If the port knocking was obscuring an unauthenticated root shell then you would have a good point, but this is a defence in depth measure that adds to the security. It helps because it's one more hurdle for an attacker to bypass.
Layering two actual security measures makes sense. Layering an obscurity measure on a security measure is not really any safer than just having the security measure, just as obscurity alone is not really any safer than nothing.
It is a security measure, as it involves authentication through the series of knocks. It's a weak security measure on its own, so you obviously wouldn't want to rely on port knocking by itself, but it does have utility in preventing an attacker from discovering the service through a simple port scan.
I don't quite understand why you're saying it adds nothing at all.
lmm|9 years ago
geographomics|9 years ago
I don't quite understand why you're saying it adds nothing at all.