What is Port Knocking
Let’s stop talking about machine code for some time!
How do you identify whether someone is a friend or an enemy without actually looking at the person from inside a room? Think think!!
Well its very simple. We may intimate the friend from before that whenever you come just knock in a pattern say door, window and the wall one after another. Remember just knock each one of them once.
Hence, its simple next time your friend comes and knock the door in this pattern, you know it’s your friend and hence you open the door. If there is any one mistake in the pattern, say door is knocked twice or knocking at the wall is missed, you know it’s someone unknown and hence you will not open the door.
Hence, port knocking is an activity which attempt to connect to various ports in a certain known pattern so that it is allowed to connect inside a system. The firewall allows traffic to pass only when connection is being made in a certain pattern. Firewall changes rule on-the-go!
Simple command to perform port knocking
# hping3 -S <ATTACKER_IP> -p 1 -c 1
p –> port number, c –> number of ping requests
The above command will knock port no 1 only one time.
Note: “hping3” is a network tool able to send custom TCP/IP packets for testing firewall rules.
Where to use port knocking mechanism
Port knocking mechanism is not a very strong authentication mechanism. Hence, it should not be the only authentication mechanism for any connection attempt. There should be regular whitelist of IP addresses which can connect to firewall so that even if an attacker is able to know the pattern, he will not be able to bypass the firewall. Other authentication mechanism like userid/passwords, etc. should also be in place. This can only be an added layer of protection.