kopkop is a daemon that listens for encrypted, signed, and fully random-looking command packets. Only the fields essential for the packets' travel trough the Internet are filled with sane data. Upon reception and after a preset timeout, the daemon executes user-defined commands. This can be used to open firewalls, so you can reduce your system's attack surface by hiding certain services until you need to use them. The included kopkop client creates and sends the encrypted packets. The communication is strictly unidirectional and quite minimal between the client and the server. Replay attacks are forestalled by storing and comparing monotonically increasing packet IDs on both sides.
dcfac1165b23dfff98417a486588a9fe4e6a5350d7f7750d46435db08b4b95ed