Editing Port knocking (section)

{{Short description|Method of externally opening ports on a firewall}}
{{Multiple issues|
{{More footnotes|date=October 2013}}
{{Original research|date=February 2015}}
}}

In [[computer network]]ing, '''port knocking''' is a method of externally opening [[TCP and UDP port|ports]] on a [[firewall (networking)|firewall]] by generating a connection attempt on a set of prespecified closed ports. Once a correct sequence of connection attempts is received, the firewall rules are dynamically modified to allow the host which sent the connection attempts to connect over specific port(s). A variant called '''single packet authorization''' (SPA) exists, where only a single "knock" is needed, consisting of an [[encryption|encrypted]] [[Packet (information technology)|packet]].<ref>Michael Rash (2004) [https://www.usenix.org/publications/login/december-2004-volume-29-number-6/combining-port-knocking-and-passive-os Combining Port Knocking and Passive OS Fingerprinting with fwknop]</ref><ref>Michael Rash (2006). [http://www.cipherdyne.org/fwknop/docs/SPA.html Single Packet Authorization with Fwknop].</ref><ref>Michael Rash (2007). [http://www.linuxjournal.com/article/9621 Protecting SSH Servers with Single Packet Authorization].</ref><ref>[[Moxie Marlinspike]] (2009). [http://www.thoughtcrime.org/software/knockknock/ Using knockknock for Single Packet Authorization].</ref>

The primary purpose of port knocking is to prevent an attacker from scanning a system for potentially exploitable services by doing a [[port scan]], because unless the attacker sends the correct knock sequence, the protected ports will appear closed.