防止 netcat 中的 TCP SYN 重试(用于端口敲击) [英] Preventing TCP SYN retry in netcat (for port knocking)

问题描述

我正在尝试为简单的端口敲击设置编写 linux 客户端脚本.我的服务器配置了 iptables，需要特定端口的 TCP SYN 序列才能打开访问.我可以使用 telnet 或手动调用 netcat(运行命令后立即按 Ctrl-C)成功敲门，但无法构建自动敲门脚本.

I'm trying to write the linux client script for a simple port knocking setup. My server has iptables configured to require a certain sequence of TCP SYN's to certain ports for opening up access. I'm able to successfully knock using telnet or manually invoking netcat (Ctrl-C right after running the command), but failing to build an automated knock script.

我对自动端口敲门脚本的尝试仅由nc -w 1 x.x.x.x 1234"命令组成，这些命令连接到 x.x.x.x 端口 1234 并在一秒后超时.然而，问题似乎是内核(?)执行自动 SYN 重试.大多数情况下，在 nc 尝试连​​接的 1 秒内发送了不止一个 SYN.我已经用 tcpdump 检查过了.

My attempt at an automated port knocking script consists simply of "nc -w 1 x.x.x.x 1234" commands, which connect to x.x.x.x port 1234 and timeout after one second. The problem, however, seems to be the kernel(?) doing automated SYN retries. Most of the time more than one SYN is being send during the 1 second nc tries to connect. I've checked this with tcpdump.

那么，有谁知道如何防止 SYN 重试并使 netcat 每次连接/敲门尝试仅发送一个 SYN?也欢迎使用其他解决方案.

So, does anyone know how to prevent the SYN retries and make netcat simply send only one SYN per connection/knock attempt? Other solutions which do the job are also welcome.

推荐答案

是的，我确认你也可以使用 nc！:

Yeah, I checked that you may use nc too!:

$ nc -z example.net 1000 2000 3000; ssh example.net

魔法来自(-z:零 I/O 模式)...

The magic comes from (-z: zero-I/O mode)...

这篇关于防止 netcat 中的 TCP SYN 重试(用于端口敲击)的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！