add action=log chain=IPS limit=10,5 log-prefix=ping_flood: protocol=icmp

This will log any ICMP upto 10 packets per second, not more - I don't think
it's what you need.



2012/9/13 Jacob Heider <[email protected]>

> Soon, I will be installing a routerboard (probably a 2011) for a bank as
> their primary router/firewall. Based on a little light reading, I'm
> probably going to be using the following as a basic IPS configuration:
>
> /ip firewall filter
> add action=jump chain=input in-interface=ether1 jump-target=IPS
> [other input blocking rules]
> add action=jump chain=forward in-interface=ether1 jump-target=IPS
> add action=log chain=IPS limit=10,5 log-prefix=ping_flood: protocol=icmp
> add action=log chain=IPS log-prefix=port_scan: protocol=tcp psd=10,3s,3,1
> add action=drop chain=IPS protocol=tcp psd=10,3s,3,1
> add action=tarpit chain=IPS protocol=tcp src-address-list=black_list
> add action=log chain=IPS connection-limit=10,32 log-prefix=blacklist:
> add action=add-src-to-address-list address-list=black_list
> address-list-timeout=1d chain=IPS connection-limit=10,32
> add action=return chain=IPS
>
> Anyone tried to satisfy security requirements for a U.S. bank using MT's
> filtering rules? Any suggestions?
> ______________________________**_________________
> Mikrotik mailing list
> [email protected]
> http://www.butchevans.com/**mailman/listinfo/mikrotik<http://www.butchevans.com/mailman/listinfo/mikrotik>
>
> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik
> RouterOS
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: 
<http://www.butchevans.com/pipermail/mikrotik/attachments/20120913/dab77701/attachment.html>
_______________________________________________
Mikrotik mailing list
[email protected]
http://www.butchevans.com/mailman/listinfo/mikrotik

Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS

Reply via email to