← Back to Explore
T1205.001
Port Knocking
Adversaries may use port knocking to hide open ports used for persistence or command and control. To enable a port, an adversary sends a series of attempted connections to a predefined sequence of closed ports. After the sequence is completed, opening a port is often accomplished by the host based firewall, but could also be implemented by custom software. This technique has been observed both for the dynamic opening of a listening port as well as the initiating of a connection to a listening s...
LinuxmacOSWindowsNetwork Devices
1
Detections
1
Sources
2
Threat Actors
BY SOURCE
1elastic
PROCEDURES (1)
Network Connection Monitoring1 detections
Auto-extracted: 1 detections for network connection monitoring