Tutorial Series

How To Implement Port Knocking to Obscure your SSH Daemon

Port knocking is a security concept that involves dynamically altering firewall rules to expose access to an otherwise protected service. This is done by sending a pre-configured special packet, or a pattern of packets that the port knocking software is listening for. In this series, we will discuss a variety of ways to configure port knocking to add an extra layer of security around your SSH daemon.
  • Single Packet Authentication is a method that grew out of earlier port knocking as a way of keeping services shielded until you request access through a predefined sequence of events. Single packet authentication does this by sending a single encrypted packet to the server in order, which can then validate the client and open the requested port. In this article, we will discuss how to use the fwknop suite to implement single packet authentication on an Ubuntu 12.04 VPS.
  • Port knocking is a method of protecting your services behind a firewall until connection attempts are made to a specific sequence of ports in a certain amount of time. The firewall rules are then modified to allow access to the service and the user can connect as normal. In this article, we will discuss how to implement port knocking to add an extra layer of protection to your SSH daemon in order to dissuade attackers.
  • Port knocking is a method of hiding services behind a firewall until a specific sequence of network activity occurs. After detecting this, the firewall is dynamically reconfigured to expose the requested service for the client who completed the specific sequence of activity. In this article, we will discuss how to implement a port knocking mechanism on an Ubuntu VPS using only the tools available within the iptables package.