SlideShare a Scribd company logo
Mikrotik Firewall 
Securing Your Router With Port 
Knocking
Introduction 
 Name : Akbar 
 Mikrotik User Since : Mid 2005 
 IT Manager @ Agung Sedayu Group 
 Trainer For Ufoakses Mikrotik Training 
 www.forummikrotik.com 
 akbar@forummikrotik.com 
Forum Mikrotik Indonesia www.forummikrotik.com 2
What is Port Knocking ? 
 Port Knocking is a method of externally 
opening ports on a firewall by generating a 
connection attempt on a set of prespecified 
closed ports 
 Once a correct sequence of connection 
attempts is received, the firewall rules are 
dynamically modified to allow the host which 
sent the connection attempts to connect over 
specific port(s) 
Forum Mikrotik Indonesia www.forummikrotik.com 3
Port Knocking Process 
Connection Attempt to Router with 
Winbox or Telnet or SSH 
Connection Attempt Rejected / Drop 
Knock : Connection Attempt to Pre 
Defined Port 
Firewall Rules Dynamically Modified 
to Allow Access From That Host 
Connection Attempt to Router with 
Winbox or Telnet or SSH 
Connection Granted 
Host Router 
with 
Firewall 
Forum Mikrotik Indonesia www.forummikrotik.com 4
Why Port Knocking ? 
 The primary purpose of port knocking is to 
prevent an attacker from scanning a system 
for potentially exploitable services by doing a 
port scan, because unless the attacker sends 
the correct knock sequence, the protected 
ports will appear closed. 
Forum Mikrotik Indonesia www.forummikrotik.com 5
When to Use Port Knocking ? 
 When you need to do remote configuration or 
monitoring from remote area 
 When you try to decrease brute force attack 
Forum Mikrotik Indonesia www.forummikrotik.com 6
How to Apply Port Knocking in 
Mikrotik ? 
Forum Mikrotik Indonesia www.forummikrotik.com 7 
 Using : 
 Firewall Filter 
 Address List 
 Knock Application 
Please download the application from : 
www.zeroflux.org
The Basic of Firewall Filter 
Forum Mikrotik Indonesia www.forummikrotik.com 8
The Basic of Firewall Filter 
 Firewall Filter is used for packet filtering 
 Firewall Filter consist of IF-THEN rules 
IF <conditions> THEN <action> 
 Firewall Filter is done in sequential top to 
bottom 
 Firewall Filter are organized in chains 
Forum Mikrotik Indonesia www.forummikrotik.com 9
The Basic of Firewall Filter 
 Input : Processes packets addressed to the router 
itself 
 Output : Processes packets sent by the router 
itself 
 Forward : processes traffic sent through the router 
Forum Mikrotik Indonesia www.forummikrotik.com 10
Chain Input 
Forum Mikrotik Indonesia www.forummikrotik.com 11
Chain Output 
Forum Mikrotik Indonesia www.forummikrotik.com 12
Chain Forward 
Forum Mikrotik Indonesia www.forummikrotik.com 13
Firewall Filter Action 
 Accept – accept the packet. No action is taken, I.e the packet is passed 
thourgh and no more rules applied to it 
 Add-dst-to-address-list – adds destination address of an IP packet to the 
address list specified by address-list parameter 
 Add-src-to-address-list – adds source address of an IP packet to the 
address list specified by address-list parameter 
 Drop – silently drop the packet (without sending the ICMP reject messege) 
 Jump – jump to the chain specified by the value of the jump-target-parameter 
 Log – each match with this action will add a messege to the system log 
 Passthrogh – ignores this rule and goes on the next one 
 Reject – reject the packet and send an ICMP reject messege 
