Michael Rash, Security Researcher

Software Release - fwknop-0.9.0

The 0.9.0 release of fwknop is ready for download. Here is an excerpt from the ChangeLog:
  • Added new authorization mode that uses Net::Pcap to read packets out of a file that is written to by the ulogd pcap writer (also stubbed in code to sniff packets directly off the wire). This authorization mode only requires single packets, and has many characteristics that are better than simple port knocking, including being non-replayable, and much more data can be sent. This mode is now the default for both the server and the client.
  • Made the execution of knopmd optional depending on whether AUTH_MODE is a pcap mode (e.g. ULOG_PCAP or PCAP).
  • Added --Spoof-src argument so that encrypted packets can be spoofed via /usr/sbin/knopspoof.
  • Added /usr/sbin/knoptm so that firewall rules can be timed-out when the server is running in PCAP mode even if new packets don't appear on the wire.
  • Updated fwknop man page to talk about the new pcap-based authorization mode.