Template:Networking rutos manual firewall: Difference between revisions
Template:Networking rutos manual firewall (view source)
Revision as of 07:51, 13 May 2020
, 13 May 2020no edit summary
No edit summary |
No edit summary |
||
Line 159: | Line 159: | ||
---- | ---- | ||
The <b>Inter-zone forwarding</b> options control the forwarding policies between the currently edited zone and other zones. | The <b>Inter-zone forwarding</b> options control the forwarding policies between the currently edited zone and other zones. | ||
{{#ifeq:{{{mobile}}}| 1| | |||
[[File:Networking_rutx09_rutx11_manual_firewall_general_settings_zones_inter-zone_forwarding_v1.png]] | [[File:Networking_rutx09_rutx11_manual_firewall_general_settings_zones_inter-zone_forwarding_v1.png]] | ||
| | |||
[[File:Networking_rutx08_rutx10_manual_firewall_general_settings_zones_inter-zone_forwarding_v1.png]] | [[File:Networking_rutx08_rutx10_manual_firewall_general_settings_zones_inter-zone_forwarding_v1.png]] | ||
}} | |||
<table class="nd-mantable"> | <table class="nd-mantable"> | ||
<tr> | <tr> | ||
Line 246: | Line 248: | ||
You will be redirected to that rule's configuration page: | You will be redirected to that rule's configuration page: | ||
{{#ifeq:{{{mobile}}}| 1| | |||
[[File:Networking_rutx_manual_firewall_port_forwards_configuration_v1.png]] | [[File:Networking_rutx_manual_firewall_port_forwards_configuration_v1.png]] | ||
| | |||
[[File:Networking_rutx08_10_manual_firewall_port_forwards_configuration_v1.png]] | [[File:Networking_rutx08_10_manual_firewall_port_forwards_configuration_v1.png]] | ||
}} | |||
<table class="nd-mantable"> | <table class="nd-mantable"> | ||
<tr> | <tr> | ||
Line 582: | Line 586: | ||
The <b>Reset</b> button resets the custom rules field to its default state. | The <b>Reset</b> button resets the custom rules field to its default state. | ||
{{#ifeq: {{{series}}} | RUTX| | |||
==NAT helpers== | ==NAT helpers== | ||
Line 610: | Line 614: | ||
</tr> | </tr> | ||
</table> | </table> | ||
}} | |||
==Attack Prevention== | |||
===SYN Flood Protection=== | ===SYN Flood Protection=== | ||
Line 615: | Line 622: | ||
'''SYN Flood Protection''' allows you to protect yourself from attacks that exploit part of the normal TCP three-way handshake to consume resources on the targeted server and render it unresponsive. Essentially, with SYN flood DDOS, the offender sends TCP connection requests faster than the targeted machine can process them, causing network over-saturation. | '''SYN Flood Protection''' allows you to protect yourself from attacks that exploit part of the normal TCP three-way handshake to consume resources on the targeted server and render it unresponsive. Essentially, with SYN flood DDOS, the offender sends TCP connection requests faster than the targeted machine can process them, causing network over-saturation. | ||
[[File:Networking_rutos_manual_firewall_attack_prevention_syn.PNG]] | [[File:Networking_rutos_manual_firewall_attack_prevention_syn.PNG|border|class=tlt-border]] | ||
<table class="nd-mantable"> | <table class="nd-mantable"> | ||
Line 630: | Line 637: | ||
<tr> | <tr> | ||
<td>SYN flood rate</td> | <td>SYN flood rate</td> | ||
<td>integer; Default: ''' | <td>integer; Default: '''5'''</td> | ||
<td>Set rate limit (packets per second) for SYN packets above which the traffic is considered flooded</td> | <td>Set rate limit (packets per second) for SYN packets above which the traffic is considered flooded</td> | ||
</tr> | </tr> | ||
<tr> | <tr> | ||
<td>SYN flood burst</td> | <td>SYN flood burst</td> | ||
<td>integer; Default: ''' | <td>integer; Default: '''10'''</td> | ||
<td>Set burst limit for SYN packets above which the traffic is considered flooded if it exceeds the allowed rate</td> | <td>Set burst limit for SYN packets above which the traffic is considered flooded if it exceeds the allowed rate</td> | ||
</tr> | </tr> | ||
Line 649: | Line 656: | ||
