Keep your ports open - for yourself.
Port knocking: a stealthy system for network authentication across closed ports
Port Knocking has not been seen on TV
port knocking > about > port_forwarding

Port Knocking

Perl prototype: v0.30

  • pcaplib support added; daemon no longer requires firewall log file

2004-Nov-14 18:59 | ...more

new Net::Pcap support added to sniff packets directly ...more

Learn about firewalls and discover port knocking. Find out how to use port knocking to secure your servers with a Perl prototype or other implementations. Play with knocks in the knock lab. Contribute to the port knocking project. See what others are saying. Is port knocking a form of security through obscurity? Port knocking is definitely not any kind of ultimate solution and some think that it should be avoided altogther. The author doesn't think so and also has some other opinions.

Logos and Banners

Port Knocking (c) 2002,2003 Martin Krzywinski Port Knocking (c) 2002,2003 Martin Krzywinski

Port Knocking (c) 2002,2003 Martin Krzywinski

Port Knocking (c) 2002,2003 Martin Krzywinski

Port Knocking (c) 2002,2003 Martin Krzywinski

More images are available.

port forwarding

What's the difference between port forwarding and port knocking?

In a port forwarding scenario, a firewall passes all incoming connections for a particular port, or group of ports, to a host within the internal network look up network on look up network on FOLDOC . During this process the port value could be remapped. For example, you can configure your firewall so that all connections from external hosts made to port ssh/22 are forwarded to port ssh/22 of an internal host, thereby setting up a firewalled, internal SSH server. You could, for the sake of example, forward port telnet/23 to another internal host's port ssh/22 so that you can now select which host to connect to by the port number.

Before you rush off and reconfigure your firewal, understand the implications. By forwarding ports you are creating a hole in your firewall and you are are allowing packets to enter your internal network. Nevertheless, port forwarding is often useful if you want to

  • provide an external service from an internal firewalled host
  • provide multiple instances of a service from internal firewalled hosts for the purpose of load balancing.

Most routers provide port forwarding feature (screenshot of port forwarding on the LinkSys BEFSR81). Port triggering is another method to remap traffic.

last updated 2004-Apr-05 16:02
Port Knocking (c) 2002-2017 Martin Krzywinski