Helping you keep sensitive data accessible and protected.
Port knocking: a stealthy system for network authentication across closed ports
Port Knocking has not been seen on TV
port knocking > primer > limitations

Firewall Primer

Perl prototype: v0.30

  • pcaplib support added; daemon no longer requires firewall log file

2004-Nov-14 18:59 | ...more

new Net::Pcap support added to sniff packets directly ...more

This section introduces the idea of communication ports and firewalls at a very introductory level. If you are familiar with TCP/IP and firewalls, you can skip past this section and go straight to the details of the port knocking implementation. This introduction is not a technical document and is targetted at a non-technical audience or novices computer users and administrators.


If the bad guys are smart - they often are - it will be just a matter of time before one of them either physically moves to an unfiltered computer, or breaks into an unfiltered computer and uses it as a trampoline for a lunge at your system. Take a look at Figure 7. There's a red hat at an unfiltered computer - oh oh.

Additionally, inconveniences arise when trusted users physically travel to filtered locations. If your firewall is very tightly configured, you may be blocking all but a few IPs for certain ports (e.g. telnet/23 or ssh/22). Users who frequently travel may require you to expend significant effort to keep the firewall rules current to track their location. In some cases, it may not be possible to know ahead of the which IP range these users are travelling to, or communicate the information once it is known.

Port Knocking (c) 2002-2019 Martin Krzywinski
Figure 7 | A security risk: an untrusted user (red hat) breaks into an unfiltered network, gaining ability to connect to your system. An inconvenience: a trusted user (green hat) physically travels to a location which is filtered by your firewall and can no longer connect.
last updated 2004-Apr-05 16:58
Port Knocking (c) 2002-2019 Martin Krzywinski