Port knocking

Thursday 26 February 2004

Port Knocking is a clever technique to secure a machine. No ports are open, but failures on ports are monitored for a specific sequence of port attempts. If the correct ports are attempted in the correct sequence, then a port is opened, and the external machine can get in. The technique adds a meta-level to normal security measures, and turns failures into interesting information.

Comments

[gravatar]
Brian Cantoni 10:41 PM on 27 Feb 2004

That's a clever solution. My ISP uses something similar called "POP-before-SMTP" authentication for the outgoing SMTP mail server. If you try to simply connect to the SMTP server, it will fail. But, if you check a valid POP account, you'll be authenticated to SMTP as well for a time period of 90 minutes or so.

[gravatar]
Bob 12:02 PM on 28 Feb 2004

"POP before SMTP" is a common tactic for ISPs to avoid having their SMTP servers act as open relays. Another approach is just to use SMTP AUTH and require the client to authenticate (usually with the same account password used for POP).

Add a comment:

Ignore this:
Leave this empty:
Name is required. Either email or web are required. Email won't be displayed and I won't spam you. Your web site won't be indexed by search engines.
Don't put anything here:
Leave this empty:
URLs auto-link and some tags are allowed: <a><b><i><p><br><pre>.