ProHoster > ื‘ืœื•ื’ > ืžื™ื ื”ืœ > ื“ืจืš ืงืœื” ืœื”ื’ืŸ ืขืœ ื”ืžื™ืงืจื•ื˜ื™ืง ืฉืœืš ืžืคื ื™ ื”ืชืงืคื•ืช

ื“ืจืš ืงืœื” ืœื”ื’ืŸ ืขืœ ื”ืžื™ืงืจื•ื˜ื™ืง ืฉืœืš ืžืคื ื™ ื”ืชืงืคื•ืช

ืื ื™ ืจื•ืฆื” ืœืฉืชืฃ ืืช ื”ืงื”ื™ืœื” ื‘ื“ืจืš ืคืฉื•ื˜ื” ื•ืขื•ื‘ื“ืช ื›ื™ืฆื“ ืœื”ืฉืชืžืฉ ื‘ืžื™ืงืจื•ื˜ื™ืง ื›ื“ื™ ืœื”ื’ืŸ ืขืœ ื”ืจืฉืช ืฉืœืš ื•ืขืœ ื”ืฉื™ืจื•ืชื™ื "ืžืฆื™ืฆื™ื" ืžืื—ื•ืจื™ื” ืžืคื ื™ ื”ืชืงืคื•ืช ื—ื™ืฆื•ื ื™ื•ืช. ื›ืœื•ืžืจ, ืจืง ืฉืœื•ืฉื” ื›ืœืœื™ื ืœืืจื’ื•ืŸ ืกื™ืจ ื“ื‘ืฉ ื‘ืžื™ืงืจื•ื˜ื™ืง.

ืื– ื‘ื•ืื• ื ื“ืžื™ื™ืŸ ืฉื™ืฉ ืœื ื• ืžืฉืจื“ ืงื˜ืŸ, ืขื IP ื—ื™ืฆื•ื ื™ ืฉืžืื—ื•ืจื™ื• ื™ืฉ ืฉืจืช RDP ืœืขื•ื‘ื“ื™ื ืœืขื‘ื•ื“ื” ืžืจื—ื•ืง. ื”ื›ืœืœ ื”ืจืืฉื•ืŸ ื”ื•ื, ื›ืžื•ื‘ืŸ, ืœืฉื ื•ืช ืืช ื”ื™ืฆื™ืื” 3389 ื‘ืžืžืฉืง ื”ื—ื™ืฆื•ื ื™ ืœืžืžืฉืง ืื—ืจ. ืื‘ืœ ื–ื” ืœื ื™ื™ืžืฉืš ื–ืžืŸ ืจื‘; ืœืื—ืจ ืžืกืคืจ ื™ืžื™ื, ื™ื•ืžืŸ ื”ื‘ื™ืงื•ืจืช ืฉืœ ืฉืจืช ื”ืžืกื•ืฃ ื™ืชื—ื™ืœ ืœื”ืฆื™ื’ ืžืกืคืจ ื”ืจืฉืื•ืช ื›ื•ืฉืœื•ืช ื‘ืฉื ื™ื™ื” ืžืœืงื•ื—ื•ืช ืœื ื™ื“ื•ืขื™ื.

ืžืฆื‘ ืื—ืจ, ืžืกืชืชืจืช ืœืš ื›ื•ื›ื‘ื™ืช ืžืื—ื•ืจื™ Mikrotik, ื›ืžื•ื‘ืŸ ืœื ื‘ื™ืฆื™ืืช udp 5060, ื•ืื—ืจื™ ื›ืžื” ื™ืžื™ื ื’ื ื—ื™ืคื•ืฉ ื”ืกื™ืกืžื ืžืชื—ื™ืœ... ื›ืŸ, ื›ืŸ, ืื ื™ ื™ื•ื“ืข, fail2ban ื–ื” ื”ื›ืœ ืฉืœื ื•, ืื‘ืœ ืื ื—ื ื• ืขื“ื™ื™ืŸ ืฆืจื™ื›ื™ื ืชืขื‘ื•ื“ ืขืœ ื–ื”... ืœืžืฉืœ, ืœืื—ืจื•ื ื” ื”ืชืงื ืชื™ ืืช ื–ื” ื‘-ubuntu 18.04 ื•ื”ื•ืคืชืขืชื™ ืœื’ืœื•ืช ืฉืžื—ื•ืฅ ืœืงื•ืคืกื” fail2ban ืœื ืžื›ื™ืœ ื”ื’ื“ืจื•ืช ืขื“ื›ื ื™ื•ืช ืœื›ื•ื›ื‘ื™ืช ืžืื•ืชื” ืงื•ืคืกื” ืฉืœ ืื•ืชื” ื”ืคืฆืช ืื•ื‘ื•ื ื˜ื•... ื•ื’ื•ื’ืœ ื”ื’ื“ืจื•ืช ืžื”ื™ืจื•ืช ืขื‘ื•ืจ "ืžืชื›ื•ื ื™ื" ืžื•ื›ื ื™ื ื›ื‘ืจ ืœื ืขื•ื‘ื“ื™ื, ื”ืžืกืคืจื™ื ืฉืœ ืฉื—ืจื•ืจื™ื ื”ื•ืœื›ื™ื ื•ื’ื“ืœื™ื ืขื ื”ืฉื ื™ื, ื•ืžืืžืจื™ื ืขื "ืžืชื›ื•ื ื™ื" ืœื’ืจืกืื•ืช ื™ืฉื ื•ืช ื›ื‘ืจ ืœื ืขื•ื‘ื“ื•ืช, ื•ื—ื“ืฉื•ืช ื›ืžืขื˜ ืืฃ ืคืขื ืœื ืžื•ืคื™ืขื•ืช... ืื‘ืœ ืื ื™ ืกื•ื˜ื”...

