Gimana cara liat or taunya gan ? liat gambar Log mikrotik di bawah :
Itu indikasi bahwa ada yg mao coba2 login pake username ngacak via SSH mikrotik agan. Biasanya kejadian gini kalo router mikrotik agan punya IP Public / di cloud internet.
Cara Block Brute Force di MikroTik
Langsung hajar gan pake setting setting firewall mikrotik mikrotik ni :/ip firewall filter add action=drop chain=input comment="drop ftp brute forcers" dst-port=21 protocol=tcp src-address-list=ftp_blacklist add chain=output content="530 Login incorrect" dst-limit=1/1m,9,dst-address/1m protocol=tcp add action=add-dst-to-address-list address-list=ftp_blacklist address-list-timeout=3h chain=output content="530 Login incorrect" protocol= tcp add action=drop chain=input comment="drop ssh brute forcers" dst-port=22 protocol=tcp src-address-list=ssh_blacklist add action=add-src-to-address-list address-list=ssh_blacklist address-list-timeout=1w3d chain=input connection-state=new dst-port=22 protocol=tcp src-address-list=ssh_stage3 add action=add-src-to-address-list address-list=ssh_stage3 address-list-timeout= 1m chain=input connection-state=new dst-port=22 protocol=tcp src-address-list=ssh_stage2 add action=add-src-to-address-list address-list=ssh_stage2 address-list-timeout= 1m chain=input connection-state=new dst-port=22 protocol=tcp src-address-list=ssh_stage1 add action=add-src-to-address-list address-list=ssh_stage1 address-list-timeout= 1m chain=input connection-state=new dst-port=22 protocol=tcpDijelasin dikit yak pake bahasa ane ^_^
Buat yg coba hack via FTP bruteforce, setting mikrotik ini nangkep by IP yang 10x salah login / FTP login incorrect per menit. IP yg ketangkep dimasukin di address-list=ftp_blacklist dan semuanya akan di drop.
Yg coba hack via SSH bruteforce, setting mikrotik ini nangkep IP yang coba login dan salah terus. IP yg ketangkep dimasukin di address-list=ssh_blacklist dan semuanya akan di drop.
Contoh IP-IP nakal yang busted ! 39 IP (o_o)
0 komentar:
Posting Komentar