ros port knocking 是啥意思的
Port KnockingIn the firewall we will load onto the router in the next section we divide up access into 2 sections
An address list of devices that have full access to the router
All other devices that have limited access to the router
One thing that all other devices are limited to is they have no Winbox/SSH/telnet access to the router, which sometimes will mean you can't get into it. One way to temporarily allow full access to a router is port knocking.
Port knocking with RouterOs is a way of adding a dynamic IP address into an address list for a specified amount of time. The way it works is like this
Client sends packet to router on port 1337
Router adds client’s IP address to address list “temp” with a timeout of 15 seconds
Client sends packer to router on port 7331
Router checks to see if the client’s IP address is on address list “temp”
If it is then router adds IP address to address list “safe” with a timeout of 15 minutes
Client has full access to router for 15 minutes
This feature is completely customisable with you able to define how many ports the client has to ‘knock’ before its given access, you can define what port numbers and what protocols you must knock and the timeout values.
http://wiki.mikrotik.com/wiki/Securing_New_RouterOs_Router#Loading_A_Firewall
麻烦大家指点下的 侦测2个port, 并暂时开通某IP权限 15 分 嗯...................大概看懂了!
是說你要連線 Winbox/SSH/telnet的Port
你可以先送出一個連線 1337 port 去敲ROS的門然後你又有15秒時間去敲 port 7331
此時就會有15分鐘的連線了
意思是說平時不讓你開啟winbox等port但是經過敲門驗證后就會同意你winbox連線了!
這個 Linux 早就有的功能啦! 麻烦详细说下的,还是不明白
页:
[1]