por Jorge Fernando Matsudo Iwano

MDBR0010, MTCRE, MTCTCE, MTCUME, MTCINE

Introduo Flu ogra!a NetF"lter Cr"ando #"ltros s"!ples Cr"ando l"stas de endereos Ut"l"$ando %&a"ns Introduo a 'a(er) Topolog"as de uso %o!uns Boas pr*t"%as +antagens e des,antagens

Con%e"to
Mat%& -o ."erar/u"a das regras

-nalog"a %o! progra!ao

"# 01proto%olo 2 3t%p34 5 "# 01porta 2 674 5 dropa048 9 9 "# 01proto%olo 2 3t%p34 5 "# 01porta 2 :04 5 a%e"ta048 9 9

 Endereo I; ou Range
<r"ge! Dest"no

;roto%olo
TC;, UD;, =RE, ICM; <>;F, et%???

;orta
.TT; @ TC;A:0 .TT;> @ TC;ABBC DN> D UD;A7C

Endereo M-C

 Inter#a%e
Entrada >aEda

;a%otes %o! !ar%ados

MarF ;a%Fet MarF Conne%t"on

'"stas de endereos Ca!ada )

-nal"se da apl"%ao

D>C;

E e!plos de proto%olos de apl"%ao

-pl"%ao .TT; .TT;> >MT; ;<; IM-; DN> FT; FT;@D-T>I; EoI; ;;t; ;roto%olo TC; TC; TC; TC; TC; UD; TC; TC; UD; =RE TC; A =RE 1)6C ;orta :0 BBC 67 110 1BC 7C 61 60 70G0

D"%a para des%oHr"r /ue proto%olo %ertas apl"%aIes ut"l"$a!?

-r/u",o Jser,"%esK
'"nu L JAet%Aser,"%esK M"ndowsL JCLNM"ndowsN>(ste!C6Ndr",ersNet%Nser,"%esK

Ut"l"t*r"o Jtor%&K do Router<> Instalar #erra!enta de an*l"se de tr*#ego no &ost %l"ente Consultar do%u!entao da apl"%ao

TaHles
F"lter N-T Mangle Input <utput Forward ;rerout"ng ;ostrout"ng

C&a"n

Target
-%%ept Drop Ju!p

C&a"ns De#ault

Blo/ue"o de tra#ego d"re%"onado ao Router<>

A"p #"rewall #"lter add %&a"n2"nput N
sr%@address21O6?1G:?0?10 a%t"on2drop

Blo/ue"o de tra#ego part"ndo do Router<>

A"p #"rewall #"lter add %&a"n2output N
dst@address21O6?1G:?0?10 a%t"on2drop

De,e@se ter %u"dado na %r"ao das regras, para no %orrer o r"s%o de perder a%esso re!oto? E L
A"p #"rewall #"lter add %&a"n2"nput a%t"on2drop

Blo/ue"o de tra#ego passando pelo Router<>

B*s"%o
A"p #"rewall #"lter add %&a"n2#orward N
sr%@address21O6?1G:?0?10 a%t"on2drop

Ma"s espe%"#"%o
A"p #"rewall #"lter add %&a"n2#orward N
dst@address21O6?1G:?0?10 "n@"nter#a%e2et&er1@'-N N a%t"on2drop

Ma"s espe%"#"%o a"nda

A"p #"rewall #"lter add %&a"n2#orward N
dst@address21O6?1G:?0?10 "n@"nter#a%e2et&er1@'-N N out@"nter#a%e2et&er6@M-N a%t"on2drop

Cadastrando I;s
A"p #"rewall address@l"st add address21O6?1G:?0?10 N l"st2d"retor"a A"p #"rewall address@l"st add address21O6?1G:?0?11 N l"st2d"retor"a

