Port knocking traditionally has been a technique used from external connections to convey information to or request services from an internal private network [1]. UPnP as a standard allows for devices and services to open ports on network devices in order to enable functionality [2]. By combining these two techniques it is possible to port knock internally, opening ports for an intended viewer on an external network device. This paper proposes a covert channel using this technique to exfiltrate data or broadcast messages from a system behind a UPnP device to any Internet connected system.

Date of creation, presentation, or exhibit



The 2012 International Conference on Security and Management Note: imported from RIT’s Digital Media Library running on DSpace to RIT Scholar Works in February 2014.

Document Type

Conference Paper

Department, Program, or Center

Department of Computing Security (GCCIS)


RIT – Main Campus