Port Knocking

Port Knocking: The Stealth Authentication Method

Port knocking is a security technique where a service port (like SSH) is kept closed until a specific sequence of connection attempts (knocks) is made to other ports. Once the correct sequence is detected, the port opens temporarily for the client to connect.

Why Use Port Knocking?

🔒 Benefits:

• Stealth: Services don’t appear in port scans
• Reduced Attack Surface: Ports are closed by default
• Simple Implementation: Easy to set up
• Defense in Depth: Extra layer before authentication

⚠️ Limitations:

• Not encrypted (knocks can be sniffed)
• Single packet authorization (SPA) is more secure
• Can be DoS’d with fake knocks
• Adds complexity