To me, shimmer and port knocking both seem ridiculous. In the case of shimmer, from what I
understand, you're essentially using a shared secret to create somewhere between 4 and 16 bits
of data (= "the port number"), and sending that to the server as your unencrypted
"authentication". If you want to secure a service, why not just add a real authentication
step? Make a TCP connection, authenticate yourself using the shared key, and then be granted
access. No flashy tricks...