This presentation was presented at MUM Indonesia at Bali in 2008. Discussed about how to put extra layer of security into your MikroTik Router using Port Knocking mechanism.
Marek Isalski, Faelix.net Ltd, describes the MikroTik range of routers and their applications, gives a pros and cons summary, and recommendations for budget provider edge deployment.
MUM Melbourne : Build Enterprise Wireless with CAPsMANGLC Networks
MUM Melbourne May 2018 topic: Build enterprise wireless with CAPsMAN
Presenter: Achmad Mardiansyah
In this MUM series, We are discussing Build enterprise wireless with CAPsMAN
Please share your feedback or webinar ideas here: http://bit.ly/glcfeedback
Check our schedule for future events: https://www.glcnetworks.com/schedule/
Follow our social media for updates: Facebook, Instagram, YouTube Channel, and telegram
Webinar topic: BGP tuning: Peer with loopback
Presenter: Achmad Mardiansyah
In this webinar, we discussed BGP tuning: peer with loopback. a loopback interface is a virtual interface, which is always ON and will not be affected by physical status. therefore it is very useful to use it as a peering parameter to ensure high availability of BGP peer.
Please share your feedback or webinar ideas here: http://bit.ly/glcfeedback
Check our schedule for future events: https://www.glcnetworks.com/en/schedule/
Follow our social media for updates: Facebook, Instagram, YouTube Channel, and telegram also discord
Recording is available on youtube:
https://youtu.be/tRW1xQDtH7w
In this webinar, we will discuss about the basic concept of routing, try to understand how the router work, how the routing table is used to forward packets, and how to implement them with mikrotik router. we review some prior knowledge before. after attending this webinar, we expect you understand how the packet is forwarded on router.
In this webinar, we are talking about BGP implementation on mikrotik router. the presentation starts with the fundamental of BGP and then discuss about Basic BGP setting on RouterOS
Marek Isalski, Faelix.net Ltd, describes the MikroTik range of routers and their applications, gives a pros and cons summary, and recommendations for budget provider edge deployment.
MUM Melbourne : Build Enterprise Wireless with CAPsMANGLC Networks
MUM Melbourne May 2018 topic: Build enterprise wireless with CAPsMAN
Presenter: Achmad Mardiansyah
In this MUM series, We are discussing Build enterprise wireless with CAPsMAN
Please share your feedback or webinar ideas here: http://bit.ly/glcfeedback
Check our schedule for future events: https://www.glcnetworks.com/schedule/
Follow our social media for updates: Facebook, Instagram, YouTube Channel, and telegram
Webinar topic: BGP tuning: Peer with loopback
Presenter: Achmad Mardiansyah
In this webinar, we discussed BGP tuning: peer with loopback. a loopback interface is a virtual interface, which is always ON and will not be affected by physical status. therefore it is very useful to use it as a peering parameter to ensure high availability of BGP peer.
Please share your feedback or webinar ideas here: http://bit.ly/glcfeedback
Check our schedule for future events: https://www.glcnetworks.com/en/schedule/
Follow our social media for updates: Facebook, Instagram, YouTube Channel, and telegram also discord
Recording is available on youtube:
https://youtu.be/tRW1xQDtH7w
In this webinar, we will discuss about the basic concept of routing, try to understand how the router work, how the routing table is used to forward packets, and how to implement them with mikrotik router. we review some prior knowledge before. after attending this webinar, we expect you understand how the packet is forwarded on router.
In this webinar, we are talking about BGP implementation on mikrotik router. the presentation starts with the fundamental of BGP and then discuss about Basic BGP setting on RouterOS
With the emerging security threat nowadays, we should know how to detect and analyze every possible threat to your network.
Just with simple solution we could make our MikroTik to became a powerful tool to fool the hacker.
MikroTik as Low Interaction HoneyPot.
