ProHoster > Pūnaewele > Nā Administration > Hana mamao ma ke keʻena. RDP, Port Knocking, Mikrotik: maʻalahi a palekana

Hana mamao ma ke keʻena. RDP, Port Knocking, Mikrotik: maʻalahi a palekana

Ma muli o ka maʻi maʻi maʻi covid-19 a me ka quarantine maʻamau i nā ʻāina he nui, ʻo ke ala wale nō no nā ʻoihana he nui e hoʻomau i ka hana ʻo ia ke komo mamao i nā wahi hana ma o ka Pūnaewele. Nui nā ala palekana no ka hana mamao - akā hāʻawi ʻia i ka nui o ka pilikia, pono kahi ala maʻalahi no kēlā me kēia mea hoʻohana e hoʻopili mamao aku i ke keʻena me ka ʻole o ka pono o nā hoʻonohonoho hou, wehewehe, kūkākūkā luhi a me nā kuhikuhi lōʻihi. Ua makemake nui ʻia kēia ʻano e nā mea hoʻokele RDP (Remote Desktop Protocol). ʻO ka hoʻopili pololei ʻana i ka wahi hana ma o RDP e hoʻonā maikaʻi i ko mākou pilikia, koe wale no ka lele nui i loko o ka ʻaila - ʻaʻole palekana ka mālama ʻana i ke awa RDP no ka Pūnaewele. No laila, ke hāpai nei au i kahi ala maʻalahi akā hilinaʻi o ka pale.Hana mamao ma ke keʻena. RDP, Port Knocking, Mikrotik: maʻalahi a palekana

Ma muli o koʻu ʻike pinepine ʻana i nā hui liʻiliʻi kahi i hoʻohana ʻia ai nā polokalamu Mikrotik e like me ka Internet, e hōʻike ʻia ma lalo nei pehea e hoʻokō ai i kēia ma Mikrotik, akā ua maʻalahi ke ʻano o ka pale ʻana o Port Knocking ma nā ʻaoʻao ʻē aʻe o ka papa kiʻekiʻe me nā hoʻonohonoho hoʻonohonoho hoʻokomo a me ka pā ahi. .

Pokole e pili ana i Port Knocking. ʻO ka palekana waho maikaʻi loa o kahi pūnaewele pili i ka Pūnaewele ke pani ʻia nā kumuwaiwai āpau a me nā awa mai waho e kahi pā ahi. A ʻoiai ʻo kahi alalai me kahi pā ahi i hoʻonohonoho ʻia ʻaʻole i pane i kekahi ʻano i nā ʻeke e hele mai ana mai waho mai, hoʻolohe ʻo ia iā lākou. No laila, hiki iā ʻoe ke hoʻonohonoho i ke alalai a i ka wā e loaʻa ai kahi ʻāpana (code) o nā ʻeke pūnaewele ma nā awa like ʻole, ʻo ia (ke alalai) no ka IP mai kahi i hele mai ai nā ʻeke e ʻoki i ke komo ʻana i kekahi mau kumuwaiwai (ports, protocols, etc.).

I kēia manawa i ka ʻoihana. ʻAʻole wau e hana i kahi wehewehe kikoʻī o nā hoʻonohonoho firewall ma Mikrotik - piha ka Pūnaewele i nā kumu kiʻekiʻe no kēia. ʻO ka mea kūpono, hoʻopaʻa ka pā ahi i nā ʻeke komo mai, akā 

/ip firewall filter
add action=accept chain=input comment="established and related accept" connection-state=established,related

Hāʻawi i nā kaʻa komo mai nā pilina pili.
I kēia manawa, hoʻonohonoho mākou i ka Port Knocking ma Mikrotik:

