udah lama nih gk blogging dimari, soalnya ane sibuk kerja dan cari ilmu2 baru :D
dan alhamdulillah ane nemu ilmu yang lumayan penting.
kemaren gara2 mikrotik ane dijailin sama orang yang tidak bertanggung jawab ane jadi bisa dapet ilmu ini nih, buat ngatasin orang2 jail di dunia cyber,
/ip firewall filter
add action=drop chain=input comment="drop ftp brute forcers" dst-port=21 \
protocol=tcp src-address-list=ftp_blacklist
add chain=output content="530 Login incorrect" dst-limit=1/1m,9,dst-address/1m \
protocol=tcp
add action=add-dst-to-address-list address-list=ftp_blacklist \
address-list-timeout=3h chain=output content="530 Login incorrect" protocol=\
tcp
add action=drop chain=input comment="drop ssh brute forcers" dst-port=22 \
protocol=tcp src-address-list=ssh_blacklist
add action=add-src-to-address-list address-list=ssh_blacklist \
address-list-timeout=1w3d chain=input connection-state=new dst-port=22 \
protocol=tcp src-address-list=ssh_stage3
add action=add-src-to-address-list address-list=ssh_stage3 address-list-timeout=\
1m chain=input connection-state=new dst-port=22 protocol=tcp \
src-address-list=ssh_stage2
add action=add-src-to-address-list address-list=ssh_stage2 address-list-timeout=\
1m chain=input connection-state=new dst-port=22 protocol=tcp \
src-address-list=ssh_stage1
add action=add-src-to-address-list address-list=ssh_stage1 address-list-timeout=\
1m chain=input connection-state=new dst-port=22 protocol=tcp
disitu ip yang mencoba brute force ke mikrotik kita akan terlihat di IP -> Firewall -> Address Lists
biar lebih aman lagi matikan aja port yang tidak terpakai di mikrotik, dan jangan lupa buat merubah port ssh, telnet, dan web nya biar aman :D
sekian dulu deh besok kalo udah ada pengalaman baru bakal posting lagi,
Next
« Prev Post
« Prev Post
Previous
Next Post »
Next Post »
Subscribe to:
Post Comments (Atom)
EmoticonEmoticon