Port Knocking

Port knocking is an authentication method used by network administrators to add security to their environment, allowing to open ports to access their PBX, servers, computers or other network devices behind a firewall on demand.

Port knocking takes advantage of firewall rules to allow a client who knows the “secret knock” to enter the network through a particular port by performing a sequence of connection attempts (called a knock sequence). The correct knock sequence for any given port is created for specific IP addresses by the network administrator.

For example: “i’d like to connect on port 5060 (SIP) but i don’t want to leave to port open for everyone..and i’ve a dynamic IP”. In these cases you can close the ports and use knockd to knock on the ports of your Asterisk box and let you in.

A daemon monitors the firewall log files for connection requests and determines whether or not a client seeking the network does a valid request and knows the correct knock sequence. If the answer is yes, it does a specific operation (usually, opening some firewall rules and port for that specific IP, but it may be also to run any command, start service or do any other per-defined operation).

Due the flexibility of port knocking, allowing users to access on a secure way to AMI, SIP, or or other Services, while ensuring their PBX is not open to all the external world, this way to add additional security while allowing authorized users is gaining a lot of popularity, and is being implemented to allow user to access their networks services without the necessity to implement a VPN software. Some manufacturers, as Elastix, have implemented his own “Port Knocking” mechanism (known as “Elastix WormHole“) on his own graphical interface, but the most popular implementation of Port-Knocking is based on the standar “knockd” service, that may run on any standar iptables / firewall machine.