I Invented Port Knocking

Let me tell you about something that’s been bothering me for a while.

I invented Port Knocking. No, really. In 2002.

According to portknocking.org, it was invented by Martin Krzywinski in 2003. I’m not here to debate that he didn’t come up with the idea separately, and choose the same names (it’s a pretty good name for the technology). But I do want to make it clear, for the record.

Wait, hold on, what’s Port Knocking?

Oh, got ahead of myself there.

Port Knocking is a security method where you can cloak a network completely (close all ports or put them in stealth mode) and yet still allow access from any computer in the world, by way of a sequence of “knocks” on a predefined list of ports.

The server can specify a list of ports (say, 53, 91, 2005, 2131, 7) and monitor to see if there are attempts to open them. If an outside computer accesses each of these ports in sequence, without hitting any other ports, and within a time period, the server can open a select set of ports (separate from the knock list) to that IP address only.

In my original designs, before opening the ports after a successful knock sequence, an authentication port would be opened at a predefined port, which the client would have to access, exchanging credentials, before the ports would be open.

And why the controversy?

First, some history.

In mid-2002, I was 18 and interested in security, amongst other things. Along with writing code for Pidgin (then Gaim), and a couple other projects, I was fooling around with firewalls and such.

I had this idea one morning while in the shower to add another layer of security. I really wanted to be able to completely close off my network, but still access it when out of town. I can’t tell you how it came into my head. Just a moment of inspiration. I wasn’t even really looking for another project, just brainstorming, but I liked the idea too much. I started writing code and made it work.

It was a while before I discussed it publicly on my old blog on Advogato. There are many posts, but I’ll highlight a couple here, where I introduce what I was working on:

The blog is full of lots of old teenage angst, so ignore most of it, but I spend the next few weeks going over my progress, answering questions from people who are asking for more information, etc. I was very open about it.

At one point a couple months later, I realized this was stupid. I had a good idea. I should patent it. I took it down for a while. This was after I had already put up the sourcecode, though, and many people had it.

Now, in retrospect, I should have made this into a full-on open source project and gained the recognition myself, continued development. But I was too busy with other things and didn’t really want another major product on my hands. I remember at one point I thought, “maybe I can sell this to a security company, or patent it!”

And since then…

One day, I opened a magazine and saw “port knocking” on the cover. My heart skipped a beat. Somebody wrote an article on my port knocking! I opened the magazine and read through it. “Invented by… Michael Krzywinski? What?!” I re-read to make sure. It was all my terminology, my methods. I was floored.

By that point, he made a name for himself as the inventor. And again, I’m not trying to discredit him, because he very well may have come up with the same thing separately. But it stung, because I had a great idea, a year before he wrote a paper on it, and I didn’t promote it the way he did.

Lesson learned

This is one of those life lessons. You always regret what happened, but you use it to make better decisions in the future. These days, I’m happy working on some awesome products. My day job at VMware and my highly successful code review software, Review Board (for which we’ve recently started a company).

Now, if I have a good idea, I make sure it’s heard, and demonstrated, far and wide. Truly great ideas don’t really come that often, so when you have one, make sure you do something with it, or you may end up regretting it for years to come.

15 thoughts on “I Invented Port Knocking

    • Florian: Ah, very interesting. Thanks for pointing that out. It doesn’t actually shock me that people other than myself had ideas around port knocking. That’s why I don’t want to make it seem that stuff was stolen. The fact that both of us named it the same thing is odd, but *shrug*

      • LOL, actually, by my account all of you were about half a decade too late to claim the invention anyway. So I guess it is only fitting to reply to your blog post about half a decade too late as well πŸ˜‰

        I thought of the exact same principle and name around 1996/97 after a friend complained about certain parties scanning for open ports for specific protocols and clamping down on them. It’s been (quietly) used ever since.

        I’ve actually never thought of it as a revolutionary idea or anything, as it was just a logical consequence of circumstances presenting itself … but then again, I guess that goes for most so called inventions πŸ™‚

  1. I really think that it’s a bit immature to get upset because someone pretends he invented something YOU actually invented (or not). The technology exists, and whoever invented it is not the point. Anybody could have invented it anyway, so why not just use it and stop making a fuzz about who has the idea first? After all, the reason why we ‘invent’ technologies is to fix problems, not to make us famous and rich, right? Who invented fire? You don’t know? And that doesn’t prevent you from using it, does it?

    • Julien: No need to get upset. I wasn’t blaming the guy. I was telling a story of what happened, because I’ve talked to people before about this and figured, time to put it in a central place. It was a life lesson, which is what I was getting at. A case of “I had a great idea and didn’t execute well, and now I know for the future” and an explanation of how I came to reach that.

      I think the guys who have worked on port knocking have done a fantastic job. I don’t fault anyone but myself on it. It wasn’t about getting famous and rich anyway.

