Why Not Use Port Knocking? (continued)

To my mind port knocking gives you:

  1. Added complexity or, one more thing that will go wrong. If the deamon dies, you've bricked your system.

  2. An additional password that's hard to change. There's nothing magical about TCP/UDP ports. It's a 16 bit number, and in our context, it's just another alphabet. The swarm will keep guessing. And it's likely the knock sequence (aka password) is the same for all users.

  3. You won't recognize an attack until it succeeds, if even then. Guessing attempts will be indistinguishable from random noise, so you will have no early warning.

Port knocking proponents seem to have sort of moved on to single packet authentication instead, but even those implementations still contain the old port knocking code intact.

(2012-04-11) Why Not Use Port Knocking? was my take (with some inaccuracies, but you'll live)