[tor-dev] Collecting data to demonstrate TCP ISN-based port knocking

Christian Grothoff grothoff at in.tum.de
Thu May 15 05:51:52 UTC 2014

Hi all,

some of you might remember a project called "Knock", which implements
a variant of port-knocking in the Linux kernel that can be used to
check the authenticity of arbitrary TCP connections and even can do
integrity checking of the TCP payload by using a pre-shared key. Knock
started as a student project which was presented during the Tor
developer meeting at Technische Universität München last July. This
was also where Jake added his two cents to help the project to move on.

We still hope that Knock will be eventually useful for Tor (think:
bridges), but could use your help to collect data to help convince the
Linux people to adopt the latest patch.

As Knock uses two fields in the TCP header in order to hide information
and we explicitly want to be compatible with machines sitting in
typical home networks, we need to make sure that this information
doesn't get corrupted by the majority of NAT boxes out there. We thus
created a program which tests if Knock would work in your environment.
It would be great if some of you were able to execute the program on
your machines in order to help us to get an estimation of if Knock one
day could be used in a large scale.

You can find sources, binaries and a more elaborate description here:
Technical details about Knock and a (somewhat outdated) research paper
as well as kernel patches are provided here:

Julian & Christian
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x48426C7E.asc
Type: application/pgp-keys
Size: 7098 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20140515/5d605837/attachment.key>

More information about the tor-dev mailing list