Silent, multi-layer security for your organization.
Port knocking: a stealthy system for network authentication across closed ports
Port Knocking has not been seen on TV

Firewall Primer

Perl prototype: v0.30

  • pcaplib support added; daemon no longer requires firewall log file

2004-Nov-14 18:59 | ...more

new Net::Pcap support added to sniff packets directly ...more

This section introduces the idea of communication ports and firewalls at a very introductory level. If you are familiar with TCP/IP and firewalls, you can skip past this section and go straight to the details of the port knocking implementation. This introduction is not a technical document and is targetted at a non-technical audience or novices computer users and administrators.

ports

When two networked computers communicate with one another (i.e., send data to each other in a mutually agreed upon manner) they do so using one of several different protocols look up protocol on webopedia.com look up protocol on FOLDOC . A protocol, much like that in human communication, is composed of a precise and specific definition of how communication should start, continue and end. Network protocols include TCP/IP look up TCP/IP on webopedia.com look up TCP/IP on FOLDOC (Transmission Control Protocol/Internet Protocol), UDP look up UDP on webopedia.com look up UDP on FOLDOC (User Datagram Protocol) and ICMP look up ICMP on webopedia.com look up ICMP on FOLDOC (Internet Control Message Protocol).

Each protocol is designed for applications with specific requirements. For example, when two computers communicate using UDP, the computer that receives the data does not acknowledge receipt, whereas when TCP/IP is used the sender can ascertain whether the transmission has been received. This makes UDP more suitable for broadcast-type communication where less overhead is of benefit. On the other hand, TCP was designed to be robust and to maximize the likelihood of successful transmission.

Communication takes place between a port look up port on webopedia.com look up port on FOLDOC on one computer and another port on another computer. There are 65,536 available ports. Conventionally, the full range of ports is divided functionally into three groups which will be described shortly. A socket look up socket on webopedia.com look up socket on FOLDOC is a combination of a particular IP address and a port. For example, I can create a socket on my computer at a particular port (e.g., composed of my IP address and port ssh/22) and wait for you to create your socket to connect to my socket. This is how communication starts: using a client socket on your computer you connect to my server socket.

A port is numbered and, if associated with an application agreed upon by IANA or other conventions, associated with an application protocol look up application protocol on webopedia.com look up application protocol on FOLDOC . An application protocol is a well-defined way for a server and client components of an application to communicate towards a mutual goal. For example, the communication between a mail server and a mail client is very different than the communication between a web server and a web browser. Mail clients need to know how to read a message, delete a message, download more mail headers, etc and communicate using the POP look up POP on webopedia.com look up POP on FOLDOC or IMAP look up IMAP on webopedia.com look up IMAP on FOLDOC protocols. Web clients need to know how to fetch web pages, process web page contents, upload form data, etc, and speak the HTTP look up HTTP on webopedia.com look up HTTP on FOLDOC protocol. Typically a given client application is designed to communicate with a particular class of server applictions using a single protocol.

last updated 2010-Oct-17 10:17
Port Knocking (c) 2002-2017 Martin Krzywinski