Use the HoneyPotListnerOption class to configure the firewall to actively monitor port for hackers trying to attack the server hosting the application.
Object Model
Syntax
public class HoneyPotServerListnerOption
Remarks
For the service to detect being attacked you will need to
- Forward ports from the router to the server
- Allow your firewall to receive connections on these ports
- configure the firewall to monitor the port.
Say you like to detect users trying to manage the server using SSH and you don't use SSH (windows uses Remote desktop)
You then go to your edge router (the router sending the data from the internet to your web-server) and you configure port forwarding.
Ideal you would forward the SSH port, to a port not used on your server ensuring that there is no conflict on port usage.
Example
the following example shows how to configure the firewall to monitor frequently attacked ports
services.AddFireWall<MyFireWall>(
options =>
{
options.UseSession = false;
options.FireWallMode = Walter.Web.FireWall.FireWallProtectionModes.WebSiteWithApi;
options.ProtectedEndPointTypes.Add(typeof(BaseController));
options.TrackUsers = true;
options.Cashing.GeoLocation.SlidingExpiration = TimeSpan.FromMinutes(20);
options.WebServices.UserEndpointJavaScript = new Uri(Walter.Web.FireWall.DefaultEndpoints.DefaultLinks.UserEndpointJavaScript, UriKind.Relative);
options.WebServices.IsUserApiUrl = new Uri(Walter.Web.FireWall.DefaultEndpoints.DefaultLinks.IsUserEndpoint, UriKind.Relative);
options.WebServices.RegisterLinksApiUrl = new Uri(Walter.Web.FireWall.DefaultEndpoints.DefaultLinks.SiteMapEndPoint, UriKind.Relative);
options.WebServices.BeaconApiUrl = new Uri(Walter.Web.FireWall.DefaultEndpoints.DefaultLinks.BeaconPoint, UriKind.Relative);
options.WebServices.CSPReportUrl = new Uri(Walter.Web.FireWall.DefaultEndpoints.DefaultLinks.CSPViolation, UriKind.Relative);
options.Rules.AllowWhiteListing = false;
options.Rules.PhysicalFileWallExcludeReasons = Walter.BOM.FirewallBlockReasons.ALL & ~Walter.BOM.FirewallBlockReasons.NoAccessFromRegion;
options.Rules.BlockRequest.BlockDuration.SlideExpiration = true;
options.Rules.BlockRequest.BlockDuration.Expires = TimeSpan.FromSeconds(10);
options.Rules.Headers.AddDefaultSecurePolicy()
.AddStrictTransportSecurityNoCache()
.AddXssProtectionBlockAndReport()
.AddContentSecurityPolicyButTrust(trustingSites: Walter.Web.FireWall.TrustingSites.Jquery | Walter.Web.FireWall.TrustingSites.Google
, allowInline: true
, framesPolicy: Walter.Web.FireWall.FramesPolicy.Self);
})
.UsePortScannerProtection(options => {
/*map the service ports to a local port on your computer*/
/*Redirect the requests to your computer and open the firewall for the redirected ports*/
options.SSH = 4000; // map port 22 to port 4000 on your router
options.TSQL = 4001; // map port 1433 to port 4001 on your router
options.Telnet= 4002; // map port 23 to port 4002 on your router
options.MYSQL = 4005; // map port 3306 to port 4005 on your router
options.DNS = 4006; // map port 53 to port 4006 on your router
/*you can manually map port aliases in the range from 0 till 65535*/
options.AddOrUpdate(externalPort: 900, internalPort:14010, name:"Port 900");
})
Inheritance Hierarchy
System.Object
Walter.Net.HoneyPot.HoneyPotServerListnerOption
Requirements
Target Platforms: Windows 7, Windows Vista SP1 or later, Windows XP SP3, Windows Server 2008 (Server Core not supported), Windows Server 2008 R2 (Server Core supported with SP1 or later), Windows Server 2003 SP2
See Also