 Return – passes control back to the chain where the jump took place 
 Tarpit – captures and hold incoming TCP connections (replies with 
SYN/ACK to the inbound TCP SYN packet 
Forum Mikrotik Indonesia www.forummikrotik.com 14
IP Address List 
 You can also define group 
of IP address using “IP 
address List” 
 IP address List can be used 
in Firewall Rules to apply 
certain action 
 You can use mangle or 
firewall filter rule to 
dynamicly add IP address to 
IP address List certain time 
limit 
Forum Mikrotik Indonesia www.forummikrotik.com 15
Let’s Start Implementing 
Port Knocking in 
Mikrotik Router OS… 
Forum Mikrotik Indonesia www.forummikrotik.com 16
Case Studies 
192.168.33.254 
LAN 
10.1.1.254 
192.168.33.0/24 
Internet 
Mikrotik Router 
Forum Mikrotik Indonesia www.forummikrotik.com 17 
Remote Area 
(Home, Café, etc)
Case Studies 
 We only allowed access to router only from 
several IP from LAN : 
 192.168.33.10 Until 192.168.33.20 
 Different IP from LAN have to knock first 
before gain access to router 
 Remote area from Internet have to knock first 
before gain access to router 
Forum Mikrotik Indonesia www.forummikrotik.com 18
Case Studies 
 We will only allowed access to router from 
address list named “Safe Haven” 
 Other have to knock first to : 
 Protocol TCP, Port 1337 
 Protocol UDP, Port 17954 
Forum Mikrotik Indonesia www.forummikrotik.com 19
Adding Allowed LAN Address 
to Address List 
add address=192.168.33.10-192.168.33.20 comment="" disabled=no list= 
"Save Haven" 
Forum Mikrotik Indonesia www.forummikrotik.com 20
Knock Rules 1 
add action=add-src-to-address-list address-list=knock-knock address-list-timeout= 
15s chain=input comment="Knock 1" disabled=no dst-port=1337 
Forum Mikrotik Indonesia www.forummikrotik.com 21 
protocol=tcp
Knock Rules 2 
add action=add-src-to-address-list address-list="Save Haven“ address-list-timeout= 
3h chain=input comment="Knock 2 - OK" disabled=no dst-port=17954 
protocol=udp src-address-list=knock-knock 
Forum Mikrotik Indonesia www.forummikrotik.com 22
Only Allowing “Save Haven” to 
Connect to the router 
add action=accept chain=input comment="Only Allow Access from Save 
Haven" disabled=no src-address-list="Save Haven" 
Forum Mikrotik Indonesia www.forummikrotik.com 23
Drop Everything Else 
add action=drop chain=input comment="Drop Everything Else" disabled=no 
Forum Mikrotik Indonesia www.forummikrotik.com 24
Configuration 
Here’s the configuration for port knocking. Just make sure you don’t 
change the sequence or this will not worked 
Forum Mikrotik Indonesia www.forummikrotik.com 25
Knock Attempt 
 Hosts have to Knock the correct ports 
 Hosts IP Address that have knocked the correct 
ports will be put in dynamically to “Save Haven” 
Address List 
 Hosts can access router 
Forum Mikrotik Indonesia www.forummikrotik.com 26
Forum Mikrotik Indonesia www.forummikrotik.com 27 
Closing 
 Port Knocking is useful for securing the router 
 Port Knocking is also useful to decrease a brute 
force attack 
 Port Knocking has it’s weakness also: 
 It' s possible to spy out the knocking sequence by sniffing 
the network 
 It' s necessary to have a special knocking-client 
 Port Knocking is only one method to secure the 
router, best to combine this with other methods.
Thank You 
Your Question Will be Appreciated 
Forum Mikrotik Indonesia www.forummikrotik.com 28