Cadastrando Blo%o de I;s

A"p #"rewall address@l"st add address210?10?0?0A6B N
l"st2rede;ro,edor

A"p #"rewall address@l"st add address210?10?1?0A6B N

l"st2rede;ro,edor

Ut"l"$ando as l"stas
A"p #"rewall #"lter add %&a"n23#orward3 N sr%@address@l"st2d"retor"a a%t"on2a%%ept A"p #"rewall #"lter add %&a"n23#orward3 N sr%@address@l"st2rede;ro,edor a%t"on2a%%ept A"p #"rewall #"lter add %&a"n2J"nput3 N sr%@address@l"st2Bla%F'"st a%t"on2drop

<t"!"$ao na estrutura do #"rewall E,"ta repet"o de regras

E e!ploL
C&a"n log@and@drop
A"p #"rewall #"lter add a%t"on2log %&a"n2log@and@drop d"saHled2no A"p #"rewall #"lter add a%t"on2drop %&a"n2log@and@drop N d"saHled2no

C&a"n pa%FTC;
A"p #"rewall #"lter add a%t"on2a%%ept %&a"n2pa%FTC; %onne%t"on@state2estaHl"s&ed N d"saHled2no add a%t"on2a%%ept %&a"n2pa%FTC; %onne%t"on@state2related d"saHled2no add a%t"on2a%%ept %&a"n2pa%FTC; %onne%t"on@state2new d"saHled2no add a%t"on2drop %&a"n2pa%FTC; %onne%t"on@state2"n,al"d d"saHled2no add a%t"on2Pu!p %&a"n2pa%FTC; d"saHled2no Pu!p@target2log@and@drop

 -nal"se do tra#ego na %a!ada de apl"%ao E,"ta /ue os usu*r"os Hurle! Hlo/ue"os #e"tos por portas?
E e!plos
Rodar e!ule soHre porta :0At%p Rodar u! pro ( #ora do a!H"ente restr"to na porta :0At%p

Ele,ao no pro%essa!ento? De,e@se ser anal"sado C;U, Tra#Qgo, et%???

TaHela de e#"%"Rn%"a

&ttpLAAl)@#"lter?sour%e#orge?netAproto%ols

'"sta de e pressIes regulares

&ttpLAAw"F"?!"Frot"F?%o!Aw"F"ABas"%Stra##"%Ss&ap"ngSHasedSonSla(er@)Sproto%ols

Cadastrar e pressIes regulares

A"p #"rewall la(er)@proto%ol add na!e2&ttp N
rege p23&ttpA00NN?OT1NN?0T1NN?14 U1@7VU0@OVU0@OV UNt@N Nr @ WVX0%onne%t"onLT%ontent@t(peLT%ontent@lengt&LTdateL4Tpost UNt@Nr @WVX N &ttpAU01VNN?U01OV3

A"p #"rewall #"lter add a%t"on2a%%ept %&a"n2#orward d"saHled2no N la(er)@proto%ol2&ttp add a%t"on2drop %&a"n2#orward d"saHled2no N la(er)@proto%ol2H"ttorrent

Router<> e! !odo Br"dge 0transparente4

F"ltros Yo> Z Controle de Handa

Router<> e! !odo router e N-T

Red"re%"ona!entos Mas%ara!entos F"ltros Yo> Z Controle de Banda Z Con%entrador de Tune"s
+;N I;>e% '6T;

Et%????

>er,"os do Router<>
De" ar so!ente os ser,"os /ue real!ente ,o%R ut"l"$ar? ;ode!os atQ !udar a porta de#ault de u! ser,"o[

Cr"ar u!a polEt"%a de a%esso de#ault

Blo/ue"a tudo e l"Hera "te! a "te! '"Hera tudo e Hlo/ue"a "te! a "te!

Cr"ao de C&a"ns /ue pode! ser ut"l"$adas e! ,*r"as partes do #"rewall

'og and Drop Dete%t@;ort>%an ;a%FTC;

Caso de pro,edores
Blo/ue"o de portas nos %on%entradores de usu*r"os
M"ndows 01C7@1CO, BB74 >MT; 0674 +ErusATroPansAEt%???

