Cupio communicare cum communitate viam simplicem et operantes quomodo utatur Mikrotik ad retia tua tuenda et operas "depescendas" ab oppugnationibus externis post illam. Nempe tres tantum regulas mellis in Mikrotik ordinandi.
Ita, cogitemus nos munus parvum habere, cum IP extraneo post quem RDP ministrator est operariorum operariorum remotius. Prima regula est, nempe, portum mutare 3389 in instrumento externo ad alterum. Sed hoc non diuturnum erit, post duos dies, index servo auditi stipendii incipiet varias authoritates defecisse per alterum ab ignotis clientibus.
Aliam condicionem asterisco post Mikrotik absconditam habes, utique non in 5060 udp portu, et post biduum inquisitio tesserae etiam incipit... Immo, ita, scio, fail2ban omnia nostra sunt, sed adhuc necesse habemus. opus in eo... exempli gratia, nuper in Decuria 18.04 constitui et miratus sum de archa fail2ban non continere occasus currentes asterisco ex eadem capsula eiusdem decuriae distributionis. nam parata facta "recipes" non sunt opera, numeri pro solvo crescunt super annos, et articulos cum "recipe" pro antiquis versionibus non amplius opus, et novas fere nusquam apparent... Sed digredior.
Ita, quod mellis est in nuce - mellis est, in nostro casu, quivis popularis portus in IP externo, quaelibet petitio ad hunc portum ab externo cliente src inscriptione ad notarium mittit. Omnis.
/ip firewall filter
add action=add-src-to-address-list address-list="Honeypot Hacker"
address-list-timeout=30d0h0m chain=input comment="block honeypot ssh rdp winbox"
connection-state=new dst-port=22,3389,8291 in-interface=
ether4-wan protocol=tcp
add action=add-src-to-address-list address-list="Honeypot Hacker"
address-list-timeout=30d0h0m chain=input comment=
"block honeypot asterisk" connection-state=new dst-port=5060
in-interface=ether4-wan protocol=udp
/ip firewall raw
add action=drop chain=prerouting in-interface=ether4-wan src-address-list=
"Honeypot Hacker"
Prima regula de portubus popularibus TCP 22, 3389, 8291 instrumenti externi aetheris-pallentis mittit "hospitem" IP ad album "Honeypot Hacker" (portus pro ssh, rdp et winbox in antecessum vel mutatis aliis debilitata sunt). Alter idem in populari UDP 4