More Related Content

What's hot

HOTSPOT on MikroTik Router
HOTSPOT on MikroTik RouterHOTSPOT on MikroTik Router
HOTSPOT on MikroTik Router
KHNOG
 
MikroTik MTCNA
MikroTik MTCNAMikroTik MTCNA
MikroTik MTCNA
Ali Layth
 
Fools your enemy with MikroTik
Fools your enemy with MikroTikFools your enemy with MikroTik
Fools your enemy with MikroTik
Didiet Kusumadihardja
 
Cisco IPv6 Tutorial
Cisco IPv6 TutorialCisco IPv6 Tutorial
Cisco IPv6 Tutorial
kriz5
 
HSRP ccna
HSRP ccna HSRP ccna
HSRP ccna
MohamedJafar5
 
Mikrotik Hotspot
Mikrotik HotspotMikrotik Hotspot
Mikrotik Hotspot
GLC Networks
 
MikroTik Security
MikroTik SecurityMikroTik Security
MikroTik Security
Rofiq Fauzi
 
Layer 7 Firewall on Mikrotik
Layer 7 Firewall on MikrotikLayer 7 Firewall on Mikrotik
Layer 7 Firewall on Mikrotik
GLC Networks
 
Mikrotik IP Settings For Performance and Security
Mikrotik IP Settings For Performance and SecurityMikrotik IP Settings For Performance and Security
Mikrotik IP Settings For Performance and Security
GLC Networks
 
BGP Services IP Transit vs IP Peering
BGP Services  IP Transit vs IP PeeringBGP Services  IP Transit vs IP Peering
BGP Services IP Transit vs IP Peering
GLC Networks
 
CCNA Lab Guide
CCNA Lab GuideCCNA Lab Guide
CCNA Lab Guide
Salachudin Emir
 
Route Redistribution
Route RedistributionRoute Redistribution
Route Redistribution
Netwax Lab
 
Mikrotik Hotspot With Queue Tree BW Management
Mikrotik Hotspot With Queue Tree BW ManagementMikrotik Hotspot With Queue Tree BW Management
Mikrotik Hotspot With Queue Tree BW Management
gopartheredbuff
 
MikroTik Basic Training Class - Online Moduls - English
 MikroTik Basic Training Class - Online Moduls - English MikroTik Basic Training Class - Online Moduls - English
MikroTik Basic Training Class - Online Moduls - English
Adhie Lesmana
 
Basic command to configure mikrotik
Basic command to configure mikrotikBasic command to configure mikrotik
Basic command to configure mikrotik
Tola LENG
 
CCNA Basic Switching and Switch Configuration
CCNA Basic Switching and Switch ConfigurationCCNA Basic Switching and Switch Configuration
CCNA Basic Switching and Switch ConfigurationDsunte Wilson
 
Tunnel vs VPN on Mikrotik
Tunnel vs VPN on MikrotikTunnel vs VPN on Mikrotik
Tunnel vs VPN on Mikrotik
GLC Networks
 
ccna project on topic company infrastructure
ccna project on topic company infrastructureccna project on topic company infrastructure
ccna project on topic company infrastructure
Prince Gautam
 
Basic security &amp; info
Basic security &amp; infoBasic security &amp; info
Basic security &amp; info
Tola LENG
 

What's hot (20)

Mikro tik advanced training
Mikro tik advanced trainingMikro tik advanced training
Mikro tik advanced training
 
HOTSPOT on MikroTik Router
HOTSPOT on MikroTik RouterHOTSPOT on MikroTik Router
HOTSPOT on MikroTik Router
 
MikroTik MTCNA
MikroTik MTCNAMikroTik MTCNA
MikroTik MTCNA
 
Fools your enemy with MikroTik
Fools your enemy with MikroTikFools your enemy with MikroTik
Fools your enemy with MikroTik
 
Cisco IPv6 Tutorial
Cisco IPv6 TutorialCisco IPv6 Tutorial
Cisco IPv6 Tutorial
 
HSRP ccna
HSRP ccna HSRP ccna
HSRP ccna
 
Mikrotik Hotspot
Mikrotik HotspotMikrotik Hotspot
Mikrotik Hotspot
 
MikroTik Security
MikroTik SecurityMikroTik Security
MikroTik Security
 
Layer 7 Firewall on Mikrotik
Layer 7 Firewall on MikrotikLayer 7 Firewall on Mikrotik
Layer 7 Firewall on Mikrotik
 
Mikrotik IP Settings For Performance and Security
Mikrotik IP Settings For Performance and SecurityMikrotik IP Settings For Performance and Security
Mikrotik IP Settings For Performance and Security
 
BGP Services IP Transit vs IP Peering
BGP Services  IP Transit vs IP PeeringBGP Services  IP Transit vs IP Peering
BGP Services IP Transit vs IP Peering
 
