Community discussions

MikroTik App
 
ginky
just joined
Topic Author
Posts: 1
Joined: Sun May 15, 2022 4:44 pm

How to block connections without ClientHello packet?

Sun May 15, 2022 4:53 pm

Hi,

I need to block all tcp port 443 connections which don't contains clienthello packet after tcp syn,ack.
I can't realize how catch queue of packets in every tcp connection. It looks like impossible to do this on RoutesOS.

Can you help?

Thank you
 
User avatar
chechito
Forum Guru
Forum Guru
Posts: 2990
Joined: Sun Aug 24, 2014 3:14 am
Location: Bogota Colombia
Contact:

Re: How to block connections without ClientHello packet?  [SOLVED]

Sun May 15, 2022 8:19 pm

i think maybe this way:

allow start the connection until certain threshold of traffic like 60k connection-bytes , in this interval inspect for rigth hello using content

if connection match content mark that connection to allow it freely

drop any connection not marked beyond 60k connection-bytes

Who is online

Users browsing this forum: No registered users and 50 guests