Cisco Port knocking
With the aplet manager its is possible to implement a kind of port knocking, to enable with a special crafted
packet a port telnet or ssh, or here in this example enable or disable ICMP
Step one is, to create 2 access-list's One with the open ports and a neraly same one with the closed ports.
!
! enable ICMP
!
ip access-list extended ICMPON
permit udp host 2.2.2.2 host 192.168.1.1 eq 65500 log
permit icmp any any
permit ip any any
!
! disbale ICMP
!
ip access-list extended ICMPOFF
permit udp host 1.1.1.1 host 192.168.1.1 eq 65500 log
deny icmp any any
permit ip any any
!
!
Next step is to applay on of the access-list to the interface
interface FastEthernet0
ip address 192.168.1.1 255.255.255.0
ip access-group ICMPOFF in
!
and now its time to create 2 event manager applets, to swap the access-list.
!
event manager applet ICMP_ON
event syslog pattern "%SEC-6-IPACCESSLOGP: list ICMPOFF permitted udp 1.1.1.1*"
action 1.0 syslog msg "ICMP Turned ON"
action 2.0 cli command "enable"
action 2.1 cli command "configure terminal"
action 2.2 cli command "interface fastethernet 0"
action 2.3 cli command "ip access-group ICMPON in"
action 2.4 cli command "exit"
!
event manager applet ICMP_OFF
event syslog pattern "%SEC-6-IPACCESSLOGP: list ICMPON permitted udp 2.2.2.2*"
action 1.0 syslog msg "ICMP Turned OFF"
action 2.0 cli command "enable"
action 2.1 cli command "configure terminal"
action 2.2 cli command "interface fastethernet 0"
action 2.3 cli command "ip access-group ICMPOFF in"
action 2.4 cli command "exit"
!
Now you can enable or disable ICMp with sending crafted packets
Enable ICMP
hping3 -2 -a 1.1.1.1 192.168.1.1 -p 65500 -c 1
Disable ICMP
hping3 -2 -a 2.2.2.2 192.168.1.1 -p 65500 -c 1
This is Only a easy sample, its possible to create different and more complex rules to execute any kind of commands.