7,851
edits
Changes
Template:Networking rutos manual firewall (view source)
Revision as of 14:41, 5 January 2024
, 5 Januaryno edit summary
<td><span style="color:blue">Mark</span>: Set Target value</td>
<td><span style="color:blue">Mark</span>: Set Target value</td>
<td>hex; default: <b>none</b></td>
<td>hex; default: <b>none</b></td>
<td>If specified, target traffic against the given firewall mark, e.g. 0xFF to target mark 255 or 0x0/0x1 to target any even mark value.</td>
<td>If specified, target traffic against the given firewall mark, e.g. FF or ff to target mark 255.</td>
</tr>
</tr>
<tr>
<tr>
<td><span style="color:blue">Mark</span>: Set Match value</td>
<td><span style="color:blue">Mark</span>: Set Match value</td>
<td>hex; default: <b>none</b></td>
<td>hex; default: <b>none</b></td>
<td>If specified, match traffic against the given firewall mark, e.g. 0xFF to match mark 255 or 0x0/0x1 to match any even mark value.</td>
<td>If specified, match traffic against the given firewall mark, e.g. FF or ff to match mark 255.</td>
</tr>
</tr>
<tr>
<tr>
<td>Time in UTC</td>
<td>Time in UTC</td>
<td>off | on; default: <b>no</b></td>
<td>off | on; default: <b>no</b></td>
<td>Specifies whether the device should use UTC time. If this is disabled, the time zone specified in the Services → [[{{{name}}} NTP|NTP]] page will be used.</td>
<td>Specifies whether the device should use UTC time. If this is disabled, the time zone specified in the System → Administration → [[{{{name}}}_Administration#NTP|NTP]] page will be used.</td>
</tr>
</tr>
</table>
</table>
<td>Time in UTC</td>
<td>Time in UTC</td>
<td>off | on; default: <b>no</b></td>
<td>off | on; default: <b>no</b></td>
<td>Specifies whether the device should use UTC time. If this is disabled, the time zone specified in the Services → [[{{{name}}} NTP|NTP]] page will be used.</td>
<td>Specifies whether the device should use UTC time. If this is disabled, the time zone specified in the System → Administration → [[{{{name}}}_Administration#NTP|NTP]] page will be used.</td>
</tr>
</tr>
</table>
</table>
<tr>
<tr>
<td>Limit</td>
<td>Limit</td>
<td>integer; default: <b>5</b></td>
<td>integer [1..10000]; default: <b>none</b></td>
<td>Maximum SSH connections during the set period</td>
<td>Maximum SSH connections during the set period</td>
</tr>
</tr>
<tr>
<tr>
<td>Limit burst</td>
<td>Limit burst</td>
<td>integer; default: <b>10</b></td>
<td>integer [1..10000]; default: <b>none</b></td>
<td>Indicates the maximum burst before the above limit kicks in.</td>
<td>Indicates the maximum burst before the above limit kicks in.</td>
</tr>
</tr>
An <b>HTTP attack</b> sends a complete, legitimate HTTP header, which includes a 'Content-Length' field to specify the size of the message body to follow. However, the attacker then proceeds to send the actual message body at an extremely slow rate (e.g. 1 byte/100 seconds.) Due to the entire message being correct and complete, the target server will attempt to obey the 'Content-Length' field in the header, and wait for the entire body of the message to be transmitted, hence slowing it down.
An <b>HTTP attack</b> sends a complete, legitimate HTTP header, which includes a 'Content-Length' field to specify the size of the message body to follow. However, the attacker then proceeds to send the actual message body at an extremely slow rate (e.g. 1 byte/100 seconds.) Due to the entire message being correct and complete, the target server will attempt to obey the 'Content-Length' field in the header, and wait for the entire body of the message to be transmitted, hence slowing it down.
[[File:Networking_rutos_manual_firewall_attack_prevention_http_attack_prevention.png|border|class=tlt-border]]
[[File:Networking_rutos_manual_firewall_attack_prevention_http_attack_prevention_v2.png|border|class=tlt-border]]
<table class="nd-mantable">
<table class="nd-mantable">
<tr>
<tr>
<td>Limit</td>
<td>Limit</td>
<td>integer; default: <b>5</b></td>
<td>integer [1..10000]; default: <b>none</b></td>
<td>Maximum HTTP connections during the set period<./td>
<td>Maximum HTTP connections during the set period.</td>
</tr>
</tr>
<tr>
<tr>
<td>Limit burst</td>
<td>Limit burst</td>
<td>integer; default: <b>10</b></td>
<td>integer [1..10000]; default: <b>none</b></td>
<td>Indicates the maximum burst before the above limit kicks in.</td>
<td>Indicates the maximum burst before the above limit kicks in.</td>
</tr>
</tr>
In cryptography and computer security, a man-in-the-middle attack (MITM) is an attack where the perpetrator secretly relays and possibly alters the communication between two parties who believe they are directly communicating with each other. One example of man-in-the-middle attacks is active eavesdropping, in which the attacker makes independent connections with the victims and relays messages between them to make them believe they are talking directly to each other over a private connection, when in fact the entire conversation is controlled by the attacker.
