Comment on Am I doing this (networking) safely?
non_burglar@lemmy.world 1 day ago
- Have the router to block portscanners
What do you mean by this?
Comment on Am I doing this (networking) safely?
non_burglar@lemmy.world 1 day ago
- Have the router to block portscanners
What do you mean by this?
redlemace@lemmy.world 1 day ago
I’m using RouterOS. In the firewall rules you can create a rule that if an IP touches a port, it get added to a address list (optional with a time-out). So my FW rules begin like this:
This too has endless possibilities. t.ex. like port knocking. (‘touch’ one or more ports in a specified sequence in a specified time to be allowed to access the actual service port)
non_burglar@lemmy.world 23 hours ago
This is a waste of time and your router’s CPU. You already have a whitelist and know your safe TCP sources, just drop all wan traffic and only allow new input from whitelist. Your chain input rule is just creating a pretty list of bots you’re dropping anyway.
redlemace@lemmy.world 22 hours ago
Well, here is the CPU load:
Image
And there is no increase on delay’s or jitter compared to what i’m already facing on the WAN itself.
It keep’s 6000+ hosts with possible harmful intend away from the ports I need/want open to the world. Actually, the router -while still being bored- offloads the services behind it. I really can’t see a reason not to keep doing it. But, sure, it’s a personal choice.
non_burglar@lemmy.world 20 hours ago
Didn’t you say you have whitelist of allowed ips? Why don’t you just drop any other inbound traffic?
Appoxo@lemmy.dbzer0.com 23 hours ago
Off-topic: Looks like you missed the two spaces after beginning a new line.
Just wanted to inform you in case you werent aware ;)
redlemace@lemmy.world 22 hours ago
the spacebar on my Remington isn’t what it used to be, maybe a drop of oil will help ;)