How Port Knocking Maker - Mikrotik Script RouterOS

How Port Knocking Maker - Mikrotik Script
In computer networking, port knocking is a method of externally opening ports on a firewall by generating a connection attempt on a set of prespecified closed ports. Once a correct sequence of connection attempts is received, the firewall rules are dynamically modified to allow the host which sent the connection attempts to connect over specific port(s). A variant called single packet authorization (SPA) exists, where only a single "knock" is needed, consisting of an encrypted packet.

The primary purpose of port knocking is to prevent an attacker from scanning a system for potentially exploitable services by doing a port scan, because unless the attacker sends the correct knock sequence, the protected ports will appear closed

###########################################################
# Mikrotik Port Knocking Generator with Icmp + Packet Size
# Date/Time: 2/14/2021, 12:14:10 PM
# https://fb.me/buananet.pbun
###########################################################

/ip firewall filter
add action=add-src-to-address-list address-list="port-knocking-first" address-list-timeout="00:00:00" chain=input packet-size="100" protocol=icmp comment="Port Knocking By BNT
add action=add-src-to-address-list address-list="port-knocking-second" address-list-timeout="00:00:00" chain=input packet-size="200" protocol=icmp src-address-list="port-knocking-first"
add action=accept chain=input dst-port="8291,21,22,23,80,443" protocol=tcp src-address-list="port-knocking-second"
add action=drop chain=input dst-port="8291,21,22,23,80,443" protocol=tcp src-address-list="!port-knocking-second"

Copy-Paste Firewall Script into the Terminal!

Unique Packet Size For Key Knocking: 72 and 172

Example Manually Open Key Ping in CMD Windows:
First Key Knock -> ping -l 72 (IP Adrress)
Second Key Knock -> ping -l 172 (IP Adrress)

Example Manually Open Key Ping in Terminal Linux or MacOS:
First Key Knock -> ping -s 72 (IP Adrress)
Second Key Knock -> ping -s 172 (IP Adrress)

Or you can use Port Knocking Maker or Port Knock Generator
<- Back To Home