Jump to content

Template:Networking rutos manual firewall: Difference between revisions

no edit summary
(Created page with "{{Template:Networking_rutos_manual_fw_disclosure | fw_version = {{{series}}}_R_00.02.03 | series = {{{series}}} }} ==Summary== {{{name}}} devices use a standard Linux iptable...")
 
No edit summary
Line 161: Line 161:


[[File:Networking_rutx09_rutx11_manual_firewall_general_settings_zones_inter-zone_forwarding_v1.png]]
[[File:Networking_rutx09_rutx11_manual_firewall_general_settings_zones_inter-zone_forwarding_v1.png]]
 
[[File:Networking_rutx08_rutx10_manual_firewall_general_settings_zones_inter-zone_forwarding_v1.png]]
<table class="nd-mantable">
<table class="nd-mantable">
     <tr>
     <tr>
Line 184: Line 184:
<b>Port forwarding</b> is a way of redirecting an incoming connection to another IP address, port or the combination of both:  
<b>Port forwarding</b> is a way of redirecting an incoming connection to another IP address, port or the combination of both:  


[[File:File:Networking_rutx_manual_firewall_port_forwards_scheme_v1.png]]
[[File:Networking_rutx_manual_firewall_port_forwards_scheme_v1.png | border | class=tlt-border]]
----
----
The Port forwards table displays configured port forwarding rules currently configured on the device.
The Port forwards table displays configured port forwarding rules currently configured on the device.
Line 248: Line 248:


[[File:Networking_rutx_manual_firewall_port_forwards_configuration_v1.png]]
[[File:Networking_rutx_manual_firewall_port_forwards_configuration_v1.png]]
 
[[File:Networking_rutx08_10_manual_firewall_port_forwards_configuration_v1.png]]
<table class="nd-mantable">
<table class="nd-mantable">
     <tr>
     <tr>
Line 610: Line 610:
     </tr>
     </tr>
</table>
</table>
overview
 
===SYN Flood Protection===
----
'''SYN Flood Protection''' allows you to protect yourself from attacks that exploit part of the normal TCP three-way handshake to consume resources on the targeted server and render it unresponsive. Essentially, with SYN flood DDOS, the offender sends TCP connection requests faster than the targeted machine can process them, causing network over-saturation.
 
[[File:Networking_rutos_manual_firewall_attack_prevention_syn.PNG]]
 
<table class="nd-mantable">
    <tr>
        <th>field name</th>
      <th>value</th>
      <th>description</th>
    </tr>
    <tr>
      <td>Enable SYN flood protection</td>
      <td>yes | no; Default: '''yes'''</td>
      <td>Toggles the rule ON or OFF</td>
    </tr>
    <tr>
      <td>SYN flood rate</td>
      <td>integer; Default: '''25'''</td>
      <td>Set rate limit (packets per second) for SYN packets above which the traffic is considered flooded</td>
    </tr>
    <tr>
    <td>SYN flood burst</td>
        <td>integer; Default: '''50'''</td>
        <td>Set burst limit for SYN packets above which the traffic is considered flooded if it exceeds the allowed rate</td>
    </tr>
    <tr>
    <td>TCP SYN cookies</td>
        <td>yes | no; Default: '''no'''</td>
        <td>Enable the use of SYN cookies (particular choices of initial TCP sequence numbers by TCP servers)</td>
    </tr>
</table>
 
===Remote ICMP Requests===
----
Some attackers use '''ICMP echo''' request packets directed to IP broadcast addresses from remote locations to generate denial-of-service attacks. You can set up some custom restrictions to help protect your router from ICMP bursts.
 
[[File:Networking_rutos_manual_firewall_attack_prevention_icmp.PNG]]
 
 
<table class="nd-mantable">
    <tr>
        <th>field name</th>
      <th>value</th>
      <th>description</th>
    </tr>
    <tr>
      <td>Enable ICMP requests</td>
      <td>yes | no; Default: '''yes'''</td>
      <td>Toggles the rule ON or OFF</td>
    </tr>
    <tr>
      <td>Enable ICMP limit</td>
      <td>yes | no; Default: '''no'''</td>
      <td>Toggles ICMP echo-request limit in selected period ON or OFF</td>
    </tr>
    <tr>
    <td>Limit period</td>
        <td>Second | Minute | Hour | Day; Default: '''Second'''</td>
        <td>Select ICMP echo-request period limit</td>
    </tr>
    <tr>
    <td>Limit</td>
        <td>integer; Default: '''10'''</td>
        <td>Maximum ICMP echo-request number during the period</td>
    </tr>
    <tr>
    <td>Limit burst</td>
        <td>integer; Default: '''5'''</td>
        <td>Indicate the maximum burst before the above limit kicks in</td>
    </tr>
</table>
 
===SSH Attack Prevention===
----
Prevent SSH (allows a user to run commands on a machine's command prompt without them being physically present near the machine) attacks by limiting connections in a defined period.
 
[[File:Networking_rutos_manual_firewall_attack_prevention_ssh.PNG]]
 
 
<table class="nd-mantable">
    <tr>
        <th>field name</th>
      <th>value</th>
      <th>description</th>
    </tr>
    <tr>
      <td>Enable SSH limit</td>
      <td>yes | no; Default: '''no'''</td>
      <td>Toggles the rule ON or OFF</td>
    </tr>
    <tr>
      <td>Limit period</td>
      <td>Second | Minute | Hour | Day; Default: '''Second'''</td>
      <td>The period in which SSH connections are to be limited</td>
    </tr>
    <tr>
    <td>Limit</td>
        <td>integer; Default: '''10'''</td>
        <td>Maximum SSH connections during the set period</td>
    </tr>
    <tr>
    <td>Limit burst</td>
        <td>integer; Default: '''5'''</td>
        <td>Indicate the maximum burst before the above limit kicks in</td>
    </tr>
</table>
 
===HTTP Attack Prevention===
----
An HTTP attack sends a complete, legitimate HTTP header, which includes a 'Content-Length' field to specify the size of the message body to follow. However, the attacker then proceeds to send the actual message body at an extremely slow rate (e.g. 1 byte/100 seconds.) Due to the entire message being correct and complete, the target server will attempt to obey the 'Content-Length' field in the header, and wait for the entire body of the message to be transmitted, hence slowing it down.
 
