Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # Service if checkip in checknet
- :global isIpMatchNet do={
- :if ( [:typeof $checkip] = "nil" || [:typeof $checkip] = "num" || [:typeof $checkip] = "bool" ) do={ :return false; };
- :if ( [:typeof $checkip] = "str" && ( [:len $checkip] < 7 || [:len $checkip] > 15 ) ) do={ :return false; };
- :if ( [:typeof $checknet] = "nil" || [:typeof $checknet] = "num" || [:typeof $checknet] = "bool" ) do={ :return false; };
- :if ( [:typeof $checknet] = "str" && ( [:len $checknet] < 7 || [:len $checknet] > 31 ) ) do={ :return false; };
- :if ( [:typeof [:find $checknet "/"]] = "num" ) do={
- :return ( [:toip $checkip] in $checknet );
- };
- :if ( [:typeof [:find $checknet "-"]] = "num" ) do={
- :local lowip [:toip [:pick $checknet 0 [:find $checknet "-"]]];
- :local highip [:toip [:pick $checknet ( [:find $checknet "-"] + 1) [:len $checknet]]];
- if ( $lowip <= [:toip $checkip] and [:toip $checkip] <= $highip ) do={ :return true; };
- };
- :if ( [:typeof [:toip $checknet]] = "ip" ) do={
- if ( [:toip $checkip] = [:toip $checknet] ) do={ :return true; };
- };
- :return false;
- };
- # Parameters: banip, banlogin
- :global badRdpLogin do={
- # Check if banip is IP type
- :if ( [:typeof $banip] = "nil" || [:typeof $banip] = "num" || [:typeof $banip] = "bool" ) do={ :log info ( "Ignore RDP attempt:" . [:tostr $banip] . "; Login: " . [:tostr $banlogin] ); :return false; };
- :if ( [:typeof $banip] = "str" && ( [:len $banip] < 7 || [:len $banip] > 15 ) ) do={ :log info ( "Ignore RDP attempt:" . [:tostr $banip] . "; Login: " . [:tostr $banlogin] ); :return false; };
- :local tempip [:toip $banip];
- :if ( [:typeof $tempip] != "ip" ) do={ :log info ( "Ignore RDP attempt:" . [:tostr $banip] . "; Login: " . [:tostr $banlogin] ); :return false; };
- :local templogin "";
- :if ( [:typeof $banlogin] = "str" ) do={ :set templogin $banlogin };
- # Find banip in white-lists and ban-list
- :local findInWhiteList false;
- :foreach i in=[/ip firewall address-list find list="BGP" or list="DNS" or list="LAN" or list="PROVIDER" or list="RFC5735" or list="WHITELIST"] do={
- :if ( [/ip firewall address-list get $i disabled]!=yes ) do={
- :local lstaddr [/ip firewall address-list get $i address];
- :global isIpMatchNet;
- :if ( [$isIpMatchNet checkip=$tempip checknet=$lstaddr] ) do={
- :set findInWhiteList true;
- };
- };
- };
- :if ( $findInWhiteList = true ) do={ :log info ( "Ignore RDP attempt:" . [:tostr $tempip] . "; Login: " . $templogin ); :return false; };
- # Ban ip and remove from first-attempt ftp list
- /ip firewall address-list remove [find where list="ftp_attempt" && address=$tempip];
- /ip firewall address-list add list="BLACK" address=$tempip timeout=3d;
- :log info ( "RDP BRUTEFORCE: IP:" . [:tostr $tempip] . "; Login: " . $templogin );
- };
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement