btc baner

btc baner

Pages

Saturday, July 27, 2013

mikrotik-firewall-attack

6:36 AM    No comments
This projects aims to prevent access to your internal network from ip scanners and port scanners.
Prerequisites to work:
  1. A Routerboard device (or RouterOS installed on any device) acting as a firewall for your internal network
  2. An available linux PC (or server)
  3. /ip firewall filter : add your allow rules first and after that drop any connection from outside example:
    4. 1)chain=forward action=accept connection-state=related2)chain=input action=accept connection-state=established3)chain=input action=accept connection-state=related4)chain=forward action=accept connection-state=new src-address-list=internal5)chain=forward action=accept protocol=tcp dst-address=192.168.1.10 dst-port=806)chain=forward action=accept protocol=tcp dst-address=192.168.1.11 dst-port=257)chain=forward action=accept protocol=tcp dst-address=192.168.1.11 dst-port=1108)chain=forward action=accept protocol=tcp dst-address=192.168.1.11 dst-port=143
.
.
.
100)chain=forward action=drop dst-address-list=internal
  4. Before any other rule in filter add : chain=forward action=drop src-address-list=attackers dst-address-list=internal
  5. Before rule 100 add : chain=forward action=log connection-state=new protocol=tcp dst-address-list=internal dst-port=20-35,445,1433,1521,1524,1526,1812,2082,2483,2484,3306,3872 log-prefix="Service Scanner x:" (You can add any ports you want for attacker detection.)
  6. Add a new remote logging target at ROS device : /system logging action add name="remotelog" remote=192.168.1.100 remote-port=5555 bsd-syslog=yes target=remote syslog-facility=23 syslog-severity=6
  7. Add a new logging /system logging add action=remotelog topics=firewall
  8. Checkout source code to your linux machine
  9. Compile with : g++ main.cpp attackleases.cpp configfilereader.cpp connection.cpp -o gkmtfirewall -lpthread -lssh
  10. Move the executable to /usr/sbin/.
  11. Edit contents of gkmtfirewall.conf to adapt your needs
  12. Move gkmtfirewall.conf to /etc/gkmtfirewall.conf
  13. Move gkmtfirewall.init to /etc/init.d/gkmtfirewall
  14. Change permissions of /etc/init.d/gkmtfirewall to 755
  15. Type /etc/init.d/gkmtfirewall start to start the program
  16. Take a look at syslog to determine possible problems

0 komentar:

Post a Comment

Subscribe to: Post Comments (Atom)