Thanks for all the input! First I should say I didn't mean to add this to
Manuel's "to-do list"...he's busy enough. I just thought the idea was
interesting and thought discussion might be appropriate should this method
ever become viable in the network world.
I manage a few networks remotely and the advantage I see to Port Knocking is
the ability to cloak the network from script-kiddies and such. I have
nightmares that I missed a patch for SSH or TS everytime I see a portscan in
the firewall logs. I realize port knocking is susceptible to sniffing and
man-in-the-middle attacks but wouldn't this only be pertinent from an
insecure network or a compromised border router? I've also heard the
arguments in the "obscurity isn't security" debate but I'm of a mind that
any layer you can add to protect your resources (as long as you can live
with the complexity it adds) is good.
Overall I like the idea of PK but think the implementation needs more
brainstorming and maturity.