      Sorry if I struck a nerve. If my recounting of this angers you, well, don’t read it! πŸ™‚

  2. Pingback: Tweets that mention ChipLog Β» Blog Archive Β» I Invented Port Knocking -- Topsy.com

  3. @Julien

    Similarly I think it’s really a bit immature for photographers to get upset because someone pretends he took pictures that YOU actually took. The photos exist and whomever took them isn’t the point. Anybody could have taken it anyway so why not just frame it and stop making a fuzz about who took it? After all, the reason why we “take” photos is to capture beauty, not to make us famous and rich, right? Who took http://bit.ly/gNv5hw ? You don’t know? And that doesn’t prevent you from enjoying it, does it?

  4. @Falun

    It upsets me when people claim other people’s photographs as their own. A great deal of artistry, time and skill can go into producing worthwhile photography. Most photographers are not in it for the money, believe me. And speaking of money, the equipment required can be very expensive to purchase, maintain and insure.

    I have to wonder if your argument is mainly structured around justifying your own self-serving behavior.

    • @Damon He was making a variation on @Julien’s argument with a different context to show how it’s not so clear-cut. Believe me, he happens to know the photography world quite well, the costs associated with it, and why photographers do what they do.

  5. @ChipX86 I re-read my comment today and thought I had been a bit too harsh in the way I said it, even if I still think my argument is right. Sorry if I sounded angry but I really don’t think I was, or should have been…

    @Falun I get your point, but I thinks there is a subtile difference between technology and art: technology has a purpose while art doesn’t (or shouldn’t). The goal of an artisitc photographer is not only to take a picture, but to express something with the way he takes it. Or at least that’s my understanding of it. So, I would say that you comparison would still work if we were talking about, for example, scientific photography, where the photo IS the point.

  6. @Julien That’s the thing, you’re loading your argument with assumptions. Why can’t (shouldn’t) art have a purpose? (For reference I strongly disagree with you there)

    Another assumption is that recognition == “famous and rich” but the two are inherently different. If I create something and give it away for free I have the ability to point at it and say, “look at this thing I created” when speaking with people (potential employers, let’s say). When someone else takes something (photo or program) and passes it off as their own then I lose that ability.

    Additionally you seem to have some fine distinction between technology and art — for me the two aren’t that separate they just solve different problems: I want to add a bit of obscurity[0] to accessing this host vs I want something that will calm me when I’m upset/help us remember the past. Code and art are one and the same, they are something created by a mind atuned to the medium as an expression of their creativity to solve a problem… or sometimes just to add beauty to the world, there’s plenty of code out there that doesn’t really solve anything[1].

    You might not agree with my thoughts on art and technology, and that’s fine, I don’t think it makes you Right and me Wrong but hopefully we can at least agree that recognition is important and taking credit for others work is not the correct thing to do?

    Anyway, this is all kind of beside the point[2]–if you carefully read the post the point didn’t really seem to be “That darned Martin kid stole my idea I want credit now!” it was more of a “Huh, we had the same idea around the same time but I tried to keep it to myself and he made it public and ran with it, there is a life lesson here.”

    Disclaimer: the perspective I’m coming at this as is as a “professional” software developer and amateur[3] photographer (among other technology/artsy pursuits).

    [0] I’m hesitant to call port knocking security, sorry Chip
    [1] the entire gaming industry, for instance – they solve the “entertain me” problem (which is similar to what art does)
    [2] but entertaining conversation which is why I originally commented
    [3] no quotes there, definitely amateur =)

    @Damon, read the above — I suspect you’ll find that we agree =)

    I think it’s time for a group hug

  7. I’ve actually tried two way port knock communication with tcpdump and nc, I think it was in 1999 (the ipchain era anyways). I think the idea of port knock comes from running servers on non standard ports, so I’m guessing it’s an ancient thing really.

  8. Dude, I’m happy to include links to your pages on portknocking.org. In fact, I list several works that existed before port knocking (cd00r and SAdoor). You should have just emailed me!

    I’ve never seen your work and had the idea independently, but clearly from cd00r/SAdoor neither of us was the first.

    I think it would be fair to say that I merely coined a term for it πŸ™‚ and tried to get it published in a few mainstream places.

    If it’s any consolation, I never considered this to make any kind of name for myself. All my efforts for it are open source and I never made any money off this πŸ™‚

    Best,

    Martin

  9. Haha, no worries man. This was a story I told a few times to friends and finally decided to just write about as a life lesson sort of post. I was pretty young and naΓ―ve when I put together my port knocking implementation, and I was proud of it but just didn’t do enough with it and kind of kicked myself for it after when I realized I missed the boat.

    (It’s been a while since I wrote this, but in retrospect, I should have titled this post “I ‘invented’ port knocking.”)

    So how’s the effort been going for you?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s