Port Knocking and Single Packet Authorization Resources

This document lists all the information I have gathered about Port Knocking and Single Packet Authorization since I started the development of Aldaba. I've tried to classify them in different categories. They are ordered alphabetically so I've also tried to rate some of them in order to help you spot the best ones easily. Items are rated using stars, ranging from 0 to 4 stars.

Many of the following information was found at http://www.portknocking.org/.

If you are doing research on PK and SPA or have additional information that could be added to this list, please let me know.

Last Updated: Dec 1, 2010.


1. Web Sites
2. High Quality Research Papers
3. Articles on the Web
4. Presentations
5. Implementations
6. Also mentioned in


Krzywinski, M. Port Knocking. http://www.portknocking.org/

Jeanquier, S. Security Generation. Single Packet Authorization . http://www.securitygeneration.com/single-packet-authorization/


Barham, P, Hand, S, Isaacs, R, Jardetzky, P, Mortier, R and Roscoe, T. (2002) Techniques for Lightweight Concealment and Authentication in IP Networks [online]. Intel Research Berkeley (IRB-TR-02-009)

deGraaf, R, Aycock, J, and Jacobson M (2004). Improved Port Knocking with Strong Authentication [online]. Department of Computer Science, University of Calgary. http://www.acsac.org/2005/papers/156.pdf

deGraaf, R (2007). Enhancing Firewalls: Conveying User and Application Identification to Network Firewalls [online]. Computer Science Master's Thesis, Department of Computer Science, University of Calgary.

Doyle, M. (2004) University of Arkansas Department of Physics. Implementing a Port Knocking System in C. [online] University of Arkansas. http://portknocking.sourceforge.net/files/Implementing%20a%20Port%20Knoc...

Jeanquier, S. (2006) An Analysis of Port Knocking and Single Packet Authorization [online]. Information Security Group. Royal Holloway College, University of London.

Khakpour, A.R. and Chaouchi, H. ESSTCP: Enhanced Spread-Spectrum TCP [online]. Institut National des Télécommunication (INT) Evry, France. http://www.cecs.uci.edu/~papers/ipdps07/pdfs/SSN-1569014437-paper-2.pdf

Vasserman, EY, Hopper, N, Laxon, J and Tyra, J. SILENTKNOCK: Practical, Provably Undetectable Authentication. [online]. University of Minnesota, Stanford University. United states.


Isabel D. (2005) Port Knocking: Beyond the Basics. [online]. SANS Institute. http://www.sans.org/reading_room/whitepapers/sysadmin/1634.php

Keong TC (2004). Remote Server Management Using Dynamic Port Knocking and Forwarding [online]. Special Interest Group in Security and Information Integrity. http://www.security.org.sg/code/sig2portknock.pdf

Krivis, S. (2004). Port knocking: helpful or harmful? An exploration of modern network threats [online]. SANS Institute. http://www.giac.org/certified_professionals/practicals/gsec/3838.php

Maddock, B. (2004). Port Knocking: An overview of Concepts, Issues and Implementations [online]. SANS Institute. http://www.giac.org/certified_professionals/practicals/gsec/4122.php

Maki, T. (2007) Explicit Mechanisms for Controlling NAT/Firewall Systems Dynamically. Helsinki University of Technology. http://www.tml.tkk.fi/Publications/C/23/papers/Maki_final.pdf

Manzanares, A, Torres, M, Estevez, JM and Hernández, JC. Attacks on Port Knocking Authentication Mechanism [Online - Restricted]. Universidad Carlos III de Madrid. http://www.springerlink.com/content/lrab9tf4ef199ajg/

Rash, M. (2004) Combining Port Knocking and Passive OS Fingerprinting with fwknop [online]. The USENIX Magazine, (29), pp.19-25 http://www.usenix.org/publications/login/2004-12/pdfs/fwknop.pdf

Rash, M. (2007). Linux Firewalls: Attack Detection and Response with iptables, psad, and fwsnort. Chapters 12 and 13. No Starch Press. ISBN: 978-1593271411

Rash, M. (2006). Single Packet Authorization with Fwknop [online]. The USENIX Magazine 02/06. https://db.usenix.org/publications/login/2006-02/pdfs/rash.pdf

Rash, M. (2007). Single Packet Authorization. Linux Journal. April 1, 2007. http://www.linuxjournal.com/article/9565

Rash, M. (2007). Protecting SSH Servers with Single Packet Authorization. Linux Journal. May 1, 2007.


Bradley, T. (2004) Port Knocking [online]. The New York Times, About, Inc. About.com. http://netsecurity.about.com/cs/generalsecurity/a/aa032004.htm

Conte, B. (2008). The Practicality of Port Knocking.