Webinar topic: Mikrotik Hotspot
Presenter: Achmad Mardiansyah
In this webinar series, We are discussing Mikrotik Hotspot
Please share your feedback or webinar ideas here: http://bit.ly/glcfeedback
Check our schedule for future events: https://www.glcnetworks.com/en/schedule/
Follow our social media for updates: Facebook, Instagram, YouTube Channel, and telegram
The recording is available on Youtube
https://youtu.be/CX1STkMY3zQ
Webinar topic: Layer 7 Firewall on Mikrotik
Presenter: Achmad Mardiansyah
In this webinar series, We are discussing Network Security with Mikrotik
Please share your feedback or webinar ideas here: http://bit.ly/glcfeedback
Check our schedule for future events: https://www.glcnetworks.com/en/schedule/
Follow our social media for updates: Facebook, Instagram, YouTube Channel, and telegram
Recording is available on Youtube
https://youtu.be/Z0Akaksp0DA
Mikrotik IP Settings For Performance and SecurityGLC Networks
Webinar topic: Mikrotik IP Settings For Performance and Security
Presenter: Achmad Mardiansyah
In this webinar series, we discussed about Mikrotik IP Settings For Performance and Security
Please share your feedback or webinar ideas here: http://bit.ly/glcfeedback
Check our schedule for future events: https://www.glcnetworks.com/en/schedule/
Follow our social media for updates: Facebook, Instagram, YouTube Channel, and telegram also discord
Recording available on Youtube
https://youtu.be/9ldLm969rxo
Webinar topic: BGP Services IP Transit vs IP Peering
Presenter: Achmad Mardiansyah
In this webinar series, We are discussing BGP Services IP Transit vs IP Peering
Please share your feedback or webinar ideas here: http://bit.ly/glcfeedback
Check our schedule for future events: https://www.glcnetworks.com/en/schedule/
Follow our social media for updates: Facebook, Instagram, YouTube Channel, and telegram
Recording available on Youtube
https://youtu.be/TYNHBSTxiOE
Redistribution is necessary when routing protocols connect and must pass routes between the two.
Route Redistribution involves placing the routes learned from one routing domain, such as RIP, into
another routing domain, such as EIGRP.
While running a single routing protocol throughout your entire IP internetwork is desirable, multiprotocol routing is common for a number of reasons, such as company mergers, multiple departments
managed by multiple network administrators, and multi-vendor environments. Running different
routing protocols is often part of a network design.
1. Setup router
//to create a name for network card
//to assign ip address to network card
//to create NAT rule
//to assign gateway
//to assign dns
//to create dhcp
2.Create login page(Hotspot)
How to link from Mikrotik to Radius server
Webinar topic: Tunnel VS VPN on Mikrotik
Presenter: Achmad Mardiansyah
In this webinar series, We are discussing Tunnel VS VPN on Mikrotik
Please share your feedback or webinar ideas here: http://bit.ly/glcfeedback
Check our schedule for future events: https://www.glcnetworks.com/schedule/
Follow our social media for updates: Facebook, Instagram, YouTube Channel, and telegram
See you at the next event
Recording available on Youtube
https://youtu.be/VHMf9pwhOrA
Basic Security
@ Updates
-Update manager
-Enable automatic security updates(Update Setting)
=> Super windows => type the key word (System Setting) =>
@ Firewall
-In Ubuntu all ports are block by default
-Default firewall-ufw (turned off by default)
+sudo ufw status
+sudo ufw enable/disable
-Firestarter for graphical interface (recommanded)
+sudo apt-get install firestarter
+Preferences
@ User Accounts
-User & Groups
+Disable user guest
-Do not use root user (Disable by default)
+sudo passwd
+sudo passwd -l root (disable/changed expiry password)
-Use sudo instead of root (/etc/sudoers)
+sudo visudo OR sudo gedit /etc/sudoers(To set the privilege user authorized)
+sudo adduser tolaleng sudo
-Deleting Users
+sudo deluser canamall
-Removing world readable permission to home directory
+sudo chmod 0750 /home/username
-Locking/Unlocking user
+sudo passwd -l username (enable user expiry)
+sudo passwd -u username (disable user expiry)
-passwords
+sudo chage canamall (Set the password expiration)
+sudo chage-l canamall (show the password expiration)
@ Antivirus
-Clam TK (Under Accessories), other anti-virus
@ Unistall Applications
-Ubuntu Software Center-> Installed software section-> Select application and click remove
@ Processes
-To see processes
+ps aux or top
+system monitor(cacti, nagios,)
-
@ Logs
-Some of logs
+ /var/log/messages : general log messages
+ /var/log/boot : system boot log
+ /var/log/debug/ : debugging log messages
+ /var/log/auth.log : user login and authentication logs
+ /var/log/daemon.log : running services such as squid,ntpd and other log message to this file
+ /var/log/kern.log : kernel log file
-Viewing logs
+ tail, more, cat, less, grep
+ GNOME system log viewer
@Firewall
ufw
=> Security Host
* Create Standard User and enable user passwd (complexity password, strong passwd, passwd expired, invalid day of passwd, Lock and Unlock user, disable user Guest, )
* Secure remote network and host
-Telnet(Secure with the host and address connection)
-SSH (Secure with the authentication encryption key)
=> Security Backup (Data Hosting)
*Make a Full Backup of Your Machine
-Aptik (backup application)
-rsync (Remote synce)
-Gsync (Remote)
-Amanda
-Rsnapshot
With the emerging security threat nowadays, we should know how to detect and analyze every possible threat to your network.