'"!"te de %one Ies s"!ult\neas

;6; 0torrentAe!uleAet%???4
A"p #"rewall #"lter add %&a"n2#orward a%t"on2drop N t%p@#lags2s(n proto%ol2t%p %onne%t"on@l"!"t2100,C6 N d"saHled2no

+ErusATroPansAEt%???

;ort ]no%F"ng
;ode!os pre,en"r ata/ues do t"po Brute For%e A"p #"rewall #"lter
add a%t"on2add@sr%@to@address@l"st address@l"st2Fno%F@1 N
address@l"st@t"!eout210s %&a"n2"nput d"saHled2no N dst@port216CB proto%ol2t%p

add a%t"on2add@sr%@to@address@l"st address@l"st2Fno%F@6 N address@l"st@t"!eout21! %&a"n2"nput d"saHled2no N dst@port2BC61 proto%ol2t%p sr%@address@l"st2Fno%F@1 add a%t"on2a%%ept %&a"n2"nput %onne%t"on@state2new N d"saHled2no dst@port266 proto%ol2t%p N sr%@address@l"st2Fno%F@6 add a%t"on2a%%ept %&a"n2"nput %onne%t"on@state2estaHl"s&ed N d"saHled2no dst@port266 proto%ol2t%p add a%t"on2drop %&a"n2"nput d"saHled2no dst@port266 N proto%ol2t%p

I; >poo#"ng
- tQ%n"%a %ons"ste e! #als"#"%ar I; de or"ge! Co!o se proteger^
Cr"ando #"ltros 0drop4
;a%otes da sua %o! or"ge! '-N entrando pela M-N ;a%otes /ue no so da sua '-N sa"ndo para rede M-N

A"p #"rewall address@l"st add l"st2!eusHlo%os address21O6?1G:?0?0A6B add l"st2!eusHlo%os address21O6?1G:?1?0A6B A"p #"rewall #"lter add a%t"on2drop %&a"n2#orward d"saHled2no N "n@"nter#a%e2et&er@'-N sr%@address@l"st2[!eusHlo%os add a%t"on2drop %&a"n2#orward d"saHled2no N "n@"nter#a%e2et&er@M-N sr%@address@l"st2!eusHlo%os

Blo/ue"o de endereos "n,*l"dos

A"p #"rewall address@l"st
add add add add add l"st2"ps@"n,al"dos l"st2"ps@"n,al"dos l"st2"ps@"n,al"dos l"st2"ps@"n,al"dos l"st2"ps@"n,al"dos address216)?0?0?0A: address266B?0?0?0AC address210?0?0?0A: address21)6?1G?0?0A16 address21O6?1G:?0?0A1G

A"p #"rewall add a%t"on2drop %&a"n2#orward N d"saHled2no sr%@address@l"st2"ps@"n,al"dos

;ontos pos"t",os
>< E!Har%ado Man"pulao das regras de #or!a ,"sual Fa%"l"dade e! !anutenIes .ardwares ded"%ados 0RB4 Fa%"l"dade de Ha%Fup e restore J," #"rewall?s&8 ?A#"rewall?s&8 "ptaHles Dn,'K ^ e e!plo@ s%r"pt?t t

;onto negat",o
'"!"tado, no /ue se d"$ respe"to a ut"l"$ao de outros so#twares de rede, e L ut"l"$ao de u!a #erra!enta de ID>?

&ttpLAAw"F"?!"Frot"F?%o! ;ode!os en%ontrar u!a ,asta do%u!entao e e e!plos?

<Hr"gado[

Jorge Fernando Matsudo Iwano

E!a"lL Porge_g"ga%o!?%o!?Hr, Porge?"wano_g!a"l?%o! Tele#oneL :6 :16O@GO7O A )XO67BG1 A 11 ):C7BC16 >F(peL Papae(eBu