[[File:Networking_rutos_manual_firewall_attack_prevention_http.PNG]]
 
 
<table class="nd-mantable">
    <tr>
        <th>field name</th>
      <th>value</th>
      <th>description</th>
    </tr>
    <tr>
      <td>Enable HTTP limit</td>
      <td>yes | no; Default: '''no'''</td>
      <td>Toggles the rule ON or OFF</td>
    </tr>
    <tr>
      <td>Limit period</td>
      <td>Second | Minute | Hour | Day; Default: '''Second'''</td>
      <td>The period in which HTTP connections are to be limited</td>
    </tr>
    <tr>
    <td>Limit</td>
        <td>integer; Default: '''10'''</td>
        <td>Maximum HTTP connections during the set period</td>
    </tr>
    <tr>
    <td>Limit burst</td>
        <td>integer; Default: '''10'''</td>
        <td>Indicate the maximum burst before the above limit kicks in</td>
    </tr>
</table>
 
===HTTPS Attack Prevention===
----
This section allows you to enable protection against '''HTTPS''' attacks, also known as '''man-in-the-middle attacks''' ('''MITM''').
 
In cryptography and computer security, a man-in-the-middle attack (MITM) is an attack where the perpetrator secretly relays and possibly alters the communication between two parties who believe they are directly communicating with each other. One example of man-in-the-middle attacks is active eavesdropping, in which the attacker makes independent connections with the victims and relays messages between them to make them believe they are talking directly to each other over a private connection, when in fact the entire conversation is controlled by the attacker.
 
[[File:Networking_rutos_manual_firewall_attack_prevention_hhtps.PNG]]
 
<table class="nd-mantable">
    <tr>
        <th>field name</th>
      <th>value</th>
      <th>description</th>
    </tr>
    <tr>
      <td>Enable HTTPS limit</td>
      <td>yes | no; Default: '''no'''</td>
      <td>Toggles the rule ON or OFF</td>
    </tr>
    <tr>
      <td>Limit period</td>
      <td>Second | Minute | Hour | Day; Default: '''Second'''</td>
      <td>The period in which HTTPS connections are to be limited</td>
    </tr>
    <tr>
    <td>Limit</td>
        <td>integer; Default: '''10'''</td>
        <td>Maximum HTTPS connections during the set period</td>
    </tr>
    <tr>
    <td>Limit burst</td>
        <td>integer; Default: '''10'''</td>
        <td>Indicate the maximum burst before the above limit kicks in</td>
    </tr>
</table>
 
==Port Scan Prevention==
----
 
Port scan attacks scan which of the targeted host's ports are open. Network ports are the entry points to a machine that is connected to the Internet. A service that listens on a port is able to receive data from a client application, process it and send a response back. Malicious clients can sometimes exploit vulnerabilities in the server code so they gain access to sensitive data or execute malicious code on the machine remotely.
Port scanning is usually done in the initial phase of a penetration test in order to discover all network entry points into the target system. The Port Scan section provides you with the possibility to enable protection against port scanning software.
The Defending Type section provides the possibility for the user to enable protections from certain types of online attacks. These include '''SYN-FIN''', '''SYN-RST''', '''X-Mas''', '''FIN scan''' and '''NULLflags''' attacks.
 
 
[[File:Networking_rutos_manual_firewall_attack_prevention_port_scan_def.PNG|border|class=tlt-border]]
 
<table class="nd-mantable">
    <tr>
        <th>field name</th>
      <th>value</th>
      <th>description</th>
    </tr>
    <tr>
      <td>Enable</td>
      <td>yes | no; Default: '''yes'''</td>
      <td>Toggles the function ON or OFF</td>
    </tr>
    <tr>
      <td>Interval</td>
      <td>integer [10..60]; Default: '''30'''</td>
      <td>Time interval in seconds in which port scans are counted</td>
    </tr>
    <tr>
    <td>Scan count</td>
        <td>integer [5..65534]; Default: '''10'''</td>
        <td>How many port scans before blocked</td>
    </tr>
    <tr>
        <th>field name</th>
      <th>value</th>
      <th>description</th>
    </tr>
    <tr>
      <td>SYN-FIN attack</td>
      <td>yes | no; Default: '''no'''</td>
      <td>Toggles protection from SYN-FIN attacks ON or OFF</td>
    </tr>
    <tr>
      <td>SYN-RST attack</td>
      <td>yes | no; Default: '''no'''</td>
      <td>Toggles protection from SYN-RST attacks ON or OFF</td>
    </tr>
    <tr>
    <td>X-Mas attack</td>
        <td>yes | no; Default: '''no'''</td>
        <td>Toggles protection from X-Mas attacks ON or OFF</td>
    </tr>
    <tr>
    <td>FIN scan</td>
        <td>yes | no; Default: '''no'''</td>
        <td>Toggles protection from FIN scan attacks ON or OFF</td>
    </tr>
    <tr>
    <td>NULLflags attack</td>
        <td>yes | no; Default: '''no'''</td>
        <td>Toggles protection from NULLflags attacks ON or OFF</td>
    </tr>
</table>
 
[[Category:{{{name}}} Network section]]
[[Category:{{{name}}} Network section]]