Just security.
Port knocking: a stealthy system for network authentication across closed ports
Port Knocking has not been seen on TV
port knocking > about > features

Port Knocking

Perl prototype: v0.30

  • pcaplib support added; daemon no longer requires firewall log file

2004-Nov-14 18:59 | ...more

new Net::Pcap support added to sniff packets directly ...more

Learn about firewalls and discover port knocking. Find out how to use port knocking to secure your servers with a Perl prototype or other implementations. Play with knocks in the knock lab. Contribute to the port knocking project. See what others are saying. Is port knocking a form of security through obscurity? Port knocking is definitely not any kind of ultimate solution and some think that it should be avoided altogther. The author doesn't think so and also has some other opinions.

Logos and Banners

Port Knocking (c) 2002,2003 Martin Krzywinski Port Knocking (c) 2002,2003 Martin Krzywinski

Port Knocking (c) 2002,2003 Martin Krzywinski

Port Knocking (c) 2002,2003 Martin Krzywinski

Port Knocking (c) 2002,2003 Martin Krzywinski

More images are available.

features

Port knocking is summarized in this list of features, which can be seen as advantages.

  • firewall-based method for user authentication
  • establish connections to hosts with no open ports through subversive use of closed ports
  • seal off your network hosts and prevent remote profiling
  • impossible to determine whether port knocking is implemented
  • detection by sniffers both difficult and loud
  • encrypted sequences for increased security
  • one time encryption pads provide maximum possible protection
  • benefits from access control provided by firewall and IDS systems

Any implementation of port knocking targetted at production systems with a large number of connection attempts needs to consider

  • misordered/missing ports in a knock sequence caused by network latency
  • detection and interpretation of simultaneous knock sequences
  • impact on system and network load

A simple implementation of port knocking is available. It is coded as a proof-of-concept and has not been optimized for heavy use. On the other hand, I've been using it at home and it's very functional for a system with a handful of users.

last updated 2005-Jan-04 13:17
Port Knocking (c) 2002-2017 Martin Krzywinski