Computer Knowledge - Port Knocking

Search this site or the Internet.

Hot Topics

Please see the CKnow Home Page for a list of current hot topics.

Hot Utilities

Utilities that may help you...

Registry Booster [more]
Free registry scan.
SpeedUpMyPC [more]
Auto maximize performance.
Registry Mechanic [more]
Registry clean, repair & optimize.
Spyware Doctor [more]
Three-way spyware protection.
Associate This [more]
A file extension manager.
TrID [more]
Identify hundreds of file types!
Free Tech Magazines [more]
No charge. No catch. No kidding.

Notes

DewaHost offers premium Web hosting service starting from $8.95/month and a high speed file hosting service - FileBurst!

CKnow does NOT spam.
E-mail is easily forged.

Port Knocking

Remember that secret code you had to get into the childhood clubhouse (e.g., two knocks a pause, then three more)? Don't you wish you had the same sort of code to allow others to attach to ports on your computer in order to keep unwanted visitors out? Well, with port knocking, you can have that security back.

In its most basic form, port knocking means that a user must connect to one or more of the 64,000 or so available ports before being allowed to connect to the port the user needs to connect to. As an example, an authorized user of port 22 (the SSH service) would first have to connect to perhaps ports 3400, 16,252, and 23,456 first (and in order) before being allowed to connect to port 22 on a system.

This sort of connection protocol, even its simplest form, will foil random connection attempts and most all determined attempts if some other simple strictures are placed on the connection attempt. Also, it's nice that port knocking is independent of the platform used, the service needed, or the application in question.

The simplest implementations can work by monitoring the firewall log and when a correct knocking sequence is seen in the log by the same IP address then the firewall is instructed to open the real port in question to that IP address only. More complex systems might call for byte sequences in the first connection attempt, some sort of hash value, or other complex encryption scheme as part of the port knocking sequence.

One nice thing about port knocking is that the user attempting to connect gets absolutely zero feedback about the process. If the process fails, then the probing user gets no information other than it failed. No information packets are sent back to the user at any time. This limits a hacker's ability to slowly break the system down step by step as the hacker has no idea what the actual steps are.

An eavesdropping attack could potentially find the right port knocking sequence but one could put more sophisticated authentication methods on the other side of the port just in case.

It's something of a shame that more systems have not used this technique. It's fairly easy to implement and has few downside risks. Indeed, the "bad guys" have already programmed such techniques into some rootkit malware in order to have more controlled access to their malware that might be installed on your computer!

More Information

Last Changed: Monday, March 20, 2006
Navigation: Computer Knowledge Home :: Terms :: P :: Port Knocking