Code:
/ip firewall filter add action=accept chain=input comment="Allow limited pings" disabled=no limit=50/5s,2 protocol=icmp add action=accept chain=input comment="" disabled=no limit=50/5s,2 protocol=icmp
Code:
add action=drop chain=input comment="drop FTP Brute Forcers" disabled=no dst-port=21 protocol=tcp src-address-list=FTP_BlackList add action=drop chain=input comment="" disabled=no dst-port=21 protocol=tcp src-address-list=FTP_BlackList add action=accept chain=output comment="" content="530 Login incorrect" disabled=no dst-limit=1/1m,9,dst-address/1m protocol=tcp add action=add-dst-to-address-list address-list=FTP_BlackList address-list-timeout=1d chain=output comment="" content="530 Login incorrect" disabled=no protocol=tcp
Code:
add action=drop chain=input comment="drop SSH&TELNET Brute Forcers" disabled=no dst-port=22-23 protocol=tcp src-address-list=IP_BlackList add action=add-src-to-address-list address-list=IP_BlackList address-list-timeout=1d chain=input comment="" connection-state=new disabled=no dst-port=22-23 protocol=tcp src-address-list=SSH_BlackList_3 add action=add-src-to-address-list address-list=SSH_BlackList_3 address-list-timeout=1m chain=input comment="" connection-state=new disabled=no dst-port=22-23 protocol=tcp src-address-list=SSH_BlackList_2 add action=add-src-to-address-list address-list=SSH_BlackList_2 address-list-timeout=1m chain=input comment="" connection-state=new disabled=no dst-port=22-23 protocol=tcp src-address-list=SSH_BlackList_1 add action=add-src-to-address-list address-list=SSH_BlackList_1 address-list-timeout=1m chain=input comment="" connection-state=new disabled=no dst-port=22-23 protocol=tcp
- Pada kesempatan pertama, ip hacker akan otomatis masuk ke address list SSH_BlackList_1 selama 1 menit.
- Apabila hacker tadi mencoba pada kesempatan kedua, maka ip nya akan masuk ke address list SSH_BlackList_2 selama 1 menit.
- Apabila hacker tadi masih mencoba untuk masuk, maka ip nya akan masuk ke address list SSH_BlackList_3 selama 1 menit
- Apabila hacker tadi masih mencoba sekali lagi untuk masuk ke router, maka ip hacker tsb akan masuk ke address list IP_BlackList, dan akan di banned dari router kita selama 1 hari.
cat: harap diperhatikan bahwa rule ini berlaku untuk kita. Jadi kalau kita lupa login atau password; atau salah mengetikkan password sebanyak 4x dalam kurun waktu kurang dari 1 menit; maka ip kita akan di banned oleh router kita sendiri selama 1 hari. karenanya jangan pernah melupakan password anda sendiri.
Code:
add action=drop chain=input comment="drop port scanners" disabled=no src-address-list=port_scanners add chain=input protocol=tcp psd=21,3s,3,1 action=add-src-to-address-list addresslist="port scanners" address-list-timeout=2w comment="Port scanners to list" disabled=no
Code:
add action=add-src-to-address-list address-list=port_scanners address-list-timeout=2w chain=input comment="" disabled=no protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg add action=add-src-to-address-list address-list=port_scanners address-list-timeout=2w chain=input comment="" disabled=no protocol=tcp tcp-flags=fin,syn add action=add-src-to-address-list address-list=port_scanners address-list-timeout=2w chain=input comment="" disabled=no protocol=tcp tcp-flags=syn,rst add action=add-src-to-address-list address-list=port_scanners address-list-timeout=2w chain=input comment="" disabled=no protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack add action=add-src-to-address-list address-list=port_scanners address-list-timeout=2w chain=input comment="" disabled=no protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg add action=add-src-to-address-list address-list=port_scanners address-list-timeout=2w chain=input comment="" disabled=no protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
0 komentar:
Posting Komentar