Concealing a network connected device

Methods and apparatus for concealing a network connected device are disclosed. In a preferred embodiment of the invention, a network client inserts an validation key into the SEQ and ACK fields of a TCP connection request (TCP-SYN). The TCP connection request is sent to an validating server. The validating server extracts the validation key and uses it, with other implicit and explicit data contained within the TCP connection request to validate the connection establishment request. If the connection request is validated, the validating server responds with a TCP-SYN/ACK as described in the TCP protocol specification. If the TCP connection request is denied, the request is discarded and nothing is sent back to the requester, in this case the network client. When an internet port scanner sends a TCP connection request to a validating network server without the proper key, the request is silently discarded or “black-holed.” This makes the validating server appear to the internet port scanner to not exist. The validating server has completely concealed itself from unauthorized and unvalidated connections.