Port Knocking is a technique to secure services behind a firewall until a specific knock sequence is given. Once that sequence is given, the IP address that initiated the knock may be allowed to access the service for a short period of time. A knocking server listens to all traffic on an Ethernet (or PPP) interface, looking for special "knock" sequences of port-hits. A client makes these port-hits by sending a TCP (or UDP) packet to a port on the server.

This is a bit paranoid, but it add another layer of security, an attacker will have either to try all ports combinations or know the secret combination (knock) to be able to connect to your SSH daemon for example.

First, you’ll have to be sure to have a port knocking client, or you will be kick out forever of your own server!

Define the secret knocking sequence

I will take the default sequence of knockd as an example

  1. 2222:udp
  2. 3333:tcp
  3. 4444:udp
  4. .. but you can add more port and not follow any pattern like above.

Install a Knocking server on OpenSuSE

As root of course

# zypper se knockd

Change the configuration file

# vi /etc/knockd.conf 

Below is the default content


        sequence      = 2222:udp,3333:tcp,4444:udp
        seq_timeout   = 15
        tcpflags      = syn,ack
        start_command = /usr/sbin/iptables -I INPUT 1 -s %IP% -p tcp --dport ssh -j ACCEPT
        cmd_timeout   = 10
        stop_command  = /usr/sbin/iptables -D INPUT -s %IP% -p tcp --dport ssh -j ACCEPT

Which is quite readable:

  • A wrong knock expire after 15 seconds
  • A successful knock, open for 10 seconds the firewall. The daemon will open a hole for the knocking %IP% source on port 22 (ssh), plenty of time for you to connect!
  • start_command add an IPTABLE rule in the firewall to allow the connection while
  • stop_command  close the connection

Starting the daemon

Check first if there is not any conflicting ssh rules

# iptables -L | grep ssh

Start the server

# rcknockd start

and monitor the logs file

# tail -f /var/log/knockd.log

You can now install a knock client..

Install a knocking client under windows

I’ll use the command line client, put the following in a .bat or .sh file

knock.exe -v myserverIP 2222:udp 3333:tcp 4444:udp

then run it once. You now have 10 second to open a ssh session with either Putty

PuTTY is an SSH and telnet client, developed originally by Simon Tatham for the Windows platform. PuTTY is open source software that is available with source code and is developed and supported by a group of volunteers.

You can download PuTTY here.

or Cygwin ssh.

Cygwin is a Linux-like environment for Windows. It consists of two parts:

  • A DLL (cygwin1.dll) which acts as a Linux API emulation layer providing substantial Linux API functionality.
  • A collection of tools which provide Linux look and feel.

And under  the iPhone?

Luckily there is a FREE application for that!  iPhone Knock Client



You might like also

No Thumbnail was found
Error 403 - forbidden! Generally. the HTTP error 403 - Forbidden means that access to the file/folder you are trying to open has been denied, either on purpose or due to a misconfiguration. Did You try something unusual? like using a scraping tool? (teleport pro, memoweb, ...) If Yes, my system mod_evasive blacklist internet adresses of users if they make MORE THAN 10 REQUESTS PER SECONDS ON THE SAME PAGE Is your computer infected? I use Spamhaus to tracks the …
2962 Days ago
No Thumbnail was found
Sorry 404 - The page you were looking for could not be found You may not be able to visit this page because of: an out-of-date bookmark/favourite a search engine that has an out-of-date listing for this site a mistyped address you have no access to this page The requested resource was not found. An error has occurred while processing your request. Please try one of the following pages: Home Page Search If difficulties persist, please contact the System Administrator …
2962 Days ago
Debugging PHP scripts in Eclipse
Debugger are full-featured PHP debugger engine. They are interactive tools that allows you to debug PHP scripts locally or remotely, from an IDE or from the console. There is 3 debugger on the market, XDEBUG (open source) , ZEND (closed source), DBG (commercial but source code available) by luck all are free :-) I recommend you to develop with Eclipse PDT: The Eclipse Foundation has released the 1.0 of the Eclipse PHP Development Tools (PDT) project. Eclipse PDT is a …
4186 Days ago
SORRY - 404 File Not Found Error The page you were looking for appears to have been moved, deleted or does not exist. Help me keep my site free from broken links Send me an email. Include what page you were on and the link you clicked! Grazie! Thanks! Merci! Danke! Other things to try: Search www.waltercedric.com Try returning to the home page and finding the page you were looking for. …
5401 Days ago