Analysis and implementation of the Port Knocking method using Firewall-based Mikrotik RouterOS

Abstract

Static firewalls such as packet filtering that restrict access based on addresses on NIC (Network Interface Card) devices in the form of MAC addresses will make dependence on the device, this will make it difficult for administrators. This type of firewall is vulnerable to packet spoofing in the form of MAC address spoofing. Firewall port knocking in some previous research, port Knocking using third-party applications that must be installed and dependence on certain. This port knocking method with port programming based on socket programming aims to provide easy access without dependence on IP addresses and Mac addresses or operating systems as well as better security through a tap format that must go through 4 stages, namely having to use the correct protocol type, port number correct, correct order and send the correct string to obtain access rights. The Port knocking method only allows access to clients who have performed the correct and complete knocking port. Knocking port applications are made using socket-based programming that can run on Windows and Linux operating systems and do not need the installation process so that the authentication process is less than 2 seconds. The compatibility of the port Knocking application makes access easier and faster. The port knocking method firewall has a filter effectiveness of 66.7% and better resistance to DDoS attacks than packet filtering based on data service quality. Port Knocking gets RTT value of 380 ms (Medium Category) and Packet loss of 8.3% (Good Category), while packet filtering gets RTT value of 2858 (Poor Category) and Packet Loss of 56.3% (Poor Category).