ipt_pkd is an iptables extension implementing port
knock detection with SPA (single packet
authorization). This project provides 3 parts: the
kernel module ipt_pkd, the iptables user space
module libipt_pkd.so, and a user space client
knock program. For the knock packet, it uses a UDP
packet sent to a random port that contains a
SHA-256 of a timestamp, small header, random
bytes, and a shared key. ipt_pkd checks the time
window of the packet and does the SHA-256 to
verify the packet. The shared key is never sent.
