Tidak usah panjang cerita, kadang orang pengen bergaya mau pake ip publik… tapi tak sadar dengan adanya ip publik banyak sekali serangan dari luar .. terutama port 22, dan 23, so jadi untuk mikrotik kita tidak usah banyak pusing lagi dengan script nya tinggal kopi paste saja.
Oke berikut ini adalah script untuk serangan terus menerus …. tinggal kopi paste aja dah dalam new terminal pada mikrotik …
/ip firewall filter
add chain=input protocol=tcp dst-port=21 src-address-list=ftp_blacklist action=drop \
comment=”drop ftp brute forcers”
add chain=output action=accept protocol=tcp content=”530 Login incorrect” dst-limit=1/1m,9,dst-address/1m
add chain=output action=add-dst-to-address-list protocol=tcp content=”530 Login incorrect” \
address-list=ftp_blacklist address-list-timeout=3h
add chain=input protocol=tcp dst-port=22 src-address-list=ssh_blacklist action=drop \
comment=”drop ssh brute forcers” disabled=no
add chain=input protocol=tcp dst-port=22 connection-state=new \
src-address-list=ssh_stage3 action=add-src-to-address-list address-list=ssh_blacklist \
address-list-timeout=10d comment=”” disabled=no
add chain=input protocol=tcp dst-port=22 connection-state=new \
src-address-list=ssh_stage2 action=add-src-to-address-list address-list=ssh_stage3 \
address-list-timeout=1m comment=”” disabled=no
add chain=input protocol=tcp dst-port=22 connection-state=new src-address-list=ssh_stage1 \
action=add-src-to-address-list address-list=ssh_stage2 address-list-timeout=1m comment=”” disabled=no
add chain=input protocol=tcp dst-port=22 connection-state=new action=add-src-to-address-list \
address-list=ssh_stage1 address-list-timeout=1m comment=”” disabled=no
add chain=forward protocol=tcp dst-port=22 src-address-list=ssh_blacklist action=drop \
comment=”drop ssh brute downstream” disabled=no
add chain=input protocol=tcp dst-port=23 src-address-list=tln_blacklist action=drop \
comment=”drop telnet brute forcers” disabled=no
add chain=input protocol=tcp dst-port=23 connection-state=new \
src-address-list=tln_stage3 action=add-src-to-address-list address-list=tln_blacklist \
address-list-timeout=10d comment=”” disabled=no
add chain=input protocol=tcp dst-port=23 connection-state=new \
src-address-list=tln_stage2 action=add-src-to-address-list address-list=tln_stage3 \
address-list-timeout=1m comment=”” disabled=no
add chain=input protocol=tcp dst-port=23 connection-state=new src-address-list=tln_stage1 \
action=add-src-to-address-list address-list=tln_stage2 address-list-timeout=1m comment=”” disabled=no
add chain=input protocol=tcp dst-port=23 connection-state=new action=add-src-to-address-list \
address-list=tln_stage1 address-list-timeout=1m comment=”” disabled=no
add chain=forward protocol=tcp dst-port=23 src-address-list=tln_blacklist action=drop \
comment=”drop telnet brute downstream” disabled=no
Okeh sekian aja untuk primbon darurat, berhubung banyak proyek 2m … dan sudah tua jadi tinggal kopi paste aja disini bere dah hehehe
Reff :
https://wiki.mikrotik.com/wiki/Bruteforce_login_prevention
