#mikrotik #routeros7 #mikrotikSecurity
Port knocking is a mechanism to secure a network device by closing all the ports-even those you know will be used. Those ports will be opened on demand if-and only if-the connection request provides the secret knock (prearranged pattern). Port Knocking is one layer of security, it MUST NOT be our only form of defense
**************************SAMPLE CONFIG********************
*****Intended for lab purposes********************************
/ip firewall filter
add action=accept chain=input comment="Established and Related" connection-state=established,related
add action=drop chain=input comment=Invalid connection-state=invalid
add action=accept chain=input comment="Allow Winbox & SSH to Trusted IPs" dst-port=8291,22 in-interface=ether1 protocol=tcp src-address-list=trusted-ips
add action=add-src-to-address-list address-list=phase1-knocking address-list-timeout=1m chain=input comment="Phase 1 knocking" dst-port=8000 in-interface=ether1 protocol=tcp
add action=add-src-to-address-list address-list=phase2-knocking address-list-timeout=1m chain=input comment="Phase 2 Knocking" dst-port=7000 in-interface=ether1 protocol=tcp src-address-list=\
phase1-knocking
add action=add-src-to-address-list address-list=trusted-ips address-list-timeout=1d chain=input comment="Phase 3 Knocking" dst-port=7440 in-interface=ether1 protocol=tcp src-address-list=\
phase2-knocking
add action=drop chain=input comment="Drop Connections From Internet" in-interface=ether1
*********************END SAMPLE CONFIG************
Check more videos on my channel
/ @thenetworktrip
Connect with Wilmer Almazan
LinkedIN: / wilmeralmazan
Facebook: / nsswilmeralmazan
Twitter: / wilmer_almazan
Instagram: / wilmer_almazan
Personal Blog: thenetworktrip...
mikrotik
routeros 7
ospf
mtcna
mtcre
cybersecurity
routing
cloud computing
virtualization
switching
network automation
14 окт 2024
