Port-knocking — like a secret knock for firewalls. Schneier calls it "defensive system that would not accept any SSH connections (port 22) unless it detected connection attempts to closed ports 1026, 1027, 1029, 1034, 1026, 1044, and 1035 in that sequence within five seconds, then listened on port 22 for a connection within ten seconds. Otherwise, the system would completely ignore port 22." Link (via Crypto-Gram)