Protect Router's Management Interface by Port Knocking

Port knocking is a technology that can add an extra layer of protection to the routers. Its basic idea is that only open ports are at risk of being attacked, so it closed all the ports and set a password based on the port combination. Only those who know the password can open the ports and connect.

Vigor Router will support Port Knocking with TOTP for its Local Service. The supported models are:

Vigor3912S fw 4.3.6

Vigor3910 / 2962 fw 4.4.3

Vigor2927 / 2865 fw 4.4.5.3*

*Future support

Below are the configuration for using the Port Knocking Feature.

1. Ensure the router gets the correct system time via System Maintenance >> Time and Date.

2. Go to System Maintenance >> Management, and set up the Port Knocking feature at Port Knocking for Local Service area.

1. Enable port knocking protection
2. Enable the connection method you need.
3. Configure the 1st Knock Port.
4. Scan the QR-Code with the Google Authenticator installed on a phone.
5. Enter the 6 digit code from the Google Authenticator to the Validation Code field, then click Verify.
6. After seeing the “Verify success.” message, please click OK to save the configuration.

3. Try to connect to the router’s management interface by its WAN IP through the connection method you enabled. SSH is used in this example. The connection cannot be established because the port isn’t open.

4. Download the Port Knock Tool on the client’s computer, then open the pknock.exe.

1. Enter the server’s public IP.
2. Enter the 1st knock port.
3. Enter the 6 digit validation code from the Google Authenticator.

Then, the tool will start knocking ports of the Vigor Router.

5. After unlocking the ports successfully, you are able to connect to the router’s management interface with the connection method you enabled.