How to make your server invisible?

admin YouTube Leave a Comment

If you have your own Linux server, you might have noticed continuous SSH (Secure Shell) brute-force authentication attacks, and continuous port scanning. It is possible to prevent this using either OpenVPN or knockd.

What is invisible server?

For the server to be invisible it must appear as an unused IP address. It means that server should not respond to any requests.

There are solutions, such as fail2ban. It will temporarily block IP address that has failed to log in to SSH multiple times. However, they know that your server is still online, and they will keep trying to gain access.

Solution #1: Port-knock server (knockd)

To access server, you need to first knock specific ports in a correct sequence. Knocking is done by simply sending a packet to each port. If ports are knocked in a correct sequence, firewall grants your IP address access to server. The disadvantage with this method is that it is easy for the attacker to sniff the port sequence. You can read more about port knocking and how to configure it, for example, here:

Solution #2: OpenVPN with HMAC authentication (tls-auth)

It uses a pre-shared key, which is known to both client and server, just like in the port knocking solution. When client wants to connect to server, it first prepares a request packet. Then, a request packet and pre-shared key are combined, and a hash is calculated. The request is then sent to server together with the calculated hash. When server receives the request and hash, it then makes the same hash calculations as client did. Server then compares if received and calculated hashes are the same. If the hashes are same, the server will respond to client, and a communication will begin. If the hashes are different, the server will not respond to the client, which makes the server to be essentially invisible. You can read more about this at the official OpenVPN page:

// Check out other posts

5 1 vote
Article Rating
Notify of
Inline Feedbacks
View all comments