Portknocking
Port knocking is a method to secure server or single server services in TCP / IP networks, that is, to protect against unauthorized access. The name comes from engl. " To knock " ( knock ) and " port " ( port). He is said to symbolize that one first in a sequence previously agreed " knocks " before a port opens up, giving access to a particular server service.
Communication on the desired port is initially completely blocked by a firewall. To open this port, it sends multiple SYN packets with previously agreed content and in the correct temporal sequence to the server ( the so-called " knock "). With a SYN packet of the connection is normally initiated in the Transmission Control Protocol, but the firewall is blocking this first connection attempts and does not respond to the communication attempt, or it sends a RST packet, and thus, the connection from the first. However, a port knocking daemon listens with, for example, by evaluating the log file of the firewall, and opens when the correct sequence and content of SYN packets with the specific port in the firewall.
The advantage of this method is that you can not tell without knowing the pre-agreed sequence of SYN packets from the outside whether a server service is listening on a port - a port scan can not discover the service. Is used Port Knocking therefore especially to, for example, to hide SSH access for remote maintenance. Well -implemented services for remote administration offer even though already by encryption of the communication path and authentication security against unauthorized access, but it may exist errors in the server software, about which one could gain control over the server without authentication. However, the port knocking daemon itself may also contain errors, whereby a previously secure server may be vulnerable only through the use of port knocking.
Against attackers who read along traffic by packet sniffer, help keyed hashes in Knock package. In man-in- the-middle attacks port knocking provides in principle no protection. Services offered to the general public on the Internet, such as a Web server, you can not protect with port knocking also.