/ip firewall filter
add action=drop chain=input dst-port=19000 protocol=tcp src-address-list="Black_scanners" comment=RemoteRules
add action=drop chain=input dst-port=16000 protocol=tcp src-address-list="Black_scanners" comment=RemoteRules
add action=add-src-to-address-list address-list="remote_port_1" address-list-timeout=1m chain=input dst-port=19000 protocol=tcp comment=RemoteRules
add action=add-src-to-address-list address-list="Black_scanners" address-list-timeout=60m chain=input dst-port=19001 protocol=tcp src-address-list="remote_port_1" comment=RemoteRules
add action=add-src-to-address-list address-list="Black_scanners" address-list-timeout=60m chain=input dst-port=18999 protocol=tcp src-address-list="remote_port_1" comment=RemoteRules
add action=add-src-to-address-list address-list="Black_scanners" address-list-timeout=60m chain=input dst-port=16001 protocol=tcp src-address-list="remote_port_1" comment=RemoteRules
add action=add-src-to-address-list address-list="Black_scanners" address-list-timeout=60m chain=input dst-port=15999 protocol=tcp src-address-list="remote_port_1" comment=RemoteRules
add action=add-src-to-address-list address-list="allow_remote_users" address-list-timeout=1m chain=input dst-port=16000 protocol=tcp src-address-list="remote_port_1" comment=RemoteRules
move [/ip firewall filter find comment=RemoteRules] 1
/ip firewall nat
add action=dst-nat chain=dstnat comment="remote_rdp" src-address-list="allow_remote_users" dst-port=33890 in-interface-list=WAN protocol=tcp to-addresses=192.168.1.33 to-ports=3389

I kēia manawa i nā kikoʻī hou aku:

ʻelua kānāwai mua 

/ip firewall filter
add action=drop chain=input dst-port=19000 protocol=tcp src-address-list="Black_scanners" comment=RemoteRules
add action=drop chain=input dst-port=16000 protocol=tcp src-address-list="Black_scanners" comment=RemoteRules

pāpā i nā ʻeke komo mai nā helu IP i papa inoa ʻeleʻele i ka wā e nānā ana i ke awa;

Rula ʻekolu:

add action=add-src-to-address-list address-list="remote_port_1" address-list-timeout=1m chain=input dst-port=19000 protocol=tcp comment=RemoteRules

hoʻohui ip i ka papa inoa o nā pūʻali i hana i ke kīkē mua pololei ma ke awa kūpono (19000);
ʻO nā lula ʻehā e hiki mai ana:

add action=add-src-to-address-list address-list="Black_scanners" address-list-timeout=60m chain=input dst-port=19001 protocol=tcp src-address-list="remote_port_1" comment=RemoteRules
add action=add-src-to-address-list address-list="Black_scanners" address-list-timeout=60m chain=input dst-port=18999 protocol=tcp src-address-list="remote_port_1" comment=RemoteRules
add action=add-src-to-address-list address-list="Black_scanners" address-list-timeout=60m chain=input dst-port=16001 protocol=tcp src-address-list="remote_port_1" comment=RemoteRules
add action=add-src-to-address-list address-list="Black_scanners" address-list-timeout=60m chain=input dst-port=15999 protocol=tcp src-address-list="remote_port_1" comment=RemoteRules

e hana i na awa pahele no ka poe makemake e nana i kou mau awa, a ina e ike ia ia mau hoao ana, e papa inoa i ko lakou ip no 60 mau minuke, i ka manawa o na rula mua elua aole e haawi i ia poe hookipa i ka manawa e kikeke ai i na awa kupono;

Rula aʻe:

add action=add-src-to-address-list address-list="allow_remote_users" address-list-timeout=1m chain=input dst-port=16000 protocol=tcp src-address-list="remote_port_1" comment=RemoteRules

hoʻokomo i ka ip i ka papa inoa i ʻae ʻia no 1 mau minuke (hiki ke hoʻokumu i kahi pilina), no ka mea, ua hana ʻia ke kīkē pololei ʻelua ma ke awa i makemake ʻia (16000);

Kauoha aʻe:

move [/ip firewall filter find comment=RemoteRules] 1

e hoʻoneʻe i kā mākou mau lula i ke kaulahao hoʻoheheʻe ahi, no ka mea, e loaʻa paha iā mākou nā lula hōʻole ʻē aʻe i hoʻonohonoho ʻia e pale ai i kā mākou hana hou. ʻO ka lula mua loa ma Mikrotik e hoʻomaka ana mai ka ʻole, akā ma kaʻu hāmeʻa zero ua noho ʻia e kahi lula i kūkulu ʻia a ʻaʻole hiki ke hoʻoneʻe - ua hoʻoneʻe au iā 1. No laila, ke nānā nei mākou i kā mākou mau hoʻonohonoho - kahi e hiki ai iā ʻoe ke neʻe. a hōʻike i ka helu i makemake ʻia.