Just with simple solution we could make our MikroTik to became a powerful tool to fool the hacker.
MikroTik as Low Interaction HoneyPot.
Webinar topic: Mikrotik Hotspot
Presenter: Achmad Mardiansyah
In this webinar series, We are discussing Mikrotik Hotspot
Please share your feedback or webinar ideas here: http://bit.ly/glcfeedback
Check our schedule for future events: https://www.glcnetworks.com/en/schedule/
Follow our social media for updates: Facebook, Instagram, YouTube Channel, and telegram
The recording is available on Youtube
https://youtu.be/CX1STkMY3zQ
Webinar topic: Layer 7 Firewall on Mikrotik
Presenter: Achmad Mardiansyah
In this webinar series, We are discussing Network Security with Mikrotik
Please share your feedback or webinar ideas here: http://bit.ly/glcfeedback
Check our schedule for future events: https://www.glcnetworks.com/en/schedule/
Follow our social media for updates: Facebook, Instagram, YouTube Channel, and telegram
Recording is available on Youtube
https://youtu.be/Z0Akaksp0DA
Mikrotik IP Settings For Performance and SecurityGLC Networks
Webinar topic: Mikrotik IP Settings For Performance and Security
Presenter: Achmad Mardiansyah
In this webinar series, we discussed about Mikrotik IP Settings For Performance and Security
Please share your feedback or webinar ideas here: http://bit.ly/glcfeedback
Check our schedule for future events: https://www.glcnetworks.com/en/schedule/
Follow our social media for updates: Facebook, Instagram, YouTube Channel, and telegram also discord
Recording available on Youtube
https://youtu.be/9ldLm969rxo
Webinar topic: BGP Services IP Transit vs IP Peering
Presenter: Achmad Mardiansyah
In this webinar series, We are discussing BGP Services IP Transit vs IP Peering
Please share your feedback or webinar ideas here: http://bit.ly/glcfeedback
Check our schedule for future events: https://www.glcnetworks.com/en/schedule/
Follow our social media for updates: Facebook, Instagram, YouTube Channel, and telegram
Recording available on Youtube
https://youtu.be/TYNHBSTxiOE
Redistribution is necessary when routing protocols connect and must pass routes between the two.
Route Redistribution involves placing the routes learned from one routing domain, such as RIP, into
another routing domain, such as EIGRP.
While running a single routing protocol throughout your entire IP internetwork is desirable, multiprotocol routing is common for a number of reasons, such as company mergers, multiple departments
managed by multiple network administrators, and multi-vendor environments. Running different
routing protocols is often part of a network design.
