A security method that is used to authenticate a valid user and open a TCP/IP port to accept incoming packets. Firewalls accept or deny packets before any user authentication is performed. As a result, an attacker can gain entrance through the firewall. With port knocking, a "secret" authentication sequence is required in order to gain access in the first place.
Log the Failures
A port knocking connection is made by executing a series of connection attempts to specific port numbers that are always kept closed. The failed attempts are logged at the firewall, and a separate application monitors the failures. When the monitor finds a sequence of failed attempts that matches the secret port sequence; for example: 103, 103, 100, 101, 103 (the "secret knock"), it opens the port and accepts the packets. See
TCP/IP port and
port filtering.