Some attackers use '''ICMP echo''' request packets directed to IP broadcast addresses from remote locations to generate denial-of-service attacks. You can set up some custom restrictions to help protect your router from ICMP bursts. | Some attackers use '''ICMP echo''' request packets directed to IP broadcast addresses from remote locations to generate denial-of-service attacks. You can set up some custom restrictions to help protect your router from ICMP bursts. | ||
[[File:Networking_rutos_manual_firewall_attack_prevention_icmp.PNG]] | [[File:Networking_rutos_manual_firewall_attack_prevention_icmp.PNG|border|class=tlt-border]] | ||
Line 675: | Line 682: | ||
<tr> | <tr> | ||
<td>Limit</td> | <td>Limit</td> | ||
<td>integer; Default: ''' | <td>integer; Default: '''5'''</td> | ||
<td>Maximum ICMP echo-request number during the period</td> | <td>Maximum ICMP echo-request number during the period</td> | ||
</tr> | </tr> | ||
<tr> | <tr> | ||
<td>Limit burst</td> | <td>Limit burst</td> | ||
<td>integer; Default: ''' | <td>integer; Default: '''10'''</td> | ||
<td>Indicate the maximum burst before the above limit kicks in</td> | <td>Indicate the maximum burst before the above limit kicks in</td> | ||
</tr> | </tr> | ||
Line 689: | Line 696: | ||
Prevent SSH (allows a user to run commands on a machine's command prompt without them being physically present near the machine) attacks by limiting connections in a defined period. | Prevent SSH (allows a user to run commands on a machine's command prompt without them being physically present near the machine) attacks by limiting connections in a defined period. | ||
[[File:Networking_rutos_manual_firewall_attack_prevention_ssh.PNG]] | [[File:Networking_rutos_manual_firewall_attack_prevention_ssh.PNG|border|class=tlt-border]] | ||
Line 710: | Line 717: | ||
<tr> | <tr> | ||
<td>Limit</td> | <td>Limit</td> | ||
<td>integer; Default: ''' | <td>integer; Default: '''5'''</td> | ||
<td>Maximum SSH connections during the set period</td> | <td>Maximum SSH connections during the set period</td> | ||
</tr> | </tr> | ||
<tr> | <tr> | ||
<td>Limit burst</td> | <td>Limit burst</td> | ||
<td>integer; Default: ''' | <td>integer; Default: '''10'''</td> | ||
<td>Indicate the maximum burst before the above limit kicks in</td> | <td>Indicate the maximum burst before the above limit kicks in</td> | ||
</tr> | </tr> | ||
Line 724: | Line 731: | ||
An HTTP attack sends a complete, legitimate HTTP header, which includes a 'Content-Length' field to specify the size of the message body to follow. However, the attacker then proceeds to send the actual message body at an extremely slow rate (e.g. 1 byte/100 seconds.) Due to the entire message being correct and complete, the target server will attempt to obey the 'Content-Length' field in the header, and wait for the entire body of the message to be transmitted, hence slowing it down. | An HTTP attack sends a complete, legitimate HTTP header, which includes a 'Content-Length' field to specify the size of the message body to follow. However, the attacker then proceeds to send the actual message body at an extremely slow rate (e.g. 1 byte/100 seconds.) Due to the entire message being correct and complete, the target server will attempt to obey the 'Content-Length' field in the header, and wait for the entire body of the message to be transmitted, hence slowing it down. | ||
[[File:Networking_rutos_manual_firewall_attack_prevention_http.PNG]] | [[File:Networking_rutos_manual_firewall_attack_prevention_http.PNG|border|class=tlt-border]] | ||
Line 745: | Line 752: | ||
<tr> | <tr> | ||
<td>Limit</td> | <td>Limit</td> | ||
<td>integer; Default: ''' | <td>integer; Default: '''5'''</td> | ||
<td>Maximum HTTP connections during the set period</td> | <td>Maximum HTTP connections during the set period</td> | ||
</tr> | </tr> | ||
Line 761: | Line 768: | ||
