11

It seems "It's me" is the most popular port knocking client for windows…

Except… it sucks. It works for console-savvy users such as me, but, unsurprisingly, all my users (3 people) hate console windows. I know better than to force it upon them.

I would love to have a nice port knocker for Windows that would be windowed, have launchers, and be easily provisionable (i.e. I tell my user to paste some settings or import some file by double clicking it). To be honest, just not being console-based would be enough.

Edit: Please stop trying to convince me not to use port knocking. You're trying to solve a different problem than the problem port knocking solves. Whether port knocking is a good solution or not is irrelevant to this question.

John Gardeniers
  • 27,262
  • 12
  • 53
  • 108
Ekevoo
  • 444
  • 2
  • 6
  • 15
  • Is scripting IM with a .bat file an option? A console window would pop up (presumably with some nice, user-friendly and -assuring messages), sure, but then go away with no actual interaction necessary. Or do you need a solution where your users can select which ports to knock on? – Kromey Apr 07 '11 at 00:34
  • Port knocking, at it's best is merely security by obscurity and at it's worst, adds significant complexity to something that does not need to be complex. What services are you trying to protect using port knocking? – EEAA Apr 07 '11 at 01:29
  • 1
    @ErikA: Not necessarily limited to "by obscurity". [knockknock](http://www.thoughtcrime.org/software/knockknock/) uses strong encryption to authenticate the requests. – user1686 Apr 07 '11 at 05:23
  • @grawity - I'm sure it does. Like I said, though, it's just adding unnecessary complexity. Just use strong (read: certificate or PKI) authentication on whatever service you're protecting. – EEAA Apr 07 '11 at 13:56
  • 2
    @ErikA: I already do. The failed attempts still pollute my logs and use up resources in other ways. Security through obscurity is insufficient, but it isn't unnecessary. – Ekevoo Apr 07 '11 at 19:44
  • In the end I only changed the default port from the default 22 to a non-standard one. Some services such as svn+ssh are a pain, but at least I got some obscurity. I repeat: obscurity is insufficient, yes, but not unnecessary. – Ekevoo Mar 30 '12 at 19:58
  • ErikA is right, fixing your logs is a better idea. – gparent Apr 24 '12 at 17:12
  • @gparent Neither of you know whether fixing logs is a better idea or not in my scenario. Enough with the off-topic comments already! – Ekevoo Nov 23 '12 at 03:25
  • Well, there is an answer, perhaps you should comment on why its not acceptable. – SpacemanSpiff Nov 23 '12 at 04:21
  • @Ekevoo We're answering based on the information we have, so if it's not enough, give more. There's already an answer and you didn't even comment on it. – gparent Nov 27 '12 at 19:48
  • 1
    This is a question about clients, not servers. Changing the server is out of scope of this question by definition. That's all there is to this. – Ekevoo Nov 29 '12 at 21:14
  • 1
    Trying to change the OP's environment is usually never a solution. In any case - I just want to add that there is no silver bullet to security. With that said - the client that was linked below was written with MFC (ugh) I think I will take it upon myself to write such an application in a more modern language. – Natalie Adams Mar 01 '13 at 03:54

2 Answers2

4

You could use KnockKnock. It has a simple GUI to add the ports that you want to knock.

dzil123
  • 3
  • 2
Stelios Joseph Karras
  • 181
  • 8
  • https://i.stack.imgur.com/n4xC8.png - this tool is buggy. My port numbers are corrupted between sessions :-( additionally you have to use an IP address. Hostnames (FQDN) not allowed. – Lord Loh. May 05 '17 at 20:06
  • It seems it doesn't support TCP/UDP selection, though it comes with source files. – Faither Apr 26 '22 at 03:30
4

You should try this one: Windows Port Knocking Application.

It really suits well to my implementation of port knocking on my server! It has a simple GUI with basic options.

feral_fenrir
  • 141
  • 2
  • Good find! I did not know Sowell had put one together! @Ekevoo if you are still looking try this on (and accept the answer!) GUI based, FQDN resolutions, source available and Greg Sowell is a known and Mikrotik consultant with a known and reputable website. Trying it now for myself, I think this will fit your needs. – JoelAZ Aug 03 '18 at 18:02
  • Unfortunately, the software currently supports up to 4 knocks (per one list item?), has timeout hardcoded, and may crash in certain circumstances (e.g. select "Description" in the list, press "Add/Update", press "Delete"). – Faither Apr 26 '22 at 03:40