Scribd Logo
Upload

Welcome to Scribd!

  • Welcome: Dynamic Firewalling by Barry Higgins

    Uploaded by

    Samsul Maulana
    9 views27 pages
    This document discusses using dynamic firewalling and blacklisting to add an extra layer of security. It presents a solution to protect networks from scans and probing by firewalling all traffic and blackholing blacklisted sources. The speaker demonstrates a system where firewalls block bad traffic, a script propagates blacklists across routers using OSPF, and blackholed routes block unwanted traffic from entering the network. The script and sample configuration are available online for others to try out.

    Original Description:

    Dynamic

    Original Title

    05. Dynamic_Firewalling_sahoobi

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document discusses using dynamic firewalling and blacklisting to add an extra layer of security. It presents a solution to protect networks from scans and probing by firewalling all traffic and blackholing blacklisted sources. The speaker demonstrates a system where firewalls block bad traffic, a script propagates blacklists across routers using OSPF, and blackholed routes block unwanted traffic from entering the network. The script and sample configuration are available online for others to try out.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    9 views27 pages

    Welcome: Dynamic Firewalling by Barry Higgins

    Uploaded by

    Samsul Maulana
    This document discusses using dynamic firewalling and blacklisting to add an extra layer of security. It presents a solution to protect networks from scans and probing by firewalling all traffic and blackholing blacklisted sources. The speaker demonstrates a system where firewalls block bad traffic, a script propagates blacklists across routers using OSPF, and blackholed routes block unwanted traffic from entering the network. The script and sample configuration are available online for others to try out.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 27

    Welcome

    o m
    .i c
    o b
    Dynamic Firewalling

    h o by
    Barry Higgins

    sa UK MuM 2016 1
    o m
    .i c
    ● Hosting
    ● WISP

    o b
    h o
    ● Consultancy

    ● Mikrotik Training

    sa UK MuM 2016 2
    So the problem...
    o m
    .i c
    o b
    I want to add an extra layer of security from

    o
    network scans, viral scripts probing servers and

    h
    protect my WISP end users

    sa UK MuM 2016 3
    Sites A & B
    The network...
    o m
    3 Gateways

    .i c
    o b
    h o
    sa UK MuM 2016 4
    o m
    .i c
    o b
    h o
    sa UK MuM 2016 5
    o m
    .i c
    o b
    h o
    sa UK MuM 2016 6
    o m
    .i c
    o b
    h o
    sa UK MuM 2016 7
    o m
    .i c
    o b
    h o
    sa UK MuM 2016 8
    o m
    .i c
    o b
    h o
    sa UK MuM 2016 9
    Full of holes!
    o m
    .i c
    o b
    h o
    sa UK MuM 2016 10
    Solutions?
    o m

    .i c
    Don’t allow any ports open in the first place

    b
    ● Migrate user to another (W)ISP and let them
    have the problem!
    ● Or...

    o o
    a h
    s UK MuM 2016 11
    Firewall them all!
    o m
    .i c
    o b
    h o
    sa UK MuM 2016 12
    User alert
    o m
    .i c
    b Default username

    o !
    ● Default password

    o
    ● Web access open

    ● Telnet access open

    h
    ● DNS enabled

    sa UK MuM 2016 13
    o m
    .i c
    o b
    h o
    sa UK MuM 2016 14
    <demo site-A>
    o m
    .i c
    o b
    h o
    sa UK MuM 2016 15
    So we have our blacklist..
    o m
    .

    .i c
    o b
    h o
    sa UK MuM 2016 16
    Blacklist
    o m
    .i c
    o b
    h o
    sa UK MuM 2016 17
    Logging

    o m
    .i c
    o b
    h o
    sa UK MuM 2016 18
    So how do we propagate the bad ?
    o m
    .i c
    o b
    h o
    sa UK MuM 2016 19
    Blackhole the blacklist!
    o m
    .i c
    o b
    h o
    sa UK MuM 2016 20
    <demo site-B>
    o m
    .i c
    o b
    h o
    sa UK MuM 2016 21
    The bit behind the scenes
    o m
    .i c
    o b
    h o
    sa UK MuM 2016 22
    The process
    o m

    .i c
    Bad traffic is detected at the edge on the input
    chain

    o b
    Src address is added to blacklist address list

    o
    ● Forward chain then uses the blacklist address

    h
    to block unwanted traffic

    a
    ● To then propagate the blacklist information, a

    s
    script reads the blacklist and creates blackhole
    routes.
    UK MuM 2016 23
    The process
    o m
    .i c
    The route table is then passed on using OSPF in

    this demonstration to other edge routers


    o b
    Script also checks to see if blackhole routes can
    be removed due to blacklist address timeout (set

    o
    by the initial firewall input rule).

    h
    A manual whitelist is also created to prevent

    a
    accidental lockouts to important services and

    s
    systems.
    ● It's not perfect… but it works for me!
    UK MuM 2016 24
    Available for download
    o m
    .i c
    Blackhole script and bare basic routerboard
    firewall config can be found at:

    o b
    http://www.allness.net/mum

    o
    Do not hold me responsible if it crashes and

    h
    wipes out your network. Use at your own
    discretion and risk.

    sa UK MuM 2016 25
    o m
    .i c
    b
    Any questions?
    o
    h o
    sa UK MuM 2016 26
    o m
    .i c
    o b
    Thank you for your time

    h o
    sa UK MuM 2016 27

    You might also like