Knock: A Linux kernel patch for NAT-compatible, stealthy port knocking

A Linux kernel patch that “implements a new NAT-compatible, TCP option for stealthy port knocking with a few new twists for improved security” has been released.

Port knocking is a security implementation that’s designed to reduce the visibility of TCP servers on the network. A good port knock tool renders TCP servers stealthy, making them invisible to port scanners.

The point of a port knock tool is to make TCP servers respond to TCP SYN request only after a pre-defined sequence of packets have been sent and received. It’s like having a club house whose doors open only after a set number and sequence of knocks. There have been tools like in the past, but as far as I know, all have been in user space. Knock is thus likely the first port knock tool for Linux in kernel space.

From the release announcement:

  • Knocking is done in the Linux kernel. Applications can activate Knock with a single additional setsockopt call (in both client and server). Thus, once Linux has been patched, deployment will be much simpler compared to other implementations. Also, as Knock operates in the Kernel, timing attacks should be much harder to do.
  • Our Knock optionally does not merely enable opening the connection, but also can be used to protect the first N bytes of the TCP payload. Thus, given a sane protocol being run above TCP (one begins with a key exchange), an active attacker cannot simply take over the TCP connection after the handshake without also being locked into sending the same TCP payload. Thus, if the client begins by sending his public key and then continues to send data that must be authenticated with that key, even an active man-in-the-middle adversary cannot hijack the connection.

Knock is the work of Julian Kirsch, Maurice Leclaire and Christian Grothoff. The complete release announcement, associated documentations, as well as the code, are available here. The patch has been submitted to the Linux Kernel Mailing List (LKML), the kernel networking mailing list and subsystem maintainer. Could be coming to a Linux kernel next, if it passes muster.

Related Posts

Building Effective, Secure Container Delivery Pipelines with Docker, rkt et al. Opinions on how best to package and deliver applications are legion and, like many other aspects of the software world, are subject to recurring trend...
Patched Bash still vulnerable to Shellshock The bug that was discovered and patched in the Bash shell is still vulnerable to code injection attacks. And the latest is that the bug, now officiall...
The Android-powered MeMO Pad™ HD 7 is just $149 There are some 7-inch Android tablets that can be had for less than US$100, some for just US$70. And virtually all the ones I've seen in stores are cr...
Debian 6.0 “Squeeze” released After 24 months of constant development, the Debian Project is proud to present its new stable version 6.0 (code name "Squeeze"). Debian 6.0 is a free...
How we migrated from Heroku to Docker containers As a growing startup that provides a SaaS platform to automate B2B sales lead management and social selling at scale, ProLeads has been pressed to del...
Transformer Book Duet offers Windows and Android in dual-boot mode The Transformer Book Duet TD 300 is one of the major product announcements from ASUS at the ongoing International Consumer Electronics Show (CES) in L...

We Recommend These Vendors and Free Offers

ContainerizeThis 2016 is a free, 2-day conference for all things containers and big data. Featured, will be presentations and free, hands-on workshops. Learn more at

Launch an SSD VPS in Europe, USA, Asia & Australia on Vultr's KVM-based Cloud platform starting at $5:00/month (15 GB SSD, 768 MB of RAM).

Deploy an SSD Cloud server in 55 seconds on DigitalOcean. Built for developers and starting at $5:00/month (20 GB SSD, 512 MB of RAM).

Want to become an expert ethical hacker and penetration tester? Request your free video training course of Online Penetration Testing and Ethical Hacking

Whether you're new to Linux or are a Linux guru, you can learn a lot more about the Linux kernel by requesting your free ebook of Linux Kernel In A Nutshell.

One Comment

  1. Pingback: Links 13/12/2013: Linux (Kernel) News | Techrights

Leave a Comment

Your email address will not be published. Required fields are marked *