Transcription
WELCOME TO MUM INDIA 2016TARA CONSULTANTS PVT LTDwww.ispmart.com
WELCOME TO MUM INDIA 2016About UsWe Tara Consultants Pvt Ltd, Offer The Best of Latest technologicalProduct, Solutions and Services at the most competitive prices toincrease productivity, quality of work conditions in automation andimprove the quality of life by offering meaningful, effective andefficient solutions, Gadgets. Gizmos and Life changing Products andpursue with other core activities such as Networking Products,Audio-Visual Product, Imports, Project Consultancy. Timelydelivery and High Quality Service are the integral part of TCPLphilosophy for ensuring client satisfaction retention andcontinuation.
AgendaHow to protect ISP network from various Attacks Who is ISP ISP Layer ISP Identified by What are Network attacks DDoS-DoS Port Scanner Syn Flooding Brute Force Attack Smurf Attack Blocking Regular Ports How to protect with RouterOS Live SimulationBy Vikas Kumar GuptaMUM INDIA 2016www.ispmart.comPowered by TCPL Online
Who is ISP ?Internet Service Provider, who provides access to Internet over Public orPrivate IP.ISP LayerMUM INDIA 2016www.ispmart.comPowered by TCPL Online
ISP Identified byMUM INDIA 2016www.ispmart.comPowered by TCPL Online
What are Network attacksNetwork attack is any attempt to destroy, expose, alter, disable, steal or gainunauthorized access to or make unauthorized use of an asset.Passive Attacks : Wiretapping, Port ScanningActive Attacks. Denial-of-service attack, SYN FloodingBrute Force AttackSmurf AttackAs per Survey, 10-30% ofInternet Bandwidth get wastedDue to network attacks.MUM INDIA 2016www.ispmart.comPowered by TCPL Online
Case Study on Top Network AttacksMUM INDIA 2016www.ispmart.comPowered by TCPL Online
DDoS-Distributed Denial of Service A distributed denial-of-service (DDoS) attackoccurs when multiple systems flood thebandwidth or resources of a targeted system,usually one or more web servers/Router. DoS-Denial of ServiceDenial-of-service (DoS) attack is an attempt tomake a machine or network resourceunavailable to its intended users, such as totemporarily or indefinitely interrupt orsuspend services of a host connected to theInternet.MUM INDIA 2016www.ispmart.comPowered by TCPL Online
Port ScannerPort scanning is a method of getting list of opened and listening ports, which gives idea tohackers or attackers about vulnerability of network Syn FloodingA SYN flood is a form of denial-of-service attack in which an attacker sends a succession ofSYN requests to a target's system in an attempt to consume enough server resourcesto make the system unresponsive to legitimate traffic.A normal connection between auser and a server. The three-wayhandshake is correctly performedMUM INDIA 2016SYN Flood. The attacker sends several packets but does notsend the "ACK" back to the server. The connections arehence half-opened and consuming server resources. Neeraj,a legitimate user, tries to connect but the server refuses toopen a connection resulting in a denial of service.www.ispmart.comPowered by TCPL Online
Brute Force AttackBrute-force attack consists of an attacker trying many passwords or passphrases withthe hope of eventually guessing correctly. The attacker systematically checks all possiblepasswords and passphrases until the correct one is found. Alternatively, the attacker canattempt to guess the key. Smurf AttackThe Smurf Attack is a distributed denial-ofservice attack in which large numbers ofInternet Control Message Protocol (ICMP)packets with the intended victim's spoofedsource IP are broadcast to a computer networkusing an IP Broadcast address.MUM INDIA 2016www.ispmart.comPowered by TCPL Online
Searching Flooding source with MikrotikMUM INDIA 2016www.ispmart.comPowered by TCPL Online
How to protect from Attacks with RouterOS Blocking Vulnerable PortsProtocolPort NumberProtocolPort NumberBoth7(Echo, 3(Daytime)Both389(LDAP)Both17(Skun trojan)Both445(Virus, DP520(RIP, Backdoor)UDP123(NTP)TCP1002(Net Meeting)TCP135(RPC, Virus)TCP1024-1030(Virus andOthers)Both137(Net Bios)TCP1433(Virus, SQL)Both138(Net Bios, Virus)TCP1444(Threats)TCP139(Net Bios, e : https://en.wikipedia.org/wiki/List of TCP and UDP port numbershttp://www.speedguide.net/Note : These ports are not meant to threats everytime, but sometimes.MUM INDIA 2016www.ispmart.comPowered by TCPL Online
Blocking ports with RouterOS/ip firewall filteradd action drop chain input dst-port 111 protocol tcp in-interface LAN/WAN add action drop chain input dst-port 119 protocol udp in-interface LAN/WAN /ip firewall rawadd action drop chain prerouting dst-port 111 protocol tcp in-interface LAN/WAN add action drop chain prerouting dst-port 119 protocol udp in-interface LAN/WAN MUM INDIA 2016www.ispmart.comPowered by TCPL Online
Mikrotik Filters vs RAW(New utputData flow to, fromEntering, OriginatedConntrack, Higher CPUNo Conntrack, Lesser CPUL7 MatcherNo L7 MatcherConnection Type DefinableNANADOS attack mitigation.MUM INDIA 2016www.ispmart.comPowered by TCPL Online