1. Setup router
//to create a name for network card
//to assign ip address to network card
//to create NAT rule
//to assign gateway
//to assign dns
//to create dhcp
2.Create login page(Hotspot)
How to link from Mikrotik to Radius server
Webinar topic: Tunnel VS VPN on Mikrotik
Presenter: Achmad Mardiansyah
In this webinar series, We are discussing Tunnel VS VPN on Mikrotik
Please share your feedback or webinar ideas here: http://bit.ly/glcfeedback
Check our schedule for future events: https://www.glcnetworks.com/schedule/
Follow our social media for updates: Facebook, Instagram, YouTube Channel, and telegram
See you at the next event
Recording available on Youtube
https://youtu.be/VHMf9pwhOrA
Basic Security
@ Updates
-Update manager
-Enable automatic security updates(Update Setting)
=> Super windows => type the key word (System Setting) =>
@ Firewall
-In Ubuntu all ports are block by default
-Default firewall-ufw (turned off by default)
+sudo ufw status
+sudo ufw enable/disable
-Firestarter for graphical interface (recommanded)
+sudo apt-get install firestarter
+Preferences
@ User Accounts
-User & Groups
+Disable user guest
-Do not use root user (Disable by default)
+sudo passwd
+sudo passwd -l root (disable/changed expiry password)
-Use sudo instead of root (/etc/sudoers)
+sudo visudo OR sudo gedit /etc/sudoers(To set the privilege user authorized)
+sudo adduser tolaleng sudo
-Deleting Users
+sudo deluser canamall
-Removing world readable permission to home directory
+sudo chmod 0750 /home/username
-Locking/Unlocking user
+sudo passwd -l username (enable user expiry)
+sudo passwd -u username (disable user expiry)
-passwords
+sudo chage canamall (Set the password expiration)
+sudo chage-l canamall (show the password expiration)
@ Antivirus
-Clam TK (Under Accessories), other anti-virus
@ Unistall Applications
-Ubuntu Software Center-> Installed software section-> Select application and click remove
@ Processes
-To see processes
+ps aux or top
+system monitor(cacti, nagios,)
-
@ Logs
-Some of logs
+ /var/log/messages : general log messages
+ /var/log/boot : system boot log
+ /var/log/debug/ : debugging log messages
+ /var/log/auth.log : user login and authentication logs
+ /var/log/daemon.log : running services such as squid,ntpd and other log message to this file
+ /var/log/kern.log : kernel log file
-Viewing logs
+ tail, more, cat, less, grep
+ GNOME system log viewer
@Firewall
ufw
=> Security Host
* Create Standard User and enable user passwd (complexity password, strong passwd, passwd expired, invalid day of passwd, Lock and Unlock user, disable user Guest, )
* Secure remote network and host
-Telnet(Secure with the host and address connection)
-SSH (Secure with the authentication encryption key)
=> Security Backup (Data Hosting)
*Make a Full Backup of Your Machine
-Aptik (backup application)
-rsync (Remote synce)
-Gsync (Remote)
-Amanda
-Rsnapshot
Fire & Ice: Making and Breaking macOS FirewallsPriyanka Aash
"In the ever raging battle between malicious code and anti-malware tools, firewalls play an essential role. Many a malware has been generically thwarted thanks to the watchful eye of these products.
However on macOS, firewalls are rather poorly understood. Apple's documentation surrounding it's network filter interfaces is rather lacking and all commercial macOS firewalls are closed source.
This talk aims to take a peek behind the proverbial curtain revealing how to both create and 'destroy' macOS firewalls.
In this talk, we'll first dive into what it takes to create an effective firewall for macOS. Yes we'll discuss core concepts such as kernel-level socket filtering—but also how to communicate with user-mode components, install privileged code in a secure manner, and simple ways to implement self-defense mechanisms (including protecting the UI from synthetic events).
Of course any security tool, including firewalls, can be broken. After looking at various macOS malware specimens that proactively attempt to detect such firewalls, we'll don our 'gray' (black?) hats to discuss various attacks against these products. And while some attacks are well known, others are currently undisclosed and can generically bypass even today's most vigilant Mac firewalls.
But all is not lost. By proactively discussing such attacks, combined with our newly-found understandings of firewall internals, we can improve the existing status quo, advancing firewall development. With a little luck, such advancements may foil, or at least complicate the lives of tomorrow's sophisticated Mac malware!"
Note I only need the last 3 sub-questions ( e, f and g) 3. Firew.pdfezonesolutions
Note: I only need the last 3 sub-questions ( e, f and g) 3. Firewall Design (55pts) Design a
firewall for your Linux machine using the iptables packet filtering mod- It is likely that iptables
came pre-installed with the Linux distribution you are using. In the event you are using an old
version of the Linux kernel, you may need to upgrade it for iptables to work. Your homework
consists of writing iptables rules to do the following: (a) Place no restriction on outbound
packets. (b) Allow for ssH access (port 22) to your machine from only the fiu.edu domain. (c)
Assuming you are running an HTTPD server on your machine that can make available your
entire horne directory to the outside world, write a rule that allows only a single IP address in the
internet to access your machine for the HTTP service. (d) Permit Auth/Ident (port 113) that is
used by some services like SMTP and (e) Aocept the ICMP Echo requests (as used by ping)
ooming from the outside. Respond back with TcP RST or ICMP unreachable for incoming
requests blocked ports. (g) Block all input packats from the enn.com domain and respond back
with destination unreachable error message for all incoming SYN packets from the cnn.com
domain.