Hoʻonohonoho aʻe:

/ip firewall nat
add action=dst-nat chain=dstnat comment="remote_rdp_to_33" src-address-list="allow_remote_users" dst-port=33890 in-interface-list=WAN protocol=tcp to-addresses=192.168.1.33 to-ports=3389

e hoʻouna i kahi awa 33890 i koho ʻia i ke awa RDP maʻamau 3389 a me ka ip o ke kamepiula a i ʻole ke kikowaena kikowaena e pono ai mākou. Hoʻokumu mākou i nā lula no nā kumuwaiwai kūloko a pau, ʻoi aku ka maikaʻi o ka hoʻonohonoho ʻana i nā awa waho maʻamau (a ʻokoʻa). Ma keʻano maʻamau, pono e paʻa a paʻa paha ka ip o nā kumuwaiwai kūloko ma ka server DHCP.

I kēia manawa ua hoʻonohonoho ʻia kā mākou Mikrotik a pono mākou i kahi kaʻina maʻalahi no ka mea hoʻohana e hoʻopili i kā mākou RDP kūloko. No ka mea he mau mea hoʻohana Windows mākou, hana mākou i kahi faila bat maʻalahi a kapa ʻia ʻo StartRDP.bat:

1.htm
1.rdp

Aia i loko o 1.htm kēia code penei:

<img src="http://my_router.sn.mynetname.net:19000/1.jpg">
нажмите обновить страницу для повторного захода по RDP
<img src="http://my_router.sn.mynetname.net:16000/2.jpg">

Loaʻa iā ia nā loulou ʻelua i nā kiʻi noʻonoʻo i loaʻa ma my_router.sn.mynetname.net - lawe mākou i kēia helu mai ka ʻōnaehana Mikrotik DDNS ma hope o ka hiki ʻana iā ia i kā mākou Mikrotik: hele i ka IP-> Cloud menu - e nānā i ka pahu pahu DDNS Enabled, kaomi i ka Apply a kope i ka inoa dns o kā mākou router. Akā, pono wale kēia inā hoʻohana ʻia ka ip waho o ke alalai a i ʻole kahi hoʻonohonoho me nā mea hoʻolako pūnaewele.

ʻO ke awa ma ka loulou mua: 19000 pili i ke awa mua e pono ai ʻoe e kikeke, i ka lua, i ka lua. Ma waena o nā loulou aia kahi ʻōlelo aʻo pōkole e hōʻike ana i ka mea e hana ai inā hoʻopau koke ʻia kā mākou pilina ma muli o nā pilikia pūnaewele pōkole - hōʻoluʻolu mākou i ka ʻaoʻao, wehe hou ke awa RDP no mākou no 1 mau minuke a hoʻihoʻi ʻia kā mākou kau. Eia kekahi, ʻo ka kikokikona ma waena o nā inoa img e hana i kahi micro-delay no ka polokalamu kele pūnaewele, e hōʻemi ana i ka hiki ke hāʻawi ʻia ka ʻeke mua i ke awa ʻelua (16000) - a hiki i kēia manawa ʻaʻohe hihia like i loko o ʻelua pule o ka hoʻohana ʻana (30 kanaka).

E hele mai ana ka faila 1.rdp, hiki iā mākou ke hoʻonohonoho i hoʻokahi no nā mea a pau a i ʻole kaʻawale no kēlā me kēia mea hoʻohana (Ua hana wau i kēia - ʻoi aku ka maʻalahi o ka hoʻolilo ʻana i 15 mau minuke ma mua o kekahi mau hola e kūkākūkā ai i ka poʻe hiki ʻole ke hoʻomaopopo iā ia) 

screen mode id:i:2
use multimon:i:1
.....
connection type:i:6
networkautodetect:i:0
.....
disable wallpaper:i:1
.....
full address:s:my_router.sn.mynetname.net:33890
.....
username:s:myuserlogin
domain:s:mydomain

ʻO nā hoʻonohonoho hoihoi ma aneʻi ka hoʻohana ʻana i ka multimon: i: 1 - pili kēia i ka hoʻohana ʻana i nā monitor he nui - pono kekahi i kēia, akā ʻaʻole lākou e noʻonoʻo e hoʻohuli iā ia.

