Skip to main content
Welcome guest. | Register | Login | Post

Port-knocking

Some of you might have heard about port-knocking already, and some of you might even already know what it is.
For those of you who don't know what it is I'd like to answer the obvious question "what is port-knocking" right away.

Port-knocking is a method to communicate through "closed" ports. I say "closed" because the ports are only closed to those who don't know the "magic word", which is a sequence of ports that has to be contacted in the right order so that the desired port (for example SSH) gets opened for the knocking client.

For this it is necessary that the client can keep track about who's knocking on it's door. Previous solutions mostly used logging and a daemon that analyzes the logs for this. Since I have recently been playing around with the IPTables-module Recent I thought it should be possible to use it for port-knocking. A quick test showed I was right about this, and a quick sea