CCNA Lab Guide
CCNA Lab GuideCCNA Lab Guide
CCNA Lab Guide
 
Route Redistribution
Route RedistributionRoute Redistribution
Route Redistribution
 
Mikrotik Hotspot With Queue Tree BW Management
Mikrotik Hotspot With Queue Tree BW ManagementMikrotik Hotspot With Queue Tree BW Management
Mikrotik Hotspot With Queue Tree BW Management
 
MikroTik Basic Training Class - Online Moduls - English
 MikroTik Basic Training Class - Online Moduls - English MikroTik Basic Training Class - Online Moduls - English
MikroTik Basic Training Class - Online Moduls - English
 
Basic command to configure mikrotik
Basic command to configure mikrotikBasic command to configure mikrotik
Basic command to configure mikrotik
 
CCNA Basic Switching and Switch Configuration
CCNA Basic Switching and Switch ConfigurationCCNA Basic Switching and Switch Configuration
CCNA Basic Switching and Switch Configuration
 
Tunnel vs VPN on Mikrotik
Tunnel vs VPN on MikrotikTunnel vs VPN on Mikrotik
Tunnel vs VPN on Mikrotik
 
ccna project on topic company infrastructure
ccna project on topic company infrastructureccna project on topic company infrastructure
ccna project on topic company infrastructure
 
Basic security &amp; info
Basic security &amp; infoBasic security &amp; info
Basic security &amp; info
 

Similar to MikroTik Firewall : Securing your Router with Port Knocking

Ukk tkj p1 proxy mikrotik2014 2015
Ukk tkj p1 proxy mikrotik2014 2015Ukk tkj p1 proxy mikrotik2014 2015
Ukk tkj p1 proxy mikrotik2014 2015Riza Hafizhuddin
 
SETING DAN KONFIGURASI ROUTERBOARD MIKROTIK RB 750 METODE TEX
SETING DAN KONFIGURASI ROUTERBOARD  MIKROTIK RB 750 METODE TEXSETING DAN KONFIGURASI ROUTERBOARD  MIKROTIK RB 750 METODE TEX
SETING DAN KONFIGURASI ROUTERBOARD MIKROTIK RB 750 METODE TEX
Kadek Kamastika
 
Tutorial mikrotik step by step
Tutorial mikrotik step by stepTutorial mikrotik step by step
Tutorial mikrotik step by step
Dewa Ketut Setiawan
 
Tutorial mikrotik step by step anung muhandanu
Tutorial mikrotik step by step  anung muhandanu Tutorial mikrotik step by step  anung muhandanu
Tutorial mikrotik step by step anung muhandanu Alessandro De Suoodh
 
Chapter_Five[1].ppt
Chapter_Five[1].pptChapter_Five[1].ppt
Chapter_Five[1].ppt
BachaSirata
 
Modul 3 Firewalll.ppt
Modul 3 Firewalll.pptModul 3 Firewalll.ppt
Modul 3 Firewalll.ppt
cemporku
 
26.1.7 lab snort and firewall rules
26.1.7 lab   snort and firewall rules26.1.7 lab   snort and firewall rules
26.1.7 lab snort and firewall rules
Freddy Buenaño
 
Firewall Facts
Firewall FactsFirewall Facts
Firewall Facts
DAVID RAUDALES
 
Firewall - Network Defense in Depth Firewalls
Firewall - Network Defense in Depth FirewallsFirewall - Network Defense in Depth Firewalls
Firewall - Network Defense in Depth Firewalls
phanleson
 
CCNA Security 09- ios firewall fundamentals
CCNA Security 09- ios firewall fundamentalsCCNA Security 09- ios firewall fundamentals
CCNA Security 09- ios firewall fundamentals
Ahmed Habib
 
Router security-configuration-guide-executive-summary
Router security-configuration-guide-executive-summaryRouter security-configuration-guide-executive-summary
Router security-configuration-guide-executive-summary
moonmanik
 
