RE: Port Knocking ?

Computer Audio Asylum

Music servers and other computer based digital audio technologies.

RE: Port Knocking ?

Posted by emailtim (A) on April 23, 2025 at 12:32:53

In Reply to: RE: Port Knocking ? posted by Dawnrazor on April 23, 2025 at 12:07:04:

I am learning nftable rules to build a custom firewall/router with a WAN side and a LAN side. The LAN side is a bridge of multiple NICs and the WAN side is a single NIC.

One of the layered security schemes of a firewall is "Port Knocking". Instead of opening up a port (e.g. 22 for ssh), all the ports on the WAN side are closed. "Port Knocking" is a secret knock, (e.g. knock 3 times on closed port X, pause A seconds, knock 2 times on closed port Y, pause B seconds, knock 5 times on closed port Z) letting the occupant know the visitor is a potential friendly.

The firewall rules can listen to the timing, pattern and specific CLOSED port numbers that are being "knocked on" on the WAN side noting the IP Address of the external "knocker". It adds the complexity of multiple ports numbers in addition to timing and sequence.

If the pattern, port sequence and timing is recognized, the dynamic firewall can temporarily open the desired port (e.g. port 22) for the specific outsider to try and access. The outsider would then have to pass normal protocol credentials to access the port. If normal credentials are not accepted within the allotted time, the port is closed again. The outsider's IP Address could be put on a [temporary] no-fly list.

This allows all ports to stay closed, not discovered by nmap scans and ~~not~~ less accessible to brute force attacks.

You can configure ssh to listen to another port (other than the default 22), but a nmap scan will show what services are on what open ports (e.g. 22 has been moved to 2222).

With "Port Knocking", this eliminates generic nmap scans from identifying what port ssh has been relocated to as well as obfuscating its potential availability.

The nftables documentation gives examples rule sets on how to configure "Port Knocking" in addition to other scenarios. Thought it was pretty cool.
.

2022/03/30 Historical Records CENSORED

This post is made possible by the generous support of people like you and our sponsors:

Follow Ups Full Thread

Topic - Got Fiber? - Dawnrazor 16:59:30 04/09/25 (17)

Port Knocking ? - emailtim 11:25:36 04/23/25 (6)

RE: Port Knocking ? - Dawnrazor 12:07:04 04/23/25 (5)

RE: Port Knocking ? - emailtim 12:32:53 04/23/25 (4)

That's clever.... - Rod M 19:18:53 04/25/25 (2)

nftables Port knocking example ruleset - emailtim 21:37:50 04/25/25 (0)

RE: That's clever.... - emailtim 20:31:08 04/25/25 (0)

RE: Port Knocking ? - Dawnrazor 12:39:02 04/23/25 (0)

RE: Got Fiber? - emailtim 21:18:54 04/10/25 (0)

I went cheap - E-Stat 17:30:27 04/10/25 (8)

RE: I went cheap - Dawnrazor 12:09:35 04/23/25 (7)

RE: I went cheap - E-Stat 12:21:23 04/23/25 (6)

RE: I went cheap - Dawnrazor 12:42:07 04/23/25 (5)

To each his own! - E-Stat 12:51:49 04/23/25 (4)

RE: To each his own! - Dawnrazor 14:22:40 04/23/25 (3)

RE: To each his own! - E-Stat 14:27:56 04/23/25 (2)

RE: To each his own! - Dawnrazor 17:16:33 04/23/25 (1)

I hear you :) - E-Stat 17:32:09 04/23/25 (0)

Follow Ups

RE: Port Knocking ? - emailtim 12:32:53 04/23/25 (4)

That's clever.... - Rod M 19:18:53 04/25/25 (2)

nftables Port knocking example ruleset - emailtim 21:37:50 04/25/25 (0)

RE: That's clever.... - emailtim 20:31:08 04/25/25 (0)

RE: Port Knocking ? - Dawnrazor 12:39:02 04/23/25 (0)

Post a Message!