ืื– ืžื” ื–ื” Honeypot ื‘ืงืฆืจื” - ื–ื” Honeypot, ื‘ืžืงืจื” ืฉืœื ื•, ื›ืœ ืคื•ืจื˜ ืคื•ืคื•ืœืจื™ ื‘-IP ื—ื™ืฆื•ื ื™, ื›ืœ ื‘ืงืฉื” ืœื™ืฆื™ืื” ื”ื–ื• ืžืœืงื•ื— ื—ื™ืฆื•ื ื™ ืฉื•ืœื—ืช ืืช ื›ืชื•ื‘ืช ื”-src ืœืจืฉื™ืžื” ื”ืฉื—ื•ืจื”. ืืช ื›ืœ.

/ip firewall filter
add action=add-src-to-address-list address-list="Honeypot Hacker" 
    address-list-timeout=30d0h0m chain=input comment="block honeypot ssh rdp winbox" 
    connection-state=new dst-port=22,3389,8291 in-interface=
    ether4-wan protocol=tcp
add action=add-src-to-address-list address-list="Honeypot Hacker" 
    address-list-timeout=30d0h0m chain=input comment=
    "block honeypot asterisk" connection-state=new dst-port=5060 
    in-interface=ether4-wan protocol=udp 
/ip firewall raw
add action=drop chain=prerouting in-interface=ether4-wan src-address-list=
    "Honeypot Hacker"

ื”ื›ืœืœ ื”ืจืืฉื•ืŸ ื‘ื™ืฆื™ืื•ืช TCP ืคื•ืคื•ืœืจื™ื•ืช 22, 3389, 8291 ืฉืœ ื”ืžืžืฉืง ื”ื—ื™ืฆื•ื ื™ ether4-wan ืฉื•ืœื— ืืช ื”-IP "ืื•ืจื—" ืœืจืฉื™ืžืช "Honeypot Hacker" (ื™ืฆื™ืื•ืช ืขื‘ื•ืจ ssh, rdp ื•-winbox ืžื•ืฉื‘ืชื•ืช ืžืจืืฉ ืื• ืžืฉืชื ื•ืช ืœืื—ืจื•ืช). ื”ืฉื ื™ ืขื•ืฉื” ืืช ืื•ืชื• ื”ื“ื‘ืจ ื‘-UDP 5060 ื”ืคื•ืคื•ืœืจื™.

ื”ื›ืœืœ ื”ืฉืœื™ืฉื™ ื‘ืฉืœื‘ ื”-pre-routing ืžื•ืจื™ื“ ืžื ื•ืช ืž"ืื•ืจื—ื™ื" ืฉื›ืชื•ื‘ืช ื”-srs-srs ืฉืœื”ื ื›ืœื•ืœื” ื‘-"Honeypot Hacker".

ืœืื—ืจ ืฉื‘ื•ืขื™ื™ื ืฉืœ ืขื‘ื•ื“ื” ืขื ืžื™ืงืจื•ื˜ื™ืง ื”ื‘ื™ืชื™ ืฉืœื™, ืจืฉื™ืžืช ื”"Honeypot Hacker" ื›ืœืœื” ื›ืืœืฃ ื•ื—ืฆื™ ื›ืชื•ื‘ื•ืช IP ืฉืœ ืืœื” ืฉืื•ื”ื‘ื™ื "ืœื”ื—ื–ื™ืง ื‘ืขื˜ื™ืŸ" ืืช ืžืฉืื‘ื™ ื”ืจืฉืช ืฉืœื™ (ื‘ื‘ื™ืช ื™ืฉ ื˜ืœืคื•ื ื™ื” ืžืฉืœื™, ื“ื•ืืจ, nextcloud, rdp). ื”ืชืงืคื•ืช ื›ื•ื— ื’ืกื•ืช ื ืขืฆืจื•, ื”ืื•ืฉืจ ื”ื’ื™ืข.

