Tech&Science

Technical stuff

Open Sesamy: Port-knocking using just one port

Port knocking is a mechanism to provide additional security to firewalling. Port knocking is normally used in firewalls. A target port needed for a particular service (e.g. SecureShell, SSH) is normally closed and the service is unreachable. Only by ‘knocking’ on a number of ports in a particular order opens the target port. Knocking means: sending a TCP or UDP packet to the port. Though the knock ports are closed and won’t respond, the firewall notices the knocks. To the outside world the firewall appears totally closed. Portscans fail. Only when the proper sequence of ports is knocked the target port opens and the service is reachable for a few seconds. During this time-span the service can be reached.

There are a large number of port knock implementation. See for an overview: portknocking.orgOpen Sesamy differs from other mechanism because only one port for knocking is needed. It may even be the target port. It is implemented using Linux iptables. This is another difference: most port knocking algorithms are implemented as scripts scrutenising the log files. Using iptables the packet filtering is exploited as present in the Linux kernel or modules.