FTP Server service on our Mikrotik Router of course, we need to run for administrative purposes. But, what if FTP is running, there are those who want to use FTP on the router mikrotik to try things that are harmful to our Network. The most common way for this is usually done is by using the method of Brute Force Attack.
Brute force attack is an attack technique of a computer security system that uses the trial of all possible keys. This approach was originally referring to a computer program that relies on computer processing power than human intelligence (source : Wikipedia)
This must be done to prevent the above is actually quite simple. It only took 3 rule in the firewall.
The first rule is to perform filtering for traffic originating from ether1 (please be changed as needed), TCP port 21 traffic ... and the IP origin matched with ftp_blacklist addr-list (which will dicreate in the next rule) when appropriate / positive then drop action will do.
If there is to do a brute force attack for the first time, the first rule is do not do anything. But if its IP has been recorded, it will be directly in the Drop.
The second rule acted as a lookout, whether from a particular IP has done Incorrect Login as much as 9 times in a period of 1 minute .... So when still in the range of 9 times in 1 minute then it will still diaccept ... Well if it has exceeded 9 times , then this rule will not apply and will proceed to the next rule
The third rule will add the IP of the attacker into the addr-list named ftp_blacklist ... it's just made this rule
Source : forummikrotik.com
Brute force attack is an attack technique of a computer security system that uses the trial of all possible keys. This approach was originally referring to a computer program that relies on computer processing power than human intelligence (source : Wikipedia)
This must be done to prevent the above is actually quite simple. It only took 3 rule in the firewall.
/ ip firewall filter
add chain=input in-interface=ether1 protocol=tcp dst-port=21 src-address-list=ftp_blacklist action=drop
# accept 10 incorrect logins per minute
/ ip firewall filter
add chain=output action=accept protocol=tcp content="530 Login incorrect" dst-limit=1/1m,9,dst-address/1m
#add to blacklist
add chain=output action=add-dst-to-address-list protocol=tcp content="530 Login incorrect" address-list=ftp_blacklist address-list-timeout=3h
The first rule is to perform filtering for traffic originating from ether1 (please be changed as needed), TCP port 21 traffic ... and the IP origin matched with ftp_blacklist addr-list (which will dicreate in the next rule) when appropriate / positive then drop action will do.
If there is to do a brute force attack for the first time, the first rule is do not do anything. But if its IP has been recorded, it will be directly in the Drop.
The second rule acted as a lookout, whether from a particular IP has done Incorrect Login as much as 9 times in a period of 1 minute .... So when still in the range of 9 times in 1 minute then it will still diaccept ... Well if it has exceeded 9 times , then this rule will not apply and will proceed to the next rule
The third rule will add the IP of the attacker into the addr-list named ftp_blacklist ... it's just made this rule
Source : forummikrotik.com
Title : How to protect FTP server Mikrotik
Description : FTP Server service on our Mikrotik Router of course, we need to run for administrative purposes. But, what if FTP is running, there are ...
Description : FTP Server service on our Mikrotik Router of course, we need to run for administrative purposes. But, what if FTP is running, there are ...
0 Response to "How to protect FTP server Mikrotik"
Posting Komentar