Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- lanjutkan dengan mongcopy semua perintah berikut ini :
- /ip firewall filter
- add action=accept chain=input comment="Allow limited pings" disabled=no limit=50/5s,2 protocol=icmp
- add action=accept chain=input comment="" disabled=no limit=50/5s,2 protocol=icmp
- Chain ini digunakan, apabila anda terpaksa harus mengaktifkan ftp di router anda.
- add action=drop chain=input comment="drop FTP Brute Forcers" disabled=no dst-port=21 protocol=tcp src-address-list=FTP_BlackList
- add action=drop chain=input comment="" disabled=no dst-port=21 protocol=tcp src-address-list=FTP_BlackList
- add action=accept chain=output comment="" content="530 Login incorrect" disabled=no dst-limit=1/1m,9,dst-address/1m protocol=tcp
- add action=add-dst-to-address-list address-list=FTP_BlackList address-list-timeout=1d chain=output comment="" content="530 Login incorrect" disabled=no protocol=tcp
- Chain ini digunakan untuk mengecek apakah ada aktivitas dari hacker yang mencoba untuk masuk ke router melalui port 22 (ssh) atau port 23 (telnet).
- Pada kesempatan pertama, ip hacker akan otomatis masuk ke address list SSH_BlackList_1 selama 1 menit.
- Apabila hacker tadi mencoba pada kesempatan kedua, maka ip nya akan masuk ke address list SSH_BlackList_2 selama 1 menit.
- Apabila hacker tadi masih mencoba untuk masuk, maka ip nya akan masuk ke address list SSH_BlackList_3 selama 1 menit
- Apabila hacker tadi masih mencoba sekali lagi untuk masuk ke router, maka ip hacker tsb akan masuk ke address list IP_BlackList, dan akan di banned dari router kita selama 1 hari.
- catatan: harap diperhatikan bahwa rule ini berlaku untuk kita. Jadi kalau kita lupa login atau password; atau salah mengetikkan password sebanyak 4x dalam kurun waktu kurang dari 1 menit; maka ip kita akan di banned oleh router kita sendiri selama 1 hari. karenanya jangan pernah melupakan password anda sendiri.
- add action=drop chain=input comment="drop SSH&TELNET Brute Forcers" disabled=no dst-port=22-23 protocol=tcp src-address-list=IP_BlackList
- add action=add-src-to-address-list address-list=IP_BlackList address-list-timeout=1d chain=input comment="" connection-state=new disabled=no dst-port=22-23 protocol=tcp src-address-list=SSH_BlackList_3
- add action=add-src-to-address-list address-list=SSH_BlackList_3 address-list-timeout=1m chain=input comment="" connection-state=new disabled=no dst-port=22-23 protocol=tcp src-address-list=SSH_BlackList_2
- add action=add-src-to-address-list address-list=SSH_BlackList_2 address-list-timeout=1m chain=input comment="" connection-state=new disabled=no dst-port=22-23 protocol=tcp src-address-list=SSH_BlackList_1
- add action=add-src-to-address-list address-list=SSH_BlackList_1 address-list-timeout=1m chain=input comment="" connection-state=new disabled=no dst-port=22-23 protocol=tcp
- Chain ini dipakai untuk mendaftar ip ke black-list address list. Chain selanjutnya untuk mendeteksi apakah ada indikasi aktifitas port scanner:
- add chain=input protocol=tcp psd=21,3s,3,1 action=add-src-to-address-list addresslist="port scanners" address-list-timeout=2w comment="Port scanners to list" disabled=no
- Secara singkat, perintah ini berarti apabila ada tanda2 serangan seperti yang sudah ditandai di atas, maka ip hacker tsb akan dimasukkan ke dalam address list port-scanner selama 2 minggu (sesuaikan berapa lama anda ingin memblock ip tsb)
- add action=add-src-to-address-list address-list=port_scanners address-list-timeout=2w chain=input comment="" disabled=no protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg
- add action=add-src-to-address-list address-list=port_scanners address-list-timeout=2w chain=input comment="" disabled=no protocol=tcp tcp-flags=fin,syn
- add action=add-src-to-address-list address-list=port_scanners address-list-timeout=2w chain=input comment="" disabled=no protocol=tcp tcp-flags=syn,rst
- add action=add-src-to-address-list address-list=port_scanners address-list-timeout=2w chain=input comment="" disabled=no protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack
- add action=add-src-to-address-list address-list=port_scanners address-list-timeout=2w chain=input comment="" disabled=no protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg
- add action=add-src-to-address-list address-list=port_scanners address-list-timeout=2w chain=input comment="" disabled=no protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement