- Port knock sequence verification using the Windows firewall log
- Option to create firewall allow rule for the connecting IP on a specified port
Port Knock Verifier can check the firewall log against predefined connection sequence. Matching is done on both port and the associated firewall action taken. An event is created in the Windows application log on successful port knock verification. If specified a port can be allowed in the firewall for the connecting IP that successfully performed the port knock.
Port_Knock_Verifier.exe [ports] [firewall action] [rule name] [time] [source IP] [allowed port]
Comma separated value of ports that identify the knock. These will be listed in the order of the knock sequence.
Comma separated value of firewall actions that identify the knock. These will be listed in the order of the knock sequence and are the action taken by the firewall on the associated ports passed in the first parameter.
Text that will be used in the Windows event log notification from a successful knock verification. Also used if an allowed port is specified in the parameter as the firewall rule name.
The number of time to look back in the Windows firewall log for a knock sequence match.
An optional parameter specifying the IP address that should match the source IP address performing the port knock sequence.
An optional parameter that creates a firewall entry to allow the connecting ip on the port specified.
- Tested on Windows XP, Windows
IP address correlation requires the Windows firewall be enabled and set to log successful and dropped connections
V 1.0 - First public released version.
Special thanks to the following people for allowing the use of their code:
Microsoft, Windows XP, Windows Vista, Windows 7 are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. Other Trademarks are the properties of their respective owners.