on the available computers. If you're sitting behind a NAT, the iPhone/iPod Touch will have the same IP as any of the other computers on your network.
This is also great to use with TouchTerm or any other ssh or telnet software for the iPhone.
Just give it the hostname and a list of ports, and whether you want it to send TCP or UDP packets.
If you're in need of a knock server, Judd Vinet's knock daemon for linux is quite easy to use: http://www.zeroflux.org/cgi-bin/cvstrac.cgi/knock/wiki
More informaton about port knocking can be found on Wikipedia:
http://en.wikipedia.org/wiki/Port_knocking
PortKnock Lite
更多...
