This article is from a FAQ concerning SCO operating systems. While some of the information may be applicable to any OS, or any Unix or Linux OS, it may be specific to SCO Xenix, Open Desktop or Openserver.

There is lots of Linux, Mac OS X and general Unix info elsewhere on this site: Search this site is the best way to find anything.

TCP/IP and NFS FAQ

What is "port knocking"?

Port knocking is a security technique to allow access to people who know the "secret knock". The basic idea is this: packets addressed to certain ports are silently ignored but are logged. If you contact the right series of ports in the right sequence, possibly with the additional condition of holding the ports open for a certain period of time, the firewall rules will be adjusted to allow you access.

The interesting things about this technique include the fact that you can obviously transmit information with the pattern or duration of the "knocks". That means that you could request that some other ip be allowed access, or just request that certain information be sent to you. Another interesting aspect is that because the packets are silently dropped, there's no way to scan a host and determine that it is using a port knocking technique. Even if you knew that it was using such a technique, but didn't know the algorithm, any brute force attempt would be effectively impossible.

A critique of port knocking: http://www.linux.com/articles/37888

Macworld Mac Security Superguide $9.99

Jump to Comments

Many of the products and books I review are things I purchased for my own use. Some were given to me specifically for the purpose of reviewing them. I resell or can earn commissions from the sale of some of these items. Links within these pages may be affiliate links that pay me for referring you to them. That's mostly insignificant amounts of money; whenever it is not I have made my relationship plain. I also may own stock in companies mentioned here. If you have any question, please do feel free to contact me.

Specific links that take you to pages that allow you to purchase the item I reviewed are very likely to pay me a commission. Many of the books I review were given to me by the publishers specifically for the purpose of writing a review. These gifts and referral fees do not affect my opinions; I often give bad reviews anyway.

We use Google third-party advertising companies to serve ads when you visit our website. These companies may use information (not including your name, address, email address, or telephone number) about your visits to this and other websites in order to provide advertisements about goods and services of interest to you. If you would like more information about this practice and to know your choices about not having this information used by these companies, click here.