Saving from AttackSSH Brute Force Attack/ip firewall Filteradd action drop chain input comment "Drop SSH brute forcers" dst-port 22protocol tcp src-address-list ssh blacklistadd action add-src-to-address-list address-list ssh blacklist \address-list-timeout 1w3d chain input connection-state new dst-port 22 \protocol tcp src-address-list ssh stage3add action add-src-to-address-list address-list ssh stage3 \address-list-timeout 1m chain input connection-state new dst-port 22 \protocol tcp src-address-list ssh stage2add action add-src-to-address-list address-list ssh stage2 \address-list-timeout 1m chain input connection-state new dst-port 22 \protocol tcp src-address-list ssh stage1add action add-src-to-address-list address-list ssh stage1 \address-list-timeout 1m chain input connection-state new dst-port 22 \protocol tcpSource : ilterMUM INDIA 2016www.ispmart.comPowered by TCPL Online
Syn Flooding/ ICMP Attack/ip firewall Filteradd chain icmp comment "Limited Ping Flood" icmp-options 0 limit 5,5 \protocol icmpadd chain icmp icmp-options 3:3 limit 5,5 protocol icmpadd chain icmp icmp-options 3:4 limit 5,5 protocol icmpadd chain icmp icmp-options 8 limit 5,5 protocol icmpadd chain icmp icmp-options 11 limit 5,5 protocol icmpadd action drop chain icmp protocol icmpMUM INDIA 2016www.ispmart.comPowered by TCPL Online
Stopping Port Scanner/ip firewall Filteradd action add-src-to-address-list address-list "port scanners" \address-list-timeout 2w chain input comment "Port Scanners to list" \protocol tcp psd 21,3s,3,1add action add-src-to-address-list address-list "port scanners" \address-list-timeout 2w chain input protocol tcp tcp-flags \fin,!syn,!rst,!psh,!ack,!urgadd action add-src-to-address-list address-list "port scanners" \address-list-timeout 2w chain input protocol tcp tcp-flags fin,synadd action add-src-to-address-list address-list "port scanners" \address-list-timeout 2w chain input protocol tcp tcp-flags syn,rstadd action add-src-to-address-list address-list "port scanners" \address-list-timeout 2w chain input protocol tcp tcp-flags \fin,psh,urg,!syn,!rst,!ackadd action add-src-to-address-list address-list "port scanners" \address-list-timeout 2w chain input protocol tcp tcp-flags \fin,syn,rst,psh,ack,urgadd action add-src-to-address-list address-list "port scanners" \address-list-timeout 2w chain input protocol tcp tcp-flags \!fin,!syn,!rst,!psh,!ack,!urgadd action drop chain input src-address-list "port scanners"MUM INDIA 2016www.ispmart.comPowered by TCPL Online
DDoS Attack/ip firewall Filteradd action add-src-to-address-list address-list blocked-addr \address-list-timeout 1d chain input connection-limit 100,32 protocol tcpadd action tarpit chain input connection-limit 3,32 protocol tcp \src-address-list blocked-addradd action jump chain forward connection-state new jump-target detect-ddosadd action return chain detect-ddos dst-limit 32,32,src-and-dst-addresses/10sadd action add-dst-to-address-list address-list ddosed address-list-timeout \1d chain detect-ddosadd action add-src-to-address-list address-list ddoser address-list-timeout \1d10m chain detect-ddosadd action drop chain forward connection-state new dst-address-list ddosed \src-address-list ddoserMUM INDIA 2016www.ispmart.comPowered by TCPL Online
Block Bogon IPs/ip firewall filteradd action drop chain forward comment "Block Bogus IP Address" src-address \0.0.0.0/8add action drop chain forward dst-address 0.0.0.0/8add action drop chain forward src-address 127.0.0.0/8add action drop chain forward dst-address 127.0.0.0/8add action drop chain forward src-address 224.0.0.0/3add action drop chain forward dst-address 224.0.0.0/3MUM INDIA 2016www.ispmart.comPowered by TCPL Online
Questions ?MUM INDIA 2016www.ispmart.comPowered by TCPL Online
GPON ONU moduleProduct specificationsDetails Product code Data Rate Connector FormatMUM INDIA 2016SFPONU1244Mb/s downstream and 2488Mb/s upstreamSmall form factor pluggable, simplex SCMSA SFPwww.ispmart.comPowered by TCPL Online
EPON OLT Chassis based OLT (Expandable -12 Port) GEPON OLT slots with 1: 64 splitting ratio at most Support 256 ONU maximally Maximum Transmission distance:20 km Suitable for small FTTX networking access Full gigabit link speed forword 4 uplink SFP portsEPON ONT (SFU) 1 G Receiver Wavelength:- 1490nm Receiving Sensitivity:- -25dBim Working Temperature:- -20 60ONU Fiber Port:- 1 EPON Interface, SC single-mode single-fiber, Downstream rate 1.25Gbps, Upstream rate 1.25Gbps Wavelength:- Tx 1310 nm, Rx 1490 nm Fiber Interface:- SC/PC
MUM INDIA 2016Thank You for Listening TARA CONSULTANTS PVT LTD307, OSIAN BUILDING,12, NEHRU PLACE,NEW DELHI-110019TEL: 011-46570273Ph : 91-9311686026, .ispmart.com
Port Scanner Port scanning is a method of getting list of opened and listening ports, which gives idea to hackers or attackers about vulnerability of network Syn Flooding A SYN flood is a form of denial-of-service attack in which an attacker sends a succession of SYN requests to a target's system in an attempt to consume enough server .
