Hi all,

some of you might remember a project called "Knock", which implements a variant of port-knocking in the Linux kernel that can be used to check the authenticity of arbitrary TCP connections and even can do integrity checking of the TCP payload by using a pre-shared key. Knock started as a student project which was presented during the Tor developer meeting at Technische Universität München last July. This was also where Jake added his two cents to help the project to move on.

We still hope that Knock will be eventually useful for Tor (think: bridges), but could use your help to collect data to help convince the Linux people to adopt the latest patch.

As Knock uses two fields in the TCP header in order to hide information and we explicitly want to be compatible with machines sitting in typical home networks, we need to make sure that this information doesn't get corrupted by the majority of NAT boxes out there. We thus created a program which tests if Knock would work in your environment. It would be great if some of you were able to execute the program on your machines in order to help us to get an estimation of if Knock one day could be used in a large scale.

You can find sources, binaries and a more elaborate description here: https://gnunet.org/knock_nat_tester Technical details about Knock and a (somewhat outdated) research paper as well as kernel patches are provided here: https://gnunet.org/knock

Best, Julian & Christian