How to Hide Application Port Using knockd in Linux
Source: linoxide.com
As a system administrator, we should do everything to secure our server from attackers. As the internet grows, threats to our server is also growing. One of the popular entrances to attack our server is through the port on your server that open. If your SSH server is running on your machine, then usually the SSH port is listening. Which means it is open, waiting for the connection.
Leaving the port open for 24 hours, is not recommended because it is vulnerable. Because we can scan the machine to see the open port. Nmap is one of the most popular port scanner that can be used by anyone to scan your machine.
How if we can open the on demand and close the port when it’s not used? Sounds interesting. Now we can do it using knockd application.
What is knockd
Knockd is a port-knock server. It listens to all traffice on an ethernet (or PPP) interface, looking for special “knock” sequences of port-hits. (Source : http://www.zeroflux.org/projects/knock)
How it works
Every application needs a port as a “door” for “listening” requests from other clients. This port usually on open state or close state. There are a lot of ports that available on the server. But there are some ports that agreed by consensus, such as SSH (22), Web (80) and FTP (21).
A basic rule of server security is to open only used ports and close the rest. You may have some ports that are sometimes used and sometimes not. Leaving those ports open while is not being used is not recommended.
When you install knockd, you can let the client “knock” the server with pattern. The knocking sequence can be custom by you. So this knocking pattern will be unique to each other. If the pattern is match, then the port you need will be opened for a period of time and the request can enter your server.
Once you have done with the application, you can close the port manually or automatically.