Graham-Cumming, J. (2004) Practical Secure Port Knocking [online]. Dr. Dobb's Journal, (366), pp.51-53 http://www.ddj.com/184405890

Grimes, RA. (2006) Port knocking: A security idea whose time has come [online]. Infoworld. http://www.infoworld.com/article/06/03/17/76466_12OPsecadvise_1.html

Hatch, B. (2003) Sniffing with Net::Pcap to stealthily managing iptables rules remotely [online]. Hacking Linux Exposed. http://www.hackinglinuxexposed.com/articles/20030730.html

Knutee. (2008) Single Packet Authorization [online]. http://knutee.net/?p=11

Krzywinski, M. (2003) Port Knocking: Network Authentication Across Closed Ports [online]. SysAdmin Magazine, (12), pp.12-17. http://www.samag.com/documents/s=9366/sam0306b/0306b.htm

Krzywinski, M. (2006) Port Knocking From the Inside Out [online - Requires suscription]. Hakin9 Magazine (5). http://en.hakin9.org/products/articleInfo/47

Martin, K. (2004). Knock, Knock, Knock. Security Focus. http://www.securityfocus.com/columnists/221

Narayanan, A. (2004) A critique of port knocking [online]. Linux.com, Sourceforge Inc. http://www.linux.com/articles/37888

Yarden, J. (2005). Use port knocking to bypass firewall rules and keep security intact [online]. TechRepublic, CNET Networks. http://articles.techrepublic.com.com/5100-1009-5798871.html

Unknown Author. (2004) SolutionBase: Use port knocking for a more secure method of opening ports [online]. TechRepublic, CNET Networks. http://articles.techrepublic.com.com/5100-6350_11-5164533.html

Unknown Author. Port Knocking for SMTP [online]. Unlisting. http://unlisting.org/


(2004) Introduction to Cerberus: Port Knocking with covert packets to secretly open your firewall [online]. Scorpion Software. http://silverstr.ufies.org/blog/Cerberus.ppt

Aiello, M, Kalinskiy, S, Nurilov, S, and Smolenskiy, E. Port Knocking Project (for Windows) [online]. http://winportknocking.sourceforge.net/Port_Knocking_Project_Status.ppt

deGraaf, R, Aycock, J, and Jacobson M (2004). Improved Port Knocking with Strong Authentication [online]. Department of Computer Science, University of Calgary. http://pages.cpsc.ucalgary.ca/~degraaf/papers/portknocking-presentation.pdf

Doyle, M. (2004) University of Arkansas Department of Physics. Implementing a Port Knocking System in C. [online] University of Arkansas. http://portknocking.sourceforge.net/files/Implementing%20a%20Port%20Knoc...

Epp, D. (1999) Port Knocking with Cerberus. [online] http://silverstr.ufies.org/blog/Cerberus.ppt

Hou. JC. Port Knocking. [online] Department of Computer Science. University of Illinois. United States. http://lion.cs.uiuc.edu/cours.es/cs397hou/lectures/PortKnocking.ppt

Keong, T.C. and Meng, C.T. Remote Server Access using Dynamic Port Knocking and Forwarding [online]. Special Interest Group in Security and Information integrity. http://www.security.org.sg/webdocs/news/event30/SIG2_Portknock.ppt

Krzywinski, M. Port Knocking. Flexible security through authentication across closed ports [online]. Genome Sciences Centre. Vancouver, Canada. http://www.portknocking.org/docs/wcsf2003.ppt

Lum, K. (2004) Port Knocking r0x0rz j00 [online]. http://sfs.poly.edu/presentations/portknocking.pdf

Rash, M. (2004) Advanced Netfilter. Content Replacement (ala Snort_inline) and Port Knocking Based on p0f [online]. DEFCON 12. http://www.defcon.org/images/defcon-12/dc-12-presentations/Rash/dc-12-ra...

Rash, M, (2006). Advances In Single Packet Authorization [online]. http://www.cipherdyne.org/fwknop/docs/talks/shmoocon2006_fwknop_slides.pdf

Rash, M. (2007). ZeroDay Attack Prevention via Single Packet Authorization [online]. http://www.cipherdyne.org/talks/Michael_Rash_Techno_Security2007_SPA.pdf

Rathaus, N. Beyond Security: Presentation on Port Knocking [online] Beyond Security Ltd. http://www.cs.tau.ac.il/tausec/lectures/port_knocking.ppt

SPA: Single Packet Authentication [online]. MadHat Unspecific. Simple Nomad. Nomad mobile research centre. http://www.nmrc.org/dc13/bh2005-mh-sn-spa.ppt

