Port knocking is a trick for adding additional security to your machines on the public internet. The idea is that only after a peculiar series of packets appear on your machine’s external interface to you then lower your firewall and begin listening for connections to a given service. For example only after somebody attempts to connect to port a,b, and d do you then start listening for ssh connections.
I don’t get it. Why this is such a great idea? I often configure machines so that certain listeners are only available after something else happens. For example after a certain email is recieved or after a particular http request happens takes place. I often configure a email address that takes signed pgp encrypted messages, decodes them and executes the commands found there in; a glorified batch Q. I’d much rather have the battle tested smtp or httpd server exposed to the outside world than a cool new innovative port knocking demon.
Of course it should be pointed out that all these techniques work best if there is a gloss of challenge response or public/private key usage laid over the mechinisms.
The idea behind portknocking is only good if you want to secure a system from the outside world. It really doesn’t do you any good if you just want to protect a public accessible computer. Say you only wanted yourself into a machine, you setup the firewall to drop all connections, so you have no available ports. Upon the correct “knocking” sequence you open some ports up for some time. It works great for systems that you want only to access but for public machines it doesn’t work well.
I guess one advantage is that a machine using port knocking can be entirely invisible until such time as you open it using the secret knock.