Port knocking

from Wikipedia, the free encyclopedia

Port knocking is a method of securing servers or individual server services in TCP / IP networks, i.e. protecting them from unauthorized access. The name comes from Engl. “To knock” and “ Port ”. It is supposed to symbolize that you first “knock” in a previously agreed sequence before a port opens and you get access to a certain server service.

Communication on the desired port is initially completely blocked by a firewall . To open this port, you send several SYN packets with previously agreed content and in the correct chronological order to the server (the so-called "knock"). In the Transmission Control Protocol, the establishment of a connection is normally initiated with a SYN packet , but the firewall initially blocks these connection attempts and does not respond to the communication attempts, or it sends an RST packet and thus initially rejects the connection. However, a port knocking daemon listens, for example by evaluating the log file of the firewall, and opens the desired port in the firewall if the sequence and content of the SYN packets are correct.

The advantage of this procedure is that, without knowing the previously agreed sequence of SYN packets, it is not possible to determine from the outside whether a server service is listening on a port - a port scan cannot detect the service. Port knocking is therefore mainly used to hide access options for remote maintenance, for example SSH . Well implemented services for remote administration offer security against unauthorized access by encrypting the communication path and authentication , but there could be errors in the server software that could be used to gain control of the server even without authentication. The port knocking daemon itself can, however, also contain errors, which means that a previously secure server may only become vulnerable through the use of port knocking.

Encrypted hash values in the knock packet help against attackers who read the data traffic via packet sniffers . In principle, port knocking offers no protection against man-in-the-middle attacks . Services that are offered to the general public on the Internet, such as a web server , cannot be secured with port knocking either.


  • Roland Bless, Stefan Mink, Erik-Oliver Blaß, Michael Conrad, Hans-Joachim Hof, Kendy Kutzner, Marcus Schöller: Secure network communication . Springer Verlag, Berlin / Heidelberg 2005, ISBN 3-540-21845-9 .
  • Leonard Barolli, Fatos Xhafa, Kangbin Yim (eds.): Advances on Broad-Band Wireless Computing, Communication and Applications. Springer International Publishing, New York 2017, ISBN 978-3-319-49105-9 .
  • Joachim Biskup, Javier López: Computer Security - ESORICS 2007. Springer Verlag, Berlin / Heidelberg 2007, ISBN 978-3-540-74834-2 .

Web links