fwknop stands for the "FireWall KNock OPerator", and implements an authorization
scheme called Single Packet Authorization (SPA) that is based around packet
filter and libpcap.

SPA requires only a single encrypted packet in order to communicate various
pieces of information including desired access through a packet filter's policy
and/or complete commands to execute on the target system. By using packet filter
to maintain a "default drop" stance, the main application of this program is to
protect services such as OpenSSH with an additional layer of security in order
to make the exploitation of vulnerabilities (both 0-day and unpatched code) much
more difficult.

With fwknop deployed, anyone using nmap to look for sshd can't even tell that it
is listening; it makes no difference if they have a 0-day exploit or not.
