linux – What is Port Knocking?

Question:

From what I understand it's about sending a sequence of requests to a server in order to unlock a port.

It would then be possible through a browser to activate the port for ssh, for example:

Accessing servidor.com:80 then servidor:81 and then servidor:82 unlocked port 9999 (ssh) for example?

I found the concept interesting, but I had never heard of it. Is it used a lot? Are there similar alternatives?

Answer:

What is Port Knocking?
Port Knocking is known as the act of visiting / knocking / sending data on specific ports, thus allowing another port to be opened after the correct port sequence has been visited.

Is it used a lot?
No, as the Port Knocking service introduces several problems to the system that would not otherwise exist, ultimately causing more disadvantages than advantages. Among the worst problems, I will mention the SPOF (Single point of failure) , which is a problem since most services are made to not have this type of failure, the problem of Security by obscurantism that leads the false belief that if the attacker does not know what he is attacking he will have more difficulties (Note: Although some disagree, I believe it is a form of obscurantism), it is easily reproducible if there is a "Man in the Middle" attack and depending on the mode of implementation it is equivalent to a plaintext password .

Alternatives to Port Knocking
The main alternative similar to port knocking is Shimmer , always keeping 16 ports online where only one provides what you really want, all the others provide access to a "fake" service. These 16 ports change every minute, so an attacker would have to guess which port is the right one and manage to penetrate it before the ports change again. For greater synchronism security, the minute before and next to the current one is also considered, so there are 48 ports – with only 3 providing the correct service.

The best alternative to port knocking is a simple 2-factor authentication, which provides a real alternative to the problem that is being tested and used by many tech giants.

Deepening Links
http://bsdly.blogspot.com.br/2012/04/why-not-use-port-knocking.html
https://en.wikipedia.org/wiki/Port_knocking
https://wiki.archlinux.org/index.php/Port_knocking
https://security.stackexchange.com/questions/1194/port-knocking-is-it-a-good-idea

Scroll to Top