Community discussions

MikroTik App
 
User avatar
kiler129
Member
Member
Topic Author
Posts: 352
Joined: Tue Mar 31, 2015 4:32 pm
Location: IL, USA
Contact:

[Security] Can TCP handshake be blocked by ROS firewall?

Sat Dec 12, 2015 1:40 am

Hi!
Reading through security blogs I found a rather interesting article regarding current generation firewalls. Since ROS is equipped with stateful firewall it may be also vulnerable.
Article is published at http://www.cynet.com/blog/, but looking at the link it may change so I made a screenshot: http://i.imgur.com/WN98i5F.png

Could someone from MikroTik comment on that?
 
User avatar
chechito
Forum Guru
Forum Guru
Posts: 2990
Joined: Sun Aug 24, 2014 3:14 am
Location: Bogota Colombia
Contact:

Re: [Security] Can TCP handshake be blocked by ROS firewall?

Sat Dec 12, 2015 3:39 am

maybe a regexp on a L7 filter can catch it??

in theory when a connection is blocked the syn does not even pass??

i think only affect next gen utm firewall who perform app id off course when connections are allowed
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: [Security] Can TCP handshake be blocked by ROS firewall?

Sat Dec 12, 2015 2:55 pm

Of course when you have an IP Firewall rule that blocks establishment of TCP sessions to some specific port (or to all ports except some specific ones), you are not vulnerable to such attacks.
I have not seen a firewall that works like the one they describe (that allows all connections initially), but maybe they exist.
Maybe they are factory-default setups that a normal operator would always modify.

Who is online

Users browsing this forum: Amazon [Bot], Bing [Bot], friend2809, infabo, mkx and 73 guests