port knocking


Also found in: Wikipedia.

port knocking

A security method that is used to authenticate a valid user and open a TCP/IP port to accept incoming packets. Firewalls accept or deny packets before any user authentication is performed. As a result, an attacker can gain entrance through the firewall. With port knocking, a "secret" authentication sequence is required in order to gain access in the first place.

Log the Failures
A port knocking connection is made by executing a series of connection attempts to specific port numbers that are always kept closed. The failed attempts are logged at the firewall, and a separate application monitors the failures. When the monitor finds a sequence of failed attempts that matches the secret port sequence; for example: 103, 103, 100, 101, 103 (the "secret knock"), it opens the port and accepts the packets. See TCP/IP port and port filtering.
References in periodicals archive ?
But if you are unable to install a VPN server, then you should at least try the port knocking method which will open the port 222 for a certain number of seconds only if another port or sequence of ports will be knocked before.
Instead, you can do this with simply using iptables rules, which has got a very useful module called "recent", which allows you to create simple - yet effective - port knocking sequences, as in the following example:
Symantec also expects to see instances of port knocking, a method attackers may use to create direct connections to potential target systems.