How to use Port Knocking

Note that you will require root access in order to use these directions.

This tutorial will go over how to use port knocking which will be considered an advanced guide and does require you to have root access and have CSF installed on your server. Port knocking is the act of opening ports on your server’s firewall through a series of network requests. This tool is most widely used for your SSH port, WHM/cPanel ports etc. Port knocking will reduce brute force attacks as it adds a second layer of security to your server.

Using the Knock Server feature in CSF

For this tutorial, we will be opening port 22 as a demonstration. The steps below will enable the port knocking ability to open the port you specify (please keep in mind that you can do this for multiple ports).

  1. Log into your Server via SSH as the “root” user.
  2. Edit the CSF configuration file.
    vim /etc/csf/csf.conf
  3. By default, you will see what is in the image to the right after you search for Port Knocking (should be around line 1350).
  4. We will make it so that if you send a TCP request on port 1000, a TCP request on 2000, a TCP request on 3000 and lastly another TCP request on port 4050 then the port 22 will open up for the IP sending the request. Feel free to use any ports you like to make the sequence more secure.
  5. Save the configuration file (use this command if you used vim).
    :wq
  6. Restart your CSF.
    csf -r

Knocking the ports from Linux

You can run a command like the one below to knock the ports on the server.

for x in 1000 2000 3000 4050; do nmap -Pn –host_timeout 201 –max-retries 0 -p $x YourServersIP; done

Knocking the ports from Windows

If you are trying to use port knocking with Windows, then try using Greg Sowell’s Windows Port Knock Application. After opening the program you would fill out the fields that you set the configuration to in the section above.

To the right is what you should see before you click Knock.

Using your phone to knock the ports

We have found two applications that seem to do the trick, if you are on an android device we suggest the Port Knocker or if you are running iOS the best option was PortKnock. Either of these apps will be able to knock your server’s firewall to open the desired ports. Please keep in mind that if you use your phone to unlock a port while on a wifi network it will open the port for any device on the same network.

Leave a Reply