Solution
(e) Echo Request:
Ping operates by sending Internet Control Message Protocol (ICMP) echo request packets to the
target host and waiting for an ICMP echo reply. It measures the round-trip time from
transmission to reception, reporting errors and packet loss.
Ping is a computer network administration software utility used to test the reachability of a host
on an Internet Protocol (IP) network.
Packet InterNet Gopher, is a computer network administration utility used to test the reachability
of a host on an Internet Protocol (IP) network and to measure the total round-trip time for
messages sent from the originating host to a destination computer and back.
Ping operates by sending Internet Control Message Protocol (ICMP) Echo Request packets to the
target host and waiting for an ICMP Echo Reply. The program reports errors, packet loss, and a
statistical summary of the results, typically including the minimum, maximum, the mean round-
trip times, and standard deviation of the mean.
The Internet Control Message Protocol (ICMP) is a supporting protocol in the Internet protocol
suite. It is used by network devices, like routers, to send error messages and operational
information indicating, for example, that a requested service is not available or that a host or
router could not be reached. ICMP differs from transport protocols such as TCPand UDP in that
it is not typically used to exchange data between systems, nor is it regularly employed by end-
user network applications (with the exception of some diagnostic tools like ping and traceroute).
The Internet Control Message Protocol (ICMP) has many messages that are identified by a
“type” field. You need to use 0 and 8 ICMP code types.
=> Zero (0) is for echo-reply
=> Eight (8) is for echo-request.
To .
Pada presentasi yang di tujukan untuk webinar kali ini, kita membahas mengenai penggunaan metode Advance Hierarchy Process untuk membantu proses pengambilan keputusan dengan multi kriteria.
Hi, this is the slides that we use for our Open Zoom Conference held on September 6th, 2019 where we talk about PMP Certification. The event was held in Bahasa Indonesia and you can watch the video at https://youtu.be/9oow7eBrweg
Prepared and presented for guest lecturing at Binus International Program, Jakarta, December 2018.
This presentation discuss about how to minimize project risks by avoiding big bang approach, and by fail early and fail fast.
A blockchain introduction material prepared for Prudential Indonesia. Discuss what blockchain is and how it will impact and disrupt many industries.
Prepared by Akbar Azwir and presented on May 22nd, 2018.
This presentation discuss the evolution of Access Control Model and also introducing ABAC or Attributes Based Access Control as a new approach for authorization.
More from Akbar Azwir, MM, PMP, PMI-SP, PSM I, CISSP (7)
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
2. Introduction
Name : Akbar
Mikrotik User Since : Mid 2005
IT Manager @ Agung Sedayu Group
Trainer For Ufoakses Mikrotik Training
www.forummikrotik.com
akbar@forummikrotik.com
Forum Mikrotik Indonesia www.forummikrotik.com 2
3. What is Port Knocking ?
Port Knocking is a method of externally
opening ports on a firewall by generating a
connection attempt on a set of prespecified
closed ports
Once a correct sequence of connection
attempts is received, the firewall rules are
dynamically modified to allow the host which
sent the connection attempts to connect over
specific port(s)
Forum Mikrotik Indonesia www.forummikrotik.com 3
4. Port Knocking Process
Connection Attempt to Router with
Winbox or Telnet or SSH
Connection Attempt Rejected / Drop
Knock : Connection Attempt to Pre
Defined Port
Firewall Rules Dynamically Modified
to Allow Access From That Host
Connection Attempt to Router with
Winbox or Telnet or SSH
Connection Granted
Host Router
with
Firewall
Forum Mikrotik Indonesia www.forummikrotik.com 4
5. Why Port Knocking ?
The primary purpose of port knocking is to
prevent an attacker from scanning a system
for potentially exploitable services by doing a
port scan, because unless the attacker sends
the correct knock sequence, the protected
ports will appear closed.
Forum Mikrotik Indonesia www.forummikrotik.com 5
6. When to Use Port Knocking ?
When you need to do remote configuration or
monitoring from remote area
When you try to decrease brute force attack
Forum Mikrotik Indonesia www.forummikrotik.com 6
7. How to Apply Port Knocking in
Mikrotik ?
