It is a security measure, as it involves authentication through the series of knocks. It's a weak security measure on its own, so you obviously wouldn't want to rely on port knocking by itself, but it does have utility in preventing an attacker from discovering the service through a simple port scan.
I don't quite understand why you're saying it adds nothing at all.
In essence, it's the same argument as "everyone should use encryption, even if it's barely non-trivial for state-level actors to break."
You're not defending against the attacker who is targeting you with this. You're defending against the attacker who is targeting "anyone who is trivially accessible."
ethbro|9 years ago
You're not defending against the attacker who is targeting you with this. You're defending against the attacker who is targeting "anyone who is trivially accessible."