ʻano pili: i: 6 a me ka networkautodetec: i: 0 - no ka mea ʻoi aku ka hapa nui o ka Pūnaewele ma luna o 10 Mbps, a laila e hoʻohuli i ke ʻano pili 6 (ka pūnaewele kūloko 10 Mbps a ma luna) a hoʻopau i ka networkautodect, no ka mea inā ma ka paʻamau (auto) , a laila, hoʻonohonoho maʻalahi kahi latency pūnaewele liʻiliʻi i kā mākou hālāwai i kahi wikiwiki lohi no ka manawa lōʻihi, hiki ke hana i nā lohi i ʻike ʻia i ka hana, ʻoi aku hoʻi i nā papahana kiʻi.

disable wallpaper: i: 1 - hoʻopau i ke kiʻi papapihi
username:s:myuserlogin - ke kuhikuhi nei mākou i ka inoa o ka mea hoʻohana, no ka mea, ʻaʻole ʻike kekahi hapa nui o kā mākou mea hoʻohana i kā lākou komo ʻana.
domain:s:mydomain - e kuhikuhi i ka inoa a i ʻole ka inoa kamepiula

Akā inā makemake mākou e maʻalahi i kā mākou hana o ka hana ʻana i kahi kaʻina pili, a laila hiki iā mākou ke hoʻohana i PowerShell - StartRDP.ps1

Test-NetConnection -ComputerName my_router.sn.mynetname.net -Port 19000
Test-NetConnection -ComputerName my_router.sn.mynetname.net -Port 16000
mstsc /v:my_router.sn.mynetname.net:33890

He mea liʻiliʻi hoʻi e pili ana i ka mea kūʻai aku RDP ma Windows: Ua hele mai ʻo MS i kahi ala lōʻihi i ka hoʻonui ʻana i ka protocol a me kāna kikowaena a me nā ʻāpana mea kūʻai aku, ua hoʻokō i nā hiʻohiʻona pono he nui - e like me ka hana ʻana me ka hāmeʻa 3D, ka hoʻonui ʻana i ka hoʻonā pale no kāu monitor, multiscreen, a laila. Akā ʻoiaʻiʻo, ua hoʻokō ʻia nā mea āpau ma ke ʻano hoʻohālikelike hope, a inā ʻo ka mea kūʻai aku Windows 7, a ʻo ka PC mamao Windows 10, a laila e hana ʻo RDP me ka hoʻohana ʻana i ka protocol version 7.0. Akā ʻo ka pōmaikaʻi, hiki iā ʻoe ke hōʻano hou i nā mana RDP i nā mana hou - no ka laʻana, hiki iā ʻoe ke hoʻonui i ka mana protocol mai 7.0 (Windows 7) a i 8.1. No laila, no ka ʻoluʻolu o nā mea kūʻai aku, pono e hoʻonui i nā mana o ka ʻāpana kikowaena e like me ka hiki, a me ka hoʻokuʻu ʻana i nā loulou e hoʻonui i nā mana hou o nā mea kūʻai aku protocol RDP.

ʻO ka hopena, loaʻa iā mākou kahi ʻenehana maʻalahi a paʻa hoʻi no ka pilina mamao i kahi PC hana a i ʻole server terminal. Akā no ka pilina paʻa loa, hiki ke paʻakikī i kā mākou Port Knocking ala e hoʻouka ʻia e kekahi mau kauoha o ka nui, ma ka hoʻohui ʻana i nā awa e nānā - hiki iā ʻoe ke hoʻohui i ka 3,4,5,6 ... kahi awa e like me ka loiloi like. , a i kēia hihia, ʻaneʻane hiki ʻole ke komo pololei i kāu pūnaewele.

Nā waihona hakahaka no ka hana ʻana i kahi pilina mamao i RDP.

Source: www.habr.com

Pākuʻi i ka manaʻo hoʻopuka