In cryptography and computer security, a man-in-the-middle attack (MITM) is an attack where the perpetrator secretly relays and possibly alters the communication between two parties who believe they are directly communicating with each other. One example of man-in-the-middle attacks is active eavesdropping, in which the attacker makes independent connections with the victims and relays messages between them to make them believe they are talking directly to each other over a private connection, when in fact the entire conversation is controlled by the attacker. | In cryptography and computer security, a man-in-the-middle attack (MITM) is an attack where the perpetrator secretly relays and possibly alters the communication between two parties who believe they are directly communicating with each other. One example of man-in-the-middle attacks is active eavesdropping, in which the attacker makes independent connections with the victims and relays messages between them to make them believe they are talking directly to each other over a private connection, when in fact the entire conversation is controlled by the attacker. | ||
[[File:Networking_rutos_manual_firewall_attack_prevention_hhtps.PNG]] | [[File:Networking_rutos_manual_firewall_attack_prevention_hhtps.PNG|border|class=tlt-border]] | ||
<table class="nd-mantable"> | <table class="nd-mantable"> | ||
Line 781: | Line 788: | ||
<tr> | <tr> | ||
<td>Limit</td> | <td>Limit</td> | ||
<td>integer; Default: ''' | <td>integer; Default: '''5'''</td> | ||
<td>Maximum HTTPS connections during the set period</td> | <td>Maximum HTTPS connections during the set period</td> | ||
</tr> | </tr> | ||
Line 792: | Line 799: | ||
==Port Scan Prevention== | ==Port Scan Prevention== | ||
Port scan attacks scan which of the targeted host's ports are open. Network ports are the entry points to a machine that is connected to the Internet. A service that listens on a port is able to receive data from a client application, process it and send a response back. Malicious clients can sometimes exploit vulnerabilities in the server code so they gain access to sensitive data or execute malicious code on the machine remotely. | Port scan attacks scan which of the targeted host's ports are open. Network ports are the entry points to a machine that is connected to the Internet. A service that listens on a port is able to receive data from a client application, process it and send a response back. Malicious clients can sometimes exploit vulnerabilities in the server code so they gain access to sensitive data or execute malicious code on the machine remotely. | ||
Port scanning is usually done in the initial phase of a penetration test in order to discover all network entry points into the target system. The Port Scan section provides you with the possibility to enable protection against port scanning software. | Port scanning is usually done in the initial phase of a penetration test in order to discover all network entry points into the target system. The Port Scan section provides you with the possibility to enable protection against port scanning software. The Defending Type section provides the possibility for the user to enable protections from certain types of online attacks. These include '''SYN-FIN''', '''SYN-RST''', '''X-Mas''', '''FIN scan''' and '''NULLflags''' attacks. | ||
The Defending Type section provides the possibility for the user to enable protections from certain types of online attacks. These include '''SYN-FIN''', '''SYN-RST''', '''X-Mas''', '''FIN scan''' and '''NULLflags''' attacks. | |||
Line 809: | Line 814: | ||
<tr> | <tr> | ||
<td>Enable</td> | <td>Enable</td> | ||
<td>yes | no; Default: ''' | <td>yes | no; Default: '''no'''</td> | ||
<td>Toggles the function ON or OFF</td> | <td>Toggles the function ON or OFF</td> | ||
</tr> | </tr> | ||
<tr> | <tr> | ||
<td>Interval</td> | <td>Interval</td> | ||
<td>integer [10..60]; Default: ''' | <td>integer [10..60]; Default: '''5'''</td> | ||
<td>Time interval in seconds in which port scans are counted</td> | <td>Time interval in seconds in which port scans are counted</td> | ||
</tr> | </tr> |