Firewall arch by Tareq Hanaysha
Firewall arch by Tareq HanayshaFirewall arch by Tareq Hanaysha
Firewall arch by Tareq HanayshaHanaysha
 
Fire & Ice: Making and Breaking macOS Firewalls
Fire & Ice: Making and Breaking macOS FirewallsFire & Ice: Making and Breaking macOS Firewalls
Fire & Ice: Making and Breaking macOS Firewalls
Priyanka Aash
 
Configure Mikrotik Khmer.pdf
Configure Mikrotik Khmer.pdfConfigure Mikrotik Khmer.pdf
Configure Mikrotik Khmer.pdf
BT Digital
 
Cisco discovery drs ent module 8 - v.4 in english.
Cisco discovery   drs ent module 8 - v.4 in english.Cisco discovery   drs ent module 8 - v.4 in english.
Cisco discovery drs ent module 8 - v.4 in english.igede tirtanata
 
Floodlight with Firewall and Network Virtualization
Floodlight with Firewall and Network VirtualizationFloodlight with Firewall and Network Virtualization
Floodlight with Firewall and Network Virtualization
Ankita Mandekar
 
Note I only need the last 3 sub-questions ( e, f and g) 3. Firew.pdf
Note I only need the last 3 sub-questions ( e, f and g) 3. Firew.pdfNote I only need the last 3 sub-questions ( e, f and g) 3. Firew.pdf
Note I only need the last 3 sub-questions ( e, f and g) 3. Firew.pdf
ezonesolutions
 

Similar to MikroTik Firewall : Securing your Router with Port Knocking (20)

Ukk tkj p1 proxy mikrotik2014 2015
Ukk tkj p1 proxy mikrotik2014 2015Ukk tkj p1 proxy mikrotik2014 2015
Ukk tkj p1 proxy mikrotik2014 2015
 
SETING DAN KONFIGURASI ROUTERBOARD MIKROTIK RB 750 METODE TEX
SETING DAN KONFIGURASI ROUTERBOARD  MIKROTIK RB 750 METODE TEXSETING DAN KONFIGURASI ROUTERBOARD  MIKROTIK RB 750 METODE TEX
SETING DAN KONFIGURASI ROUTERBOARD MIKROTIK RB 750 METODE TEX
 
Tutorial mikrotik step by step
Tutorial mikrotik step by stepTutorial mikrotik step by step
Tutorial mikrotik step by step
 
Tutorial mikrotik step by step anung muhandanu
Tutorial mikrotik step by step  anung muhandanu Tutorial mikrotik step by step  anung muhandanu
Tutorial mikrotik step by step anung muhandanu
 
Chapter_Five[1].ppt
Chapter_Five[1].pptChapter_Five[1].ppt
Chapter_Five[1].ppt
 
Modul 3 Firewalll.ppt
Modul 3 Firewalll.pptModul 3 Firewalll.ppt
Modul 3 Firewalll.ppt
 
26.1.7 lab snort and firewall rules
26.1.7 lab   snort and firewall rules26.1.7 lab   snort and firewall rules
26.1.7 lab snort and firewall rules
 
100197
100197100197
100197
 
Firewall Facts
Firewall FactsFirewall Facts
Firewall Facts
 
Firewall - Network Defense in Depth Firewalls
Firewall - Network Defense in Depth FirewallsFirewall - Network Defense in Depth Firewalls
Firewall - Network Defense in Depth Firewalls
 
CCNA Security 09- ios firewall fundamentals
CCNA Security 09- ios firewall fundamentalsCCNA Security 09- ios firewall fundamentals
CCNA Security 09- ios firewall fundamentals
 
Router security-configuration-guide-executive-summary
Router security-configuration-guide-executive-summaryRouter security-configuration-guide-executive-summary
Router security-configuration-guide-executive-summary
 
Firewall arch by Tareq Hanaysha
Firewall arch by Tareq HanayshaFirewall arch by Tareq Hanaysha
Firewall arch by Tareq Hanaysha
 
Fire & Ice: Making and Breaking macOS Firewalls
Fire & Ice: Making and Breaking macOS FirewallsFire & Ice: Making and Breaking macOS Firewalls
Fire & Ice: Making and Breaking macOS Firewalls
 
Configure Mikrotik Khmer.pdf
Configure Mikrotik Khmer.pdfConfigure Mikrotik Khmer.pdf
Configure Mikrotik Khmer.pdf
 
Cisco discovery drs ent module 8 - v.4 in english.
Cisco discovery   drs ent module 8 - v.4 in english.Cisco discovery   drs ent module 8 - v.4 in english.
Cisco discovery drs ent module 8 - v.4 in english.
 
