Port Knocking

What Does Port Knocking Mean?

Port knocking is an authentication technique used by network administrators. It consists of a specified sequence of closed port connection attempts to specific IP addresses called a knock sequence. The techniques uses a daemon that monitors a firewall’s log files looking for the correct connection request sequence. Additionally, it generally determines if the entity seeking port entrance is on the approved list of IP addresses.

Advertisements

Techopedia Explains Port Knocking

Port knocking, even using a simple sequence such as "2000, 3000, 4000" would require a huge number of brute force attempts by an external attacker. Without any prior knowledge of the sequence, the attacker would have to try every combination of the three ports from 1 to 65,535 and after each attempt a check would have to be made to see if any ports opened. As well, the correct three digits would have to be received in order, with no other data packets received in between. Such a brute force attempt would require approximately 9.2 quintillion data packets just to successfully open a simple, single three-port knock. Moreover, the attempt is made even more difficult when cryptographic hashes (a method of producing one-time keys), or longer and more complex sequences, are used as part of the port knocking.

In fact, if several legitimate attempts from different IP addresses were opening and closing ports, simultaneous malicious attackers would be thwarted. And if a brute force attempt were successful, port security mechanisms and service authentication would also need to be negotiated. Additionally, any attackers cannot detect that a daemon is at work (i.e. the port appears closed) until they successfully open a port.

There are a few disadvantages. Port knocking systems are very dependent upon the daemon working correctly and if it does not work, no connection can be made with the ports. Thus, the daemon creates a single point of failure. An attacker may also be able to lock out any known IP addresses by sending data packets with fake (i.e. spoofed) IP addresses to random ports and IP addresses cannot be easily changed. (This can be addressed with cryptographic hashes.) Finally, there is the possibility of legitimate requests to open a port may include TCP/IP route packets out of order; or some packets may be dropped. This requires the sender to resend the packets.

Advertisements

Related Terms

Latest Cybersecurity Terms

Related Reading

Margaret Rouse
Margaret Rouse

Margaret Rouse is an award-winning technical writer and teacher known for her ability to explain complex technical subjects to a non-technical, business audience. Over the past twenty years her explanations have appeared on TechTarget websites and she's been cited as an authority in articles by the New York Times, Time Magazine, USA Today, ZDNet, PC Magazine and Discovery Magazine.Margaret's idea of a fun day is helping IT and business professionals learn to speak each other’s highly specialized languages. If you have a suggestion for a new definition or how to improve a technical explanation, please email Margaret or contact her…

Related News

dummy_img
Blockchain

Experts Roundtable: What DEXs Must Do Better for Adoption

Iliana Mavrou12 years
dummy_img
Artificial Intelligence

AI Alliance: More Than 50 Organizations Cast Wide Safety Net

Nicole Willing12 years
dummy_img
Featured Content

Chimpzee (CHMPZ) Will Soon End Its Presale, Enter Now Before Inevitable 10x Growth After Exchange Listing

Alan Draper12 yearsEditor-in-Chief
dummy_img
Artificial Intelligence

Understanding DePIN Protocols: How AI and Crypto Fit Together

Mensholong Lepcha12 yearsCrypto & Blockchain Writer
dummy_img
Artificial Intelligence

12 Best AI Books: What To Read If You Want to Learn & Earn

Tim Keary12 yearsTechnology Expert
dummy_img
Buzzwords and Jargon

8 Tech Terms & Buzzwords You Need to Know for 2024

Neil C. Hughes12 yearsSenior Tech Writer

Popular Categories
Show All

Antivirus
Antivirus
Artificial Intelligence
Artificial Intelligence
Audio
Audio
CRM
CRM
Cryptocurrency
Cryptocurrency
Gambling
Gambling
Gaming
Gaming
HR
HR
Investing
Investing
Laptops
Laptops
Network
Network
Password Managers
Password Managers
Project Management
Project Management
Spy
Spy
VoIP
VoIP
VPN
VPN