Keep your ports open - for yourself.
Port knocking: a stealthy system for network authentication across closed ports
Port Knocking has not been seen on TV
port knocking > about > requirements

Port Knocking

Perl prototype: v0.30

  • pcaplib support added; daemon no longer requires firewall log file

2004-Nov-14 18:59 | ...more

new Net::Pcap support added to sniff packets directly ...more

Learn about firewalls and discover port knocking. Find out how to use port knocking to secure your servers with a Perl prototype or other implementations. Play with knocks in the knock lab. Contribute to the port knocking project. See what others are saying. Is port knocking a form of security through obscurity? The author doesn't think so and also has some other opinions.

Logos and Banners

Port Knocking (c) 2002,2003 Martin Krzywinski Port Knocking (c) 2002,2003 Martin Krzywinski

Port Knocking (c) 2002,2003 Martin Krzywinski

Port Knocking (c) 2002,2003 Martin Krzywinski

Port Knocking (c) 2002,2003 Martin Krzywinski

More images are available.

requirements

To simply implement port knocking on your system you will need a packet-filtering look up packet on webopedia.com look up packet on FOLDOC firewall which

  • is capable of logging connection attempts to closed ports,
  • allows you to monitor the log file in real time (or can send its log file to a remote syslog server), and
  • whose rules can be dynamically modified.

Any *NIX look up unix on webopedia.com look up unix on FOLDOC host running IPCHAINS/IPTABLES is suitable. If you have a hardware firewall, you'll have to get to know the firewall to determine whether the three points above are covered. The Perl prototype accepts knocks and firewall log files of any format.

Using port knocking requires a small overhead for each connection. Each connecting user will have to use a client to send the knock sequence.

.
last updated 2004-Apr-05 16:23
Port Knocking (c) 2002-2010 Martin Krzywinski