Port knocking is a trick for adding additional security to your machines on the public internet. The idea is that only after a peculiar series of packets appear on your machine’s external interface to you then lower your firewall and begin listening for connections to a given service. For example only after somebody attempts to connect to port a,b, and d do you then start listening for ssh connections.
I don’t get it. Why this is such a great idea? I often configure machines so that certain listeners are only available after something else happens. For example after a certain email is recieved or after a particular http request happens takes place. I often configure a email address that takes signed pgp encrypted messages, decodes them and executes the commands found there in; a glorified batch Q. I’d much rather have the battle tested smtp or httpd server exposed to the outside world than a cool new innovative port knocking demon.
Of course it should be pointed out that all these techniques work best if there is a gloss of challenge response or public/private key usage laid over the mechinisms.