Khusus buat temen-temen yang mempunyai network server menggunakan MikroTik, bagaimana kalian mencegah user yang mencoba login mikrotik, metode ini biasa dikenal dengan istilah bruteforce yaitu metode mencoba menebak username dan password sampai berulang-ulang. Bruteforce login mengkombinasikan beberapa karakter, yang telah di ambil dari database dan mencoba login pada server mikrotik anda, metode ini tidak hanya bisa dilakukan pada mikrotik tapi hampir semua jenis authentication baik website atau sejenisnya yang tidak dilindungi oleh firewall khusus Bruteforce.
Langsung aja, untuk mencegah Bruteforce login pada server mikrotik silahkan copy configurasi berikut :
Langsung aja, untuk mencegah Bruteforce login pada server mikrotik silahkan copy configurasi berikut :
Block Bruteforce FTP login
/ip firewall filter
add chain=input protocol=tcp dst-port=21 src-address-list=ftp_blacklist action=drop \
comment="drop ftp brute forcers"
add chain=output action=accept protocol=tcp content="530 Login incorrect" dst-limit=1/1m,9,dst-address/1m
add chain=output action=add-dst-to-address-list protocol=tcp content="530 Login incorrect" \
address-list=ftp_blacklist address-list-timeout=3h
add chain=input protocol=tcp dst-port=21 src-address-list=ftp_blacklist action=drop \
comment="drop ftp brute forcers"
add chain=output action=accept protocol=tcp content="530 Login incorrect" dst-limit=1/1m,9,dst-address/1m
add chain=output action=add-dst-to-address-list protocol=tcp content="530 Login incorrect" \
address-list=ftp_blacklist address-list-timeout=3h
Block SSH brute forcer login
add chain=input protocol=tcp dst-port=22 src-address-list=ssh_blacklist action=drop \
comment="drop ssh brute forcers" disabled=no
add chain=input protocol=tcp dst-port=22 connection-state=new \
src-address-list=ssh_stage3 action=add-src-to-address-list address-list=ssh_blacklist \
address-list-timeout=10d comment="" disabled=no
add chain=input protocol=tcp dst-port=22 connection-state=new \
src-address-list=ssh_stage2 action=add-src-to-address-list address-list=ssh_stage3 \
address-list-timeout=1m comment="" disabled=no
add chain=input protocol=tcp dst-port=22 connection-state=new src-address-list=ssh_stage1 \
action=add-src-to-address-list address-list=ssh_stage2 address-list-timeout=1m comment="" disabled=no
add chain=input protocol=tcp dst-port=22 connection-state=new action=add-src-to-address-list \
address-list=ssh_stage1 address-list-timeout=1m comment="" disabled=no
comment="drop ssh brute forcers" disabled=no
add chain=input protocol=tcp dst-port=22 connection-state=new \
src-address-list=ssh_stage3 action=add-src-to-address-list address-list=ssh_blacklist \
address-list-timeout=10d comment="" disabled=no
add chain=input protocol=tcp dst-port=22 connection-state=new \
src-address-list=ssh_stage2 action=add-src-to-address-list address-list=ssh_stage3 \
address-list-timeout=1m comment="" disabled=no
add chain=input protocol=tcp dst-port=22 connection-state=new src-address-list=ssh_stage1 \
action=add-src-to-address-list address-list=ssh_stage2 address-list-timeout=1m comment="" disabled=no
add chain=input protocol=tcp dst-port=22 connection-state=new action=add-src-to-address-list \
address-list=ssh_stage1 address-list-timeout=1m comment="" disabled=no
dan terkahir untuk memblock semua dari Ip yang didapatkan dari script diatas
Block Ip
add chain=forward protocol=tcp dst-port=22 src-address-list=ssh_blacklist action=drop \
comment="drop ssh brute downstream" disabled=no
comment="drop ssh brute downstream" disabled=no
Posted by Unknown on Senin, 12 Maret 2012 - Rating: 4.5
Title : Firewall Bruteforce Login di Mikrotik
Description : Khusus buat temen-temen yang mempunyai network server menggunakan MikroTik, bagaimana kalian mencegah user yang mencoba login mikrotik, me...
Description : Khusus buat temen-temen yang mempunyai network server menggunakan MikroTik, bagaimana kalian mencegah user yang mencoba login mikrotik, me...
0 Response to "Firewall Bruteforce Login di Mikrotik"
Posting Komentar