What is the difference between Single Packet Authorization and Port Knocking?
Both technologies communicate information via packets destined to a port or ports on which no server is listening. The packets can be monitored by sniffing the wire via libpcap, or by monitoring firewall logs. The main application of this technology is to use a packet filter (such as a firewall or router ACL) to maintain a default drop stance for a protected service, but allow a remote system to communicate desired access to the protected service. This way the code paths available to a malicious user are minimized since a decent packet filter intercepts packets from within the kernel, and therefore an attacker cannot even establish a session with the protected service. This is where the similarities end, and you can find a detailed explanation of exactly why Single Packet Authorization is better than port knocking in my USENIX ;login: paper “Single Packet Authorization with Fwknop”. In summary, Single Packet Authorization (SPA) provides the following advantages over port knocking schem