Forum Mikrotik Indonesia www.forummikrotik.com 7
Using :
Firewall Filter
Address List
Knock Application
Please download the application from :
www.zeroflux.org
8. The Basic of Firewall Filter
Forum Mikrotik Indonesia www.forummikrotik.com 8
9. The Basic of Firewall Filter
Firewall Filter is used for packet filtering
Firewall Filter consist of IF-THEN rules
IF <conditions> THEN <action>
Firewall Filter is done in sequential top to
bottom
Firewall Filter are organized in chains
Forum Mikrotik Indonesia www.forummikrotik.com 9
10. The Basic of Firewall Filter
Input : Processes packets addressed to the router
itself
Output : Processes packets sent by the router
itself
Forward : processes traffic sent through the router
Forum Mikrotik Indonesia www.forummikrotik.com 10
14. Firewall Filter Action
Accept – accept the packet. No action is taken, I.e the packet is passed
thourgh and no more rules applied to it
Add-dst-to-address-list – adds destination address of an IP packet to the
address list specified by address-list parameter
Add-src-to-address-list – adds source address of an IP packet to the
address list specified by address-list parameter
Drop – silently drop the packet (without sending the ICMP reject messege)
Jump – jump to the chain specified by the value of the jump-target-parameter
Log – each match with this action will add a messege to the system log
Passthrogh – ignores this rule and goes on the next one
Reject – reject the packet and send an ICMP reject messege
Return – passes control back to the chain where the jump took place
Tarpit – captures and hold incoming TCP connections (replies with
SYN/ACK to the inbound TCP SYN packet
Forum Mikrotik Indonesia www.forummikrotik.com 14
15. IP Address List
You can also define group
of IP address using “IP
address List”
IP address List can be used
in Firewall Rules to apply
certain action
You can use mangle or
firewall filter rule to
dynamicly add IP address to
IP address List certain time
limit
Forum Mikrotik Indonesia www.forummikrotik.com 15
16. Let’s Start Implementing
Port Knocking in
Mikrotik Router OS…
Forum Mikrotik Indonesia www.forummikrotik.com 16
17. Case Studies
192.168.33.254
LAN
10.1.1.254
192.168.33.0/24
Internet
Mikrotik Router
Forum Mikrotik Indonesia www.forummikrotik.com 17
Remote Area
(Home, Café, etc)
18. Case Studies
We only allowed access to router only from
several IP from LAN :
192.168.33.10 Until 192.168.33.20
Different IP from LAN have to knock first
before gain access to router
Remote area from Internet have to knock first
before gain access to router
Forum Mikrotik Indonesia www.forummikrotik.com 18
19. Case Studies
We will only allowed access to router from
address list named “Safe Haven”
Other have to knock first to :
Protocol TCP, Port 1337
Protocol UDP, Port 17954
Forum Mikrotik Indonesia www.forummikrotik.com 19
20. Adding Allowed LAN Address
to Address List
add address=192.168.33.10-192.168.33.20 comment="" disabled=no list=
"Save Haven"
Forum Mikrotik Indonesia www.forummikrotik.com 20
21. Knock Rules 1
add action=add-src-to-address-list address-list=knock-knock address-list-timeout=
15s chain=input comment="Knock 1" disabled=no dst-port=1337
Forum Mikrotik Indonesia www.forummikrotik.com 21
protocol=tcp
23. Only Allowing “Save Haven” to
Connect to the router
add action=accept chain=input comment="Only Allow Access from Save
Haven" disabled=no src-address-list="Save Haven"
Forum Mikrotik Indonesia www.forummikrotik.com 23
24. Drop Everything Else
add action=drop chain=input comment="Drop Everything Else" disabled=no
Forum Mikrotik Indonesia www.forummikrotik.com 24
25. Configuration
Here’s the configuration for port knocking. Just make sure you don’t
change the sequence or this will not worked
Forum Mikrotik Indonesia www.forummikrotik.com 25
26. Knock Attempt
Hosts have to Knock the correct ports
Hosts IP Address that have knocked the correct
ports will be put in dynamically to “Save Haven”
Address List
Hosts can access router
Forum Mikrotik Indonesia www.forummikrotik.com 26
27. Forum Mikrotik Indonesia www.forummikrotik.com 27
Closing
Port Knocking is useful for securing the router
Port Knocking is also useful to decrease a brute
force attack
Port Knocking has it’s weakness also:
It' s possible to spy out the knocking sequence by sniffing
the network
It' s necessary to have a special knocking-client
Port Knocking is only one method to secure the
router, best to combine this with other methods.
28. Thank You
Your Question Will be Appreciated
Forum Mikrotik Indonesia www.forummikrotik.com 28