DYNAFA - The Dynamic Firewall Authenticator, David Reeves (EIT Hawke's Bay, New Zealand). PDF: https:https://mum.mikrotik.com/presentations/NZ18/presentation_5619_1526976443.pdf.
DYNAFA is a small project I have been working on. It is a firewall based authentication system which can leverage RouterOS scheduler and script tools, as well as address lists and packet filtering. This creates an virtually impenetrable network, which can only be unlocked with the correct sequence of packets. The correct sequences are randomized and mixed together in a way which an attacker could never reproduce, even while understand the system. They are then hard coded into the firewall rules, and those rules can be altered over time, to leave only but the smallest number of ports open to attack. This minimizes attack surface significantly ( less 0.02 % ), counters port scans and probes ( Dynamic attack surface ), counters replay attacks ( Dynamic Authentication Requirements ) stings attackers with booby-traps within the authentication surface topology ( High risks of being blacklisted ), is resource efficient ( Negative filtering ) and near impossible to crack with brute force
DYNAFA is a small project I have been working on. It is a firewall based authentication system which can leverage RouterOS scheduler and script tools, as well as address lists and packet filtering. This creates an virtually impenetrable network, which can only be unlocked with the correct sequence of packets. The correct sequences are randomized and mixed together in a way which an attacker could never reproduce, even while understand the system. They are then hard coded into the firewall rules, and those rules can be altered over time, to leave only but the smallest number of ports open to attack. This minimizes attack surface significantly ( less 0.02 % ), counters port scans and probes ( Dynamic attack surface ), counters replay attacks ( Dynamic Authentication Requirements ) stings attackers with booby-traps within the authentication surface topology ( High risks of being blacklisted ), is resource efficient ( Negative filtering ) and near impossible to crack with brute force
- Category
- MikroTik
- Tags
- mikrotik, routerboard, routeros
Be the first to comment
Up Next
Autoplay
-
01:30
Dynamic pricing for bandwidth-on-demand
-
45:48
Implementation EoIP over VPN on dynamic IP
-
44:00
BGP vs OSPF vs RIP vs MME - Battle of the Dynamic Protocols
-
06:15
Create Dynamic Pipelines
-
06:26
Layer 3 VPN Dynamic Route Distinguishers
-
11:31
Dynamic VPN - CLI
-
22:56
Firewall sobre firewall el enigma de la seguridad informatica
-
40:19
IP firewall raw + address-list (or what's new in MikroTik firewall in general)
-
26:30
Dynamic firewalling
-
03:26
Dynamic NAT in RouterOS
-
00:34
Meet the 5720 Universal Switch
-
01:26
Enable and Collect Webex Directory Connector Logs
-
01:18
Introducing Vatche Varvarian - Innovation Lead