In cryptography and computer security, a man-in-the-middle attack (MITM) is an attack where the perpetrator secretly relays and possibly alters the communication between two parties who believe they are directly communicating with each other. One example of man-in-the-middle attacks is active eavesdropping, in which the attacker makes independent connections with the victims and relays messages between them to make them believe they are talking directly to each other over a private connection, when in fact the entire conversation is controlled by the attacker.
[[File:Networking_rutos_manual_firewall_attack_prevention_https_attack_prevention.png|border|class=tlt-border]]
[[File:Networking_rutos_manual_firewall_attack_prevention_https_attack_prevention_v2.png|border|class=tlt-border]]
<table class="nd-mantable">
<table class="nd-mantable">
<tr>
<tr>
<td>Limit</td>
<td>Limit</td>
<td>integer; default: <b>5</b></td>
<td>integer [1..10000]; default: <b>none</b></td>
<td>Maximum HTTPS connections during the set period.</td>
<td>Maximum HTTPS connections during the set period.</td>
</tr>
</tr>
<tr>
<tr>
<td>Limit burst</td>
<td>Limit burst</td>
<td>integer; default: <b>10</b></td>
<td>integer [1..10000]; default: <b>none</b></td>
<td>Indicates the maximum burst number before the above limit kicks in.</td>
<td>Indicates the maximum burst number before the above limit kicks in.</td>
</tr>
</tr>
Port scanning is usually done in the initial phase of a penetration test in order to discover all network entry points into the target system. The Port Scan section provides you with the possibility to enable protection against port scanning software. The Defending Type section provides the possibility for the user to enable protections from certain types of online attacks. These include <b>SYN-FIN</b>, <b>SYN-RST</b>, <b>X-Mas</b>, <b>FIN scan</b> and <b>NULLflags</b> attacks.
Port scanning is usually done in the initial phase of a penetration test in order to discover all network entry points into the target system. The Port Scan section provides you with the possibility to enable protection against port scanning software. The Defending Type section provides the possibility for the user to enable protections from certain types of online attacks. These include <b>SYN-FIN</b>, <b>SYN-RST</b>, <b>X-Mas</b>, <b>FIN scan</b> and <b>NULLflags</b> attacks.
[[File:Networking_rutos_manual_firewall_attack_prevention_port_scan.png|border|class=tlt-border]]
[[File:Networking_rutos_manual_firewall_attack_prevention_port_scan_v2.png|border|class=tlt-border]]
<table class="nd-mantable">
<table class="nd-mantable">
<tr>
<tr>
<td>Scan count</td>
<td>Scan count</td>
<td>integer [5..65534]; default: <b>5</b></td>
<td>integer [5..10000]; default: <b>none</b></td>
<td>How many port scans before blocked.</td>
<td>How many port scans before blocked.</td>
</tr>
</tr>
<tr>
<tr>
<td>Interval</td>
<td>Interval</td>
<td>integer [10..60]; default: <b>10</b></td>
<td>integer [10..4096]; default: <b>none</b></td>
<td>Time interval in seconds in which port scans are counted.</td>
<td>Time interval in seconds in which port scans are counted.</td>
</tr>
</tr>
The <b>DMZ</b> is a security concept. It comprises the separation of the LAN-side network into at least two networks: the user LAN and the DMZ. Generally the DMZ is imprisoned: only access to certain ports from the Internet are allowed into the DMZ, while the DMZ is not allowed to establish new connections to the WAN-side or LAN-side networks. That way, if a server inside of the DMZ is hacked the potential damage that can be done remains restricted! The whole point of the DMZ is to cleanly create a unique firewall rule set that dramatically restricts access in to, and out of the, DMZ.
The <b>DMZ</b> is a security concept. It comprises the separation of the LAN-side network into at least two networks: the user LAN and the DMZ. Generally the DMZ is imprisoned: only access to certain ports from the Internet are allowed into the DMZ, while the DMZ is not allowed to establish new connections to the WAN-side or LAN-side networks. That way, if a server inside of the DMZ is hacked the potential damage that can be done remains restricted! The whole point of the DMZ is to cleanly create a unique firewall rule set that dramatically restricts access in to, and out of the, DMZ.
[[File:Networking rutos manual network firewall dmz.png|border|class=tlt-border]]
[[File:Networking rutos manual network firewall dmz_v2.png|border|class=tlt-border]]
<table class="nd-mantable">
<table class="nd-mantable">
