Port knocking is a relatively recent development in computer authentication.

Typically the security of a server is increased (beyond simple user authentication) by not allowing connections to certain ports or from certain IP addresses. The disadvantage of this approach is that the open ports may still be vulnerable to intrusion, while legitimate users may be denied access from certain locations. Port knocking attempts to solve these problems.

Imagine the following scenario: a server sits idle with no ports open; a user attempts connections to specific ports in sequence, say 101, 109, 103 (the secret "knock" if you will); these attempts are refused and logged; a daemon process monitoring the log starts a server process listening on another port, say port 22/ssh, available only to the authenticated IP address. The user is then able to connect to the server as per usual.

Other implementations allow for specific sequences to be mapped to server actions:

  • closing a port,
  • opening a user-specified port,
  • instructing the server to ignore future knocks from the current IP address, or
  • specifying a session time after which to close the port

Log in or register to write something here or to contact authors.