MikroTik PORT KNOCKING GENERATOR

ICMP + PACKET SIZE METHOD

mikrotik_script.rsc

###############################################################
# Mikrotik Port Knocking Generator with Icmp + Packet Size
# Date/Time: 
# Created By: Mua.lat - Ported to React
###############################################################

/ip firewall filter
add action=add-src-to-address-list address-list="port-knocking-first" \
    address-list-timeout="00:00:00" chain=input packet-size="100" \
    protocol=icmp comment="Port Knocking Generator"

add action=add-src-to-address-list address-list="port-knocking-second" \
    address-list-timeout="00:00:00" chain=input packet-size="200" \
    protocol=icmp src-address-list="port-knocking-first"

add action=accept chain=input dst-port="21,22,23" \
    protocol=tcp src-address-list="port-knocking-second"

add action=drop chain=input dst-port="21,22,23" \
    protocol=tcp src-address-list="!port-knocking-second"

Client Automation

Download a batch script to automate the knocking process from any Windows machine.

Download .BAT Client

Manual Commands

Windows (CMD)

ping -l 72 [Router_IP] 
ping -l 172 [Router_IP]

Linux / MacOS

ping -s 72 [Router_IP] 
ping -s 172 [Router_IP]