ื‘ืขื‘ื•ื“ื”, ืœื ื”ื›ืœ ื”ืชื‘ืจืจ ื›ืœ ื›ืš ืคืฉื•ื˜, ืฉื ืžืžืฉื™ื›ื™ื ืœืฉื‘ื•ืจ ืืช ืฉืจืช ื”-rdp ืขืœ ื™ื“ื™ ืกื™ืกืžืื•ืช ื‘ื›ื•ื—.

ื›ื›ืœ ื”ื ืจืื”, ืžืกืคืจ ื”ื™ืฆื™ืื” ื ืงื‘ืข ืขืœ ื™ื“ื™ ื”ืกื•ืจืง ื”ืจื‘ื” ืœืคื ื™ ื”ืคืขืœืช ื›ืœื™ ื”ื“ื‘ืฉ, ื•ื‘ืžื”ืœืš ื”ื”ืกื’ืจ ืœื ื›ืœ ื›ืš ืงืœ ืœื”ื’ื“ื™ืจ ืžื—ื“ืฉ ื™ื•ืชืจ ืž-100 ืžืฉืชืžืฉื™ื, ืžืชื•ื›ื 20% ืžืขืœ ื’ื™ืœ 65. ื‘ืžืงืจื” ืฉื‘ื• ืœื ื ื™ืชืŸ ืœืฉื ื•ืช ืืช ื”ื™ืฆื™ืื”, ื™ืฉ ืžืชื›ื•ืŸ ืงื˜ืŸ ืœืขื‘ื•ื“ื”. ืจืื™ืชื™ ืžืฉื”ื• ื“ื•ืžื” ื‘ืื™ื ื˜ืจื ื˜, ืื‘ืœ ื™ืฉ ืชื•ืกืคืช ื ื•ืกืคืช ื•ื›ื•ื•ื ื•ืŸ ืขื“ื™ืŸ ืžืขื•ืจื‘ื™ื:

ื›ืœืœื™ื ืœื”ื’ื“ืจืช ื“ืคื™ืงืช ื™ืฆื™ืื”

 /ip firewall filter
add action=add-src-to-address-list address-list=rdp_blacklist 
    address-list-timeout=15m chain=forward comment=rdp_to_blacklist 
    connection-state=new dst-port=3389 protocol=tcp src-address-list=
    rdp_stage12
add action=add-src-to-address-list address-list=rdp_stage12 
    address-list-timeout=4m chain=forward connection-state=new dst-port=3389 
    protocol=tcp src-address-list=rdp_stage11
add action=add-src-to-address-list address-list=rdp_stage11 
    address-list-timeout=4m chain=forward connection-state=new dst-port=3389 
    protocol=tcp src-address-list=rdp_stage10
add action=add-src-to-address-list address-list=rdp_stage10 
    address-list-timeout=4m chain=forward connection-state=new dst-port=3389 
    protocol=tcp src-address-list=rdp_stage9
add action=add-src-to-address-list address-list=rdp_stage9 
    address-list-timeout=4m chain=forward connection-state=new dst-port=3389 
    protocol=tcp src-address-list=rdp_stage8
add action=add-src-to-address-list address-list=rdp_stage8 
    address-list-timeout=4m chain=forward connection-state=new dst-port=3389 
    protocol=tcp src-address-list=rdp_stage4
add action=add-src-to-address-list address-list=rdp_stage7 
    address-list-timeout=4m chain=forward connection-state=new dst-port=3389 
    protocol=tcp src-address-list=rdp_stage6
add action=add-src-to-address-list address-list=rdp_stage6 
    address-list-timeout=4m chain=forward connection-state=new dst-port=3389 
    protocol=tcp src-address-list=rdp_stage5
add action=add-src-to-address-list address-list=rdp_stage5 
    address-list-timeout=4m chain=forward connection-state=new dst-port=
    3389 protocol=tcp src-address-list=rdp_stage4
add action=add-src-to-address-list address-list=rdp_stage4 
    address-list-timeout=4m chain=forward connection-state=new dst-port=
    3389 protocol=tcp src-address-list=rdp_stage3
add action=add-src-to-address-list address-list=rdp_stage3 
    address-list-timeout=4m chain=forward connection-state=new dst-port=3389 
    protocol=tcp src-address-list=rdp_stage2
add action=add-src-to-address-list address-list=rdp_stage2 
    address-list-timeout=4m chain=forward connection-state=new dst-port=3389 
    protocol=tcp src-address-list=rdp_stage1
add action=add-src-to-address-list address-list=rdp_stage1 
    address-list-timeout=4m chain=forward connection-state=new dst-port=3389 
    protocol=tcp 
/ip firewall raw
add action=drop chain=prerouting in-interface=ether4-wan src-address-list=
rdp_blacklist