Volpato, GL and Grimm, C. Dynamic Firewalls and Service Deployment Models for Grid Environments [online]. RRZN – Leibniz Universität Hannover. http://www.cyfronet.pl/cgw06/presentations/c4-4.ppt

Worth, D. (2004). COK: Cryptographic Port Knocking [online]. Black Hat USA 2004. http://www.blackhat.com/presentations/bh-usa-04/bh-us-04-worth-up.pdf


Bello, L. CWKPF Cuasi-Web Knocking para Packet Filter. http://www.lucianobello.com.ar/webknocking/index_en.html

Bidou, R. Multi-purpose port knocker.(Source: http://www.iv2-technologies.com/~rbidou/apk-1.0.tar.gz) (Documentation: http://www.iv2-technologies.com/~rbidou/apk.README.html)

Boyce, M. Bash IPTables Port Knocking. http://www.phantomcode.com/bashiptableportknocking/

Drizzt. Helldoor. http://utenti.gufi.org/~drizzt/codes/helldoor/

FX. Cdoor. 2000. http://www.phenoelit-us.org/stuff/cd00rdescr.html

Ingles, R. Ostiary. 2006. http://ingles.homeunix.org/software/ost/index.html

Keong, T and Capella. SIG^2 Port Knocking. 2004.http://www.security.org.sg/code/portknock1.html

Krzywinski, M. Port Knocking. http://www.portknocking.org/

Lebelt, S. Webknocking. 2006. http://www.webknocking.de/semaphor.php?item=webknocking_en

MartinGarcia, L. Aldaba PK/SPA Security Suite. 2010. http://www.aldabaknocking.com/

Meehan, J. Pasmal. 2005. http://sourceforge.net/projects/pasmal/

Nyberg, CM. SAdoor. http://cmn.listprojects.darklab.org/

OldW0lf. Toc Toc. 2004. http://3w.0ldw0lf.atrix-team.org/

Outdot, L. Wknock. 2005. http://www.rstack.org/oudot/wknock/

Prinz, R. It's ME. 2006. http://www.min.at/prinz/software/port/

Rash, M. Fwknop. 2007. http://www.cipherdyne.org/fwknop/

Shemesh, S. Temprules. 2004. http://sourceforge.net/projects/temprules/

Si0ux. 2006. Coarse Knocking. http://sourceforge.net/projects/coarseknocking/

Snell, J. Combo. 2002. http://www.e-normous.com/nerd/combo.c

Tumbler. Cumming, JG. 2004. http://tumbler.sourceforge.net/

Vanini, F. Barricade. 2004. http://www.lightning.eu.org/barricade/

Vasserman, EY et al. Silent Knock. 2007. http://www-users.cs.umn.edu/~eyv/knock/

Vinet, J. knockd. 2005. http://www.zeroflux.org/cgi-bin/cvstrac.cgi/knock/wiki

Walko, J. (2004) A simple encrypted port knocker [online]. http://cryptknock.sourceforge.net/

Walko, J. Cryptknock. 2004. http://sourceforge.net/projects/cryptknock

Ward, JB. Doorman. 2005. http://doorman.sourceforge.net/

Windows Port Knockning. 2004. http://sourceforge.net/projects/winportknocking

Коротков Евгений. Bash Script. 2003. http://www.opennet.ru/base/sec/port_knocking.txt.html


Gibson, S. and LaPorte, L. (2007) Security Now Podcast. Episode 80. Listener Feedback Q&A #16 [Podcast - online]. http://media.grc.com/sn/SN-080.mp3

Green, ML, Gallo, SM and Miller, R. (2004) Grid-Enabled Virtual Organization Based Dynamic Firewall [online]. Center for Computational Research SUNY-Buffalo. New York. United States. http://ieeexplore.ieee.org/iel5/9495/30134/01382833.pdf

Slashdot.(2004). Port Knocking" For Added Security. [online] Open Source Technology Group. http://slashdot.org/it/04/02/05/1834228.shtml?tid=126&tid=172

Slashdot. (2004). Port Knocking in Action [online]. http://it.slashdot.org/article.pl?sid=04/04/14/1832222

Slashdot. (2004). Going Beyond Port Knocking; Single Packet Access [online]. http://it.slashdot.org/article.pl?sid=05/05/30/1128209&tid=172&tid=106

StankDawg and Rax (2004) Binary Revolution Radio. Episode 32 - Port Knocking. [Podcast - online]. http://www.binrev.com/radio/archive/binrev032.mp3

Asadoorian, P. and Jeanquier, S. (2010). Pauldotcom Security Weekly. Episode 221. November 23, 2010. [Podcast - online]. http://traffic.libsyn.com/pauldotcom/pauldotcom-SW-episode221.mp3