David Plummer wrote the Windows Task Manager, he made a 3 part series on his YouTube channel [1]. It's a fascinating couple of videos, highly recommend to watch.

[1] https://www.youtube.com/watch?v=f8VBOiPV-_M

> Is this approach used elsewhere?

Yes, or at least in a similar fashion. An alternative variant of port knocking is SPA (Single Packet Authorization). Often SPA protocols use UDP and contain within the body field an encrypted payload containing all the required data to authenticate and authorize a particular request.

There are multiple different implementations of SPA: OpenSPA [1] (full disclosure: I am the author of OpenSPA), fwknop [2] just to name a few.

SDP (Software Defined Perimeter) often builds upon SPA technologies in order to achieve a form of zero trust access.

[1] - https://github.com/greenstatic/openspa

[2] - https://github.com/mrash/fwknop

I am currently re-writting the OpenSPA protocol (version 2) and I plan on playing around with eBPF as well, so thanks eeriedusk for paving the way :)