ืชื•ืš 4 ื“ืงื•ืช, ื”ืœืงื•ื— ื”ืžืจื•ื—ืง ืจืฉืื™ ืœื‘ืฆืข ืจืง 12 "ื‘ืงืฉื•ืช" ื—ื“ืฉื•ืช ืœืฉืจืช RDP. ื ื™ืกื™ื•ืŸ ื›ื ื™ืกื” ืื—ื“ ื”ื•ื ื‘ื™ืŸ 1 ืœ-4 "ื‘ืงืฉื•ืช". ื‘"ื‘ืงืฉื”" ื”-12 - ื—ืกื™ืžื” ืœืžืฉืš 15 ื“ืงื•ืช. ื‘ืžืงืจื” ืฉืœื™ ื”ืชื•ืงืคื™ื ืœื ื”ืคืกื™ืงื• ืœืคืจื•ืฅ ืœืฉืจืช, ื”ื ื”ืชืื™ืžื• ืœื˜ื™ื™ืžืจื™ื ื•ืขื›ืฉื™ื• ืขื•ืฉื™ื ืืช ื–ื” ืœืื˜ ืžืื•ื“, ืžื”ื™ืจื•ืช ื‘ื—ื™ืจื” ื›ื–ื• ืžืคื—ื™ืชื” ืืช ื™ืขื™ืœื•ืช ื”ืžืชืงืคื” ืœืืคืก. ืขื•ื‘ื“ื™ ื”ื—ื‘ืจื” ื›ืžืขื˜ ื•ืœื ื—ื•ื•ื™ื ืื™ ื ื•ื—ื•ืช ื‘ืขื‘ื•ื“ื” ืžื”ืืžืฆืขื™ื ืฉื ื ืงื˜ื•.

ืขื•ื“ ื˜ืจื™ืง ืงื˜ืŸ
ื›ืœืœ ื–ื” ื ื“ืœืง ืขืœ ืคื™ ืœื•ื— ื–ืžื ื™ื ื‘ืฉืขื” 5:XNUMX ื•ื ื›ื‘ื” ื‘ืฉืขื” XNUMX ืœืคื ื•ืช ื‘ื•ืงืจ, ื›ืืฉืจ ืื ืฉื™ื ืืžื™ืชื™ื™ื ื‘ื”ื—ืœื˜ ื™ืฉื ื™ื, ื•ื”ื‘ื•ืจืจื™ื ื”ืื•ื˜ื•ืžื˜ื™ื™ื ืžืžืฉื™ื›ื™ื ืœื”ื™ื•ืช ืขืจื™ื.

/ip firewall filter 
add action=add-src-to-address-list address-list=rdp_blacklist 
    address-list-timeout=1w0d0h0m chain=forward comment=
    "night_rdp_blacklist" connection-state=new disabled=
    yes dst-port=3389 protocol=tcp src-address-list=rdp_stage8

ื›ื‘ืจ ื‘ื—ื™ื‘ื•ืจ ื”-8, ื”-IP ืฉืœ ื”ืชื•ืงืฃ ื ืžืฆื ื‘ืจืฉื™ืžื” ื”ืฉื—ื•ืจื” ืœืžืฉืš ืฉื‘ื•ืข. ื™ื•ึนืคึดื™!

ื•ื‘ื›ืŸ, ื‘ื ื•ืกืฃ ืœืืžื•ืจ ืœืขื™ืœ, ืื•ืกื™ืฃ ืงื™ืฉื•ืจ ืœืžืืžืจ ื‘-Wiki ืขื ื”ื’ื“ืจื•ืช ืขื‘ื•ื“ื” ืœื”ื’ื ื” ืขืœ Mikrotik ืžืคื ื™ ืกื•ืจืงื™ ืจืฉืช. wiki.mikrotik.com/wiki/Drop_port_scanners

ื‘ืžื›ืฉื™ืจื™ื ืฉืœื™, ื”ื’ื“ืจื” ื–ื• ืคื•ืขืœืช ื™ื—ื“ ืขื ื›ืœืœื™ ื”ืื ื™ื‘ื•ืง ื”ืžืชื•ืืจื™ื ืœืขื™ืœ, ื•ืžืฉืœื™ืžื” ืื•ืชื ื”ื™ื˜ื‘.

UPD: ื›ืคื™ ืฉื”ื•ืฆืข ื‘ื”ืขืจื•ืช, ื›ืœืœ ื”ืคืœืช ื”ืžื ื•ืช ื”ื•ืขื‘ืจ ืœ-RAW ื›ื“ื™ ืœื”ืคื—ื™ืช ืืช ื”ืขื•ืžืก ืขืœ ื”ื ืชื‘.

ืžืงื•ืจ: www.habr.com

ื”ื•ืกืคืช ืชื’ื•ื‘ื”