Securing Your Network With MikroTik Router Firewall

Port Knocking: The Future of Router Security In today's world, cybersecurity is of paramount importance. With hackers constantly on the lookout for vulnerable systems, it is becoming increasingly difficult to keep our sensitive data safe and secure. However, with the rise of port knocking technology, we can now add an extra layer of security to our routers and safeguard them against hacking attempts. In this article, we will explore port knocking in detail and show you how to set it up on your MikroTik firewall router. But first, let's understand what port knocking is and how it works. What is Port Knocking? Port knocking is a technique used to secure ports on a firewall or router. It involves sending a series of connection attempts to a specific set of ports on the router, in a particular order, to trigger the opening of a hidden port. Once the hidden port is opened, the user can connect to it and gain access to the router's management interface. The beauty of port knocking lies in its simplicity. By requiring a specific sequence of connection attempts, it makes it much harder for hackers to guess the right sequence and gain access to the router. In effect, port knocking adds an extra layer of security to your router without requiring any additional hardware or software. Setting up Port Knocking on your MikroTik Router Now that we understand what port knocking is and how it works, let's look at how to set it up on your MikroTik firewall router. But before we begin, ensure that you have the latest firmware installed on your router and that you have access to the router's configuration interface. 1. Configuring the Firewall Filter Rules The first step in setting up port knocking on your MikroTik router is to configure the firewall filter rules. To do this, you will need to access the router's configuration interface through a web browser. Once you have accessed the configuration interface, navigate to the IP > Firewall > Filter Rules menu, and create a new rule. In the new rule, add the following settings: • Chain: input • Protocol: tcp • Dst. Port: 22,23,24 • Action: drop • Comment: Port Knocking This rule will block incoming connections to ports 22, 23, and 24, which are the ports we will use for port knocking. Don't worry; we will create another rule later to open the hidden port. 2. Configuring the Port Knocking Sequence The next step is to configure the port knocking sequence. To do this, you will need to create a script, which uses the RouterOS command line interface to run a specific set of actions when the correct sequence of port knocks is detected. To create the script, navigate to the System > Scripts menu, and create a new script. In the new script, add the following commands: /interface list add name=port_knocking /interface list member add interface=bridge list=port_knocking /ip firewall filter add chain=input in-interface-list=port_knocking protocol=tcp dst-port=22,23,24 action=add-src-to-address-list\ address-list=port_knock address-list-timeout=5m comment=\"PortKnock Rule\" disabled=no /ip firewall filter add chain=input src-address-list=port_knock protocol=tcp dst-port=21 action=accept\ comment=\"Port Knocking Accept\" disabled=no /ip firewall filter remove [find comment=\"PortKnock Rule\"] /ip firewall filter add chain=input protocol=tcp dst-port=21 action=add-src-to-address-list\ address-list=port_knock address-list-timeout=5m comment=\"Knock three times\" disabled=no This script creates an interface list called port_knocking, adds the bridge to the interface list, assigns an address list to the source IP address once a connection is made to ports 22, 23, and 24. It then removes the initial port-knocking rule and adds a new rule that allows access to port 21 once the source IP address is added to the address list. Finally, it creates a new rule that adds the source IP address to the address list once there is a successful connection attempt to port 21. 3. Adding the Script to the Firewall Events The final step is to add the script to the firewall events. This will ensure that the script is executed whenever a port knocking sequence is detected. To do this, navigate to the IP > Firewall > Filter Rules menu, and create a new rule. In the new rule, add the following settings: • Chain: input • Protocol: tcp • Dst. Port: 21 • Action: add-src-to-address-list address-list=port_knock address-list-timeout=5m comment="Port knocking" This rule will trigger the script whenever a connection to port 21 is detected, which means that the correct port knocking sequence has been sent. It will then add the source IP address to the address list and allow access to the router's management interface. Conclusion In conclusion, port knocking is a valuable technique that you can use to enhance the security of your MikroTik firewall router. By requiring a specific sequence of connection attempts, it adds an extra layer of security and makes it harder for hackers to gain access to your router. With the right setup, you can secure your router against most hacking attempts, making it safer and more secure for you and your network. We hope this article has been helpful in explaining the concept of port knocking and how to set it up on your MikroTik router. Remember to follow the steps carefully and test your setup thoroughly before deploying it in a production environment. Stay safe online! MikroTik Firewall : Securing your Router with Port Knocking