API tools faq
paste
Advertisement
bocah_strez

XXX

bocah_strez
Mar 20th, 2019
613
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.31 KB | None | 0 0
raw download clone embed print report
  1. lanjutkan dengan mongcopy semua perintah berikut ini :
  2.  
  3.  
  4. /ip firewall filter
  5.  
  6. add action=accept chain=input comment="Allow limited pings" disabled=no limit=50/5s,2 protocol=icmp
  7.  
  8. add action=accept chain=input comment="" disabled=no limit=50/5s,2 protocol=icmp
  9.  
  10.  
  11. Chain ini digunakan, apabila anda terpaksa harus mengaktifkan ftp di router anda.
  12.  
  13. add action=drop chain=input comment="drop FTP Brute Forcers" disabled=no dst-port=21 protocol=tcp src-address-list=FTP_BlackList
  14.  
  15. add action=drop chain=input comment="" disabled=no dst-port=21 protocol=tcp src-address-list=FTP_BlackList
  16.  
  17. add action=accept chain=output comment="" content="530 Login incorrect" disabled=no dst-limit=1/1m,9,dst-address/1m protocol=tcp
  18.  
  19. add action=add-dst-to-address-list address-list=FTP_BlackList address-list-timeout=1d chain=output comment="" content="530 Login incorrect" disabled=no protocol=tcp
  20.  
  21.  
  22. Chain ini digunakan untuk mengecek apakah ada aktivitas dari hacker yang mencoba untuk masuk ke router melalui port 22 (ssh) atau port 23 (telnet).
  23.  
  24.  
  25. Pada kesempatan pertama, ip hacker akan otomatis masuk ke address list SSH_BlackList_1 selama 1 menit.
  26. Apabila hacker tadi mencoba pada kesempatan kedua, maka ip nya akan masuk ke address list SSH_BlackList_2 selama 1 menit.
  27. Apabila hacker tadi masih mencoba untuk masuk, maka ip nya akan masuk ke address list SSH_BlackList_3 selama 1 menit
  28. Apabila hacker tadi masih mencoba sekali lagi untuk masuk ke router, maka ip hacker tsb akan masuk ke address list IP_BlackList, dan akan di banned dari router kita selama 1 hari.
  29.  
  30. catatan: harap diperhatikan bahwa rule ini berlaku untuk kita. Jadi kalau kita lupa login atau password; atau salah mengetikkan password sebanyak 4x dalam kurun waktu kurang dari 1 menit; maka ip kita akan di banned oleh router kita sendiri selama 1 hari. karenanya jangan pernah melupakan password anda sendiri.
  31.  
  32. add action=drop chain=input comment="drop SSH&TELNET Brute Forcers" disabled=no dst-port=22-23 protocol=tcp src-address-list=IP_BlackList
  33.  
  34. add action=add-src-to-address-list address-list=IP_BlackList address-list-timeout=1d chain=input comment="" connection-state=new disabled=no dst-port=22-23 protocol=tcp src-address-list=SSH_BlackList_3
  35.  
  36. add action=add-src-to-address-list address-list=SSH_BlackList_3 address-list-timeout=1m chain=input comment="" connection-state=new disabled=no dst-port=22-23 protocol=tcp src-address-list=SSH_BlackList_2
  37.  
  38. add action=add-src-to-address-list address-list=SSH_BlackList_2 address-list-timeout=1m chain=input comment="" connection-state=new disabled=no dst-port=22-23 protocol=tcp src-address-list=SSH_BlackList_1
  39.  
  40. add action=add-src-to-address-list address-list=SSH_BlackList_1 address-list-timeout=1m chain=input comment="" connection-state=new disabled=no dst-port=22-23 protocol=tcp
  41.  
  42.  
  43. Chain ini dipakai untuk mendaftar ip ke black-list address list. Chain selanjutnya untuk mendeteksi apakah ada indikasi aktifitas port scanner:
  44.  
  45. add chain=input protocol=tcp psd=21,3s,3,1 action=add-src-to-address-list addresslist="port scanners" address-list-timeout=2w comment="Port scanners to list" disabled=no
  46.  
  47.  
  48. Secara singkat, perintah ini berarti apabila ada tanda2 serangan seperti yang sudah ditandai di atas, maka ip hacker tsb akan dimasukkan ke dalam address list port-scanner selama 2 minggu (sesuaikan berapa lama anda ingin memblock ip tsb)
  49.  
  50. add action=add-src-to-address-list address-list=port_scanners address-list-timeout=2w chain=input comment="" disabled=no protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg
  51.  
  52. add action=add-src-to-address-list address-list=port_scanners address-list-timeout=2w chain=input comment="" disabled=no protocol=tcp tcp-flags=fin,syn
  53.  
  54. add action=add-src-to-address-list address-list=port_scanners address-list-timeout=2w chain=input comment="" disabled=no protocol=tcp tcp-flags=syn,rst
  55.  
  56. add action=add-src-to-address-list address-list=port_scanners address-list-timeout=2w chain=input comment="" disabled=no protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack
  57.  
  58. add action=add-src-to-address-list address-list=port_scanners address-list-timeout=2w chain=input comment="" disabled=no protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg
  59.  
  60. add action=add-src-to-address-list address-list=port_scanners address-list-timeout=2w chain=input comment="" disabled=no protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!