Set review 1
Set review 1Set review 1
Set review 1
 
Floodlight with Firewall and Network Virtualization
Floodlight with Firewall and Network VirtualizationFloodlight with Firewall and Network Virtualization
Floodlight with Firewall and Network Virtualization
 
Note I only need the last 3 sub-questions ( e, f and g) 3. Firew.pdf
Note I only need the last 3 sub-questions ( e, f and g) 3. Firew.pdfNote I only need the last 3 sub-questions ( e, f and g) 3. Firew.pdf
Note I only need the last 3 sub-questions ( e, f and g) 3. Firew.pdf
 
Firewalls (6)
Firewalls (6)Firewalls (6)
Firewalls (6)
 

More from Akbar Azwir, MM, PMP, PMI-SP, PSM I, CISSP

Multi-criteria Decision Making dengan Advance Hierarchy Process
 Multi-criteria Decision Making dengan Advance Hierarchy Process Multi-criteria Decision Making dengan Advance Hierarchy Process
Multi-criteria Decision Making dengan Advance Hierarchy Process
Akbar Azwir, MM, PMP, PMI-SP, PSM I, CISSP
 
Open Zoom Conference - Let's talk about PMP Certification
Open Zoom Conference - Let's talk about PMP CertificationOpen Zoom Conference - Let's talk about PMP Certification
Open Zoom Conference - Let's talk about PMP Certification
Akbar Azwir, MM, PMP, PMI-SP, PSM I, CISSP
 
Risks in Project
Risks in ProjectRisks in Project
Blockchain presentation for prudential
Blockchain presentation for prudentialBlockchain presentation for prudential
Blockchain presentation for prudential
Akbar Azwir, MM, PMP, PMI-SP, PSM I, CISSP
 
Mikrotik RouterOS Security Audit Checklist by Akbar Azwir
Mikrotik RouterOS Security Audit Checklist by Akbar AzwirMikrotik RouterOS Security Audit Checklist by Akbar Azwir
Mikrotik RouterOS Security Audit Checklist by Akbar Azwir
Akbar Azwir, MM, PMP, PMI-SP, PSM I, CISSP
 
Introduction to MikroTik RouterOS API
Introduction to MikroTik RouterOS APIIntroduction to MikroTik RouterOS API
Introduction to MikroTik RouterOS API
Akbar Azwir, MM, PMP, PMI-SP, PSM I, CISSP
 
Abac and the evolution of access control
Abac and the evolution of access controlAbac and the evolution of access control
Abac and the evolution of access control
Akbar Azwir, MM, PMP, PMI-SP, PSM I, CISSP
 

More from Akbar Azwir, MM, PMP, PMI-SP, PSM I, CISSP (7)

Multi-criteria Decision Making dengan Advance Hierarchy Process
 Multi-criteria Decision Making dengan Advance Hierarchy Process Multi-criteria Decision Making dengan Advance Hierarchy Process
Multi-criteria Decision Making dengan Advance Hierarchy Process
 
Open Zoom Conference - Let's talk about PMP Certification
Open Zoom Conference - Let's talk about PMP CertificationOpen Zoom Conference - Let's talk about PMP Certification
Open Zoom Conference - Let's talk about PMP Certification
 
Risks in Project
Risks in ProjectRisks in Project
Risks in Project
 
Blockchain presentation for prudential
Blockchain presentation for prudentialBlockchain presentation for prudential
Blockchain presentation for prudential
 
Mikrotik RouterOS Security Audit Checklist by Akbar Azwir
Mikrotik RouterOS Security Audit Checklist by Akbar AzwirMikrotik RouterOS Security Audit Checklist by Akbar Azwir
Mikrotik RouterOS Security Audit Checklist by Akbar Azwir
 
Introduction to MikroTik RouterOS API
Introduction to MikroTik RouterOS APIIntroduction to MikroTik RouterOS API
Introduction to MikroTik RouterOS API
 
Abac and the evolution of access control
Abac and the evolution of access controlAbac and the evolution of access control
Abac and the evolution of access control
 

Recently uploaded

FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
OnBoard
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
DianaGray10
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
BookNet Canada
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Ramesh Iyer
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
Product School
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
Alison B. Lowndes
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
Product School
 
Generating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using SmithyGenerating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using Smithy
g2nightmarescribd
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
Product School
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Thierry Lestable
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
Safe Software
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
Paul Groth
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
Product School
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
Laura Byrne
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
DianaGray10
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
ControlCase
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Product School
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Tobias Schneck
 

Recently uploaded (20)

FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
 
Generating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using SmithyGenerating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using Smithy
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
 

MikroTik Firewall : Securing your Router with Port Knocking

  • 1. Mikrotik Firewall Securing Your Router With Port Knocking
  • 2. Introduction  Name : Akbar  Mikrotik User Since : Mid 2005  IT Manager @ Agung Sedayu Group  Trainer For Ufoakses Mikrotik Training  www.forummikrotik.com  akbar@forummikrotik.com Forum Mikrotik Indonesia www.forummikrotik.com 2
  • 3. What is Port Knocking ?  Port Knocking is a method of externally opening ports on a firewall by generating a connection attempt on a set of prespecified closed ports  Once a correct sequence of connection attempts is received, the firewall rules are dynamically modified to allow the host which sent the connection attempts to connect over specific port(s) Forum Mikrotik Indonesia www.forummikrotik.com 3
  • 4. Port Knocking Process Connection Attempt to Router with Winbox or Telnet or SSH Connection Attempt Rejected / Drop Knock : Connection Attempt to Pre Defined Port Firewall Rules Dynamically Modified to Allow Access From That Host Connection Attempt to Router with Winbox or Telnet or SSH Connection Granted Host Router with Firewall Forum Mikrotik Indonesia www.forummikrotik.com 4
  • 5. Why Port Knocking ?  The primary purpose of port knocking is to prevent an attacker from scanning a system for potentially exploitable services by doing a port scan, because unless the attacker sends the correct knock sequence, the protected ports will appear closed. Forum Mikrotik Indonesia www.forummikrotik.com 5
  • 6. When to Use Port Knocking ?  When you need to do remote configuration or monitoring from remote area  When you try to decrease brute force attack Forum Mikrotik Indonesia www.forummikrotik.com 6
  • 7. How to Apply Port Knocking in Mikrotik ? Forum Mikrotik Indonesia www.forummikrotik.com 7  Using :  Firewall Filter  Address List  Knock Application Please download the application from : www.zeroflux.org
  • 8. The Basic of Firewall Filter Forum Mikrotik Indonesia www.forummikrotik.com 8
  • 9. The Basic of Firewall Filter  Firewall Filter is used for packet filtering  Firewall Filter consist of IF-THEN rules IF <conditions> THEN <action>  Firewall Filter is done in sequential top to bottom  Firewall Filter are organized in chains Forum Mikrotik Indonesia www.forummikrotik.com 9
  • 10. The Basic of Firewall Filter  Input : Processes packets addressed to the router itself  Output : Processes packets sent by the router itself  Forward : processes traffic sent through the router Forum Mikrotik Indonesia www.forummikrotik.com 10
  • 11. Chain Input Forum Mikrotik Indonesia www.forummikrotik.com 11
  • 12. Chain Output Forum Mikrotik Indonesia www.forummikrotik.com 12
  • 13. Chain Forward Forum Mikrotik Indonesia www.forummikrotik.com 13
  • 14. Firewall Filter Action  Accept – accept the packet. No action is taken, I.e the packet is passed thourgh and no more rules applied to it  Add-dst-to-address-list – adds destination address of an IP packet to the address list specified by address-list parameter  Add-src-to-address-list – adds source address of an IP packet to the address list specified by address-list parameter  Drop – silently drop the packet (without sending the ICMP reject messege)  Jump – jump to the chain specified by the value of the jump-target-parameter  Log – each match with this action will add a messege to the system log  Passthrogh – ignores this rule and goes on the next one  Reject – reject the packet and send an ICMP reject messege  Return – passes control back to the chain where the jump took place  Tarpit – captures and hold incoming TCP connections (replies with SYN/ACK to the inbound TCP SYN packet Forum Mikrotik Indonesia www.forummikrotik.com 14
  • 15. IP Address List  You can also define group of IP address using “IP address List”  IP address List can be used in Firewall Rules to apply certain action  You can use mangle or firewall filter rule to dynamicly add IP address to IP address List certain time limit Forum Mikrotik Indonesia www.forummikrotik.com 15
  • 16. Let’s Start Implementing Port Knocking in Mikrotik Router OS… Forum Mikrotik Indonesia www.forummikrotik.com 16
  • 17. Case Studies 192.168.33.254 LAN 10.1.1.254 192.168.33.0/24 Internet Mikrotik Router Forum Mikrotik Indonesia www.forummikrotik.com 17 Remote Area (Home, Café, etc)
  • 18. Case Studies  We only allowed access to router only from several IP from LAN :  192.168.33.10 Until 192.168.33.20  Different IP from LAN have to knock first before gain access to router  Remote area from Internet have to knock first before gain access to router Forum Mikrotik Indonesia www.forummikrotik.com 18
  • 19. Case Studies  We will only allowed access to router from address list named “Safe Haven”  Other have to knock first to :  Protocol TCP, Port 1337  Protocol UDP, Port 17954 Forum Mikrotik Indonesia www.forummikrotik.com 19
  • 20. Adding Allowed LAN Address to Address List add address=192.168.33.10-192.168.33.20 comment="" disabled=no list= "Save Haven" Forum Mikrotik Indonesia www.forummikrotik.com 20
  • 21. Knock Rules 1 add action=add-src-to-address-list address-list=knock-knock address-list-timeout= 15s chain=input comment="Knock 1" disabled=no dst-port=1337 Forum Mikrotik Indonesia www.forummikrotik.com 21 protocol=tcp
  • 22. Knock Rules 2 add action=add-src-to-address-list address-list="Save Haven“ address-list-timeout= 3h chain=input comment="Knock 2 - OK" disabled=no dst-port=17954 protocol=udp src-address-list=knock-knock Forum Mikrotik Indonesia www.forummikrotik.com 22
  • 23. Only Allowing “Save Haven” to Connect to the router add action=accept chain=input comment="Only Allow Access from Save Haven" disabled=no src-address-list="Save Haven" Forum Mikrotik Indonesia www.forummikrotik.com 23
  • 24. Drop Everything Else add action=drop chain=input comment="Drop Everything Else" disabled=no Forum Mikrotik Indonesia www.forummikrotik.com 24
  • 25. Configuration Here’s the configuration for port knocking. Just make sure you don’t change the sequence or this will not worked Forum Mikrotik Indonesia www.forummikrotik.com 25
  • 26. Knock Attempt  Hosts have to Knock the correct ports  Hosts IP Address that have knocked the correct ports will be put in dynamically to “Save Haven” Address List  Hosts can access router Forum Mikrotik Indonesia www.forummikrotik.com 26
  • 27. Forum Mikrotik Indonesia www.forummikrotik.com 27 Closing  Port Knocking is useful for securing the router  Port Knocking is also useful to decrease a brute force attack  Port Knocking has it’s weakness also:  It' s possible to spy out the knocking sequence by sniffing the network  It' s necessary to have a special knocking-client  Port Knocking is only one method to secure the router, best to combine this with other methods.
  • 28. Thank You Your Question Will be Appreciated Forum Mikrotik Indonesia www.forummikrotik.com 28