Cara Block SSH FTP Telnet Brute Force Pada Mikrotik 2013
bagaimana Cara Block SSH FTP & Telnet Brute Force Pada Mikrotik 2013. Apa itu SSH FTP & Telnet Brute Force? Brute Force adalah sebuah tehnik seseorang yang mencoba masuk ke router kita via FTP / Telnet / SSH menggunakan port 21, 22, 23
dengan acak atau menebak username dan password router kita yang mereka
tebak. Jadi disini kita bisa menangkal jika mereka login sembarangan
atau menggunakan tehnik Brute Force, maka IP yang mereka gunakan akan
tercatat di Address List kita. Selanjutnya akan di Banned sesuai yang
kita inginkan.
Untuk caranya kita bisa langsung menggunakan terminal, dan copy script dibawah ini :
FTP Blocker:
/ip firewall filter
add chain=input protocol=tcp dst-port=21 src-address-list=black_list action=drop \
comment="drop ftp brute forcers" disabled=no
add chain=input protocol=tcp dst-port=21 connection-state=new \
src-address-list=ftp_stage3 action=add-src-to-address-list address-list=black_list address-list-timeout=1d \
comment="" disabled=no
add chain=input protocol=tcp dst-port=21 connection-state=new \
src-address-list=ftp_stage2 action=add-src-to-address-list address-list=ftp_stage3 address-list-timeout=1m \
comment="" disabled=no
add chain=input protocol=tcp dst-port=21 connection-state=new \
src-address-list=ftp_stage1 action=add-src-to-address-list address-list=ftp_stage2 address-list-timeout=1m \
comment="" disabled=no
add chain=input protocol=tcp dst-port=21 connection-state=new \
action=add-src-to-address-list address-list=ftp_stage1 address-list-timeout=1m comment="" \
disabled=no
SSH Blocker:
/ip firewall filter
add chain=input protocol=tcp dst-port=22 src-address-list=black_list action=drop \
comment="drop ssh brute forcers" disabled=no
add chain=input protocol=tcp dst-port=22 connection-state=new \
src-address-list=ssh_stage3 action=add-src-to-address-list address-list=black_list address-list-timeout=1d \
comment="" disabled=no
add chain=input protocol=tcp dst-port=22 connection-state=new \
src-address-list=ssh_stage2 action=add-src-to-address-list address-list=ssh_stage3 address-list-timeout=1m \
comment="" disabled=no
add chain=input protocol=tcp dst-port=22 connection-state=new \
src-address-list=ssh_stage1 action=add-src-to-address-list address-list=ssh_stage2 address-list-timeout=1m \
comment="" disabled=no
add chain=input protocol=tcp dst-port=22 connection-state=new \
action=add-src-to-address-list address-list=ssh_stage1 address-list-timeout=1m comment="" \
disabled=no
Telnet Blocker:
/ip firewall filter
add chain=input protocol=tcp dst-port=23 src-address-list=black_list action=drop \
comment="drop telnet brute forcers" disabled=no
add chain=input protocol=tcp dst-port=23 connection-state=new \
src-address-list=telnet_stage3 action=add-src-to-address-list address-list=black_list address-list-timeout=1d \
comment="" disabled=no
add chain=input protocol=tcp dst-port=23 connection-state=new \
src-address-list=telnet_stage2 action=add-src-to-address-list address-list=telnet_stage3 address-list-timeout=1m \
comment="" disabled=no
add chain=input protocol=tcp dst-port=23 connection-state=new \
src-address-list=telnet_stage1 action=add-src-to-address-list address-list=telnet_stage2 address-list-timeout=1m \
comment="" disabled=no
add chain=input protocol=tcp dst-port=23 connection-state=new \
action=add-src-to-address-list address-list=telnet_stage1 address-list-timeout=1m comment="" \
disabled=no
Dari script yang di atas, bisa kita pelajari dari ip yang mencoba masuk akan tercatat dan ditambahkan ke address list seperti gambar dibawah ini :
Tidak ada komentar :
Posting Komentar