Messages

Hello,

isn't port knocking with a predefined sequence just security through obscurity?

https://en.wikipedia.org/wiki/Security_through_obscurity

Making sure the service behind the port is secure is highly preferred.

There are more powerful features for blocking automated port scans like the included suricata IDS/IPS.

It depends on the use case.

Port knocking picks up the low hanging fruit most attackers are looking for to find potential attack vectors for home users..

Since the source IP hasn't passed the knock sequence in the required order, the firewall is dropping all packets for the service port.   

Since port for the service is blocked attackers looking for open ports for the low hanging fruit of the day/month/year move on.

IDS/IPS is more geared towards business use as it needs proper monitoring ect to be effective and it has significant overhead.

Port knocking use cases in my opinion are more for a home user.

With IPv6 adoption rates finally rising, more and more home users have access to a free globally routed IP instead of paying for a static IPv4 address which can/will open the door to more and more home users wanting to open up ports.

In my opinion there valid use cases for port knocking.. Read the manpage for knockd before you say its security through
obscurity as the service port is closed until the knock authentication has been satisfied and even then the port is still restricted to unauthenticated IP's.   

knockd is only one implementation and its rather complex.. But a port knock can also be done strictly with iptables and not a daemon. An example of a iptables only implementation:
https://www.digitalocean.com/community/tutorials/how-to-configure-port-knocking-using-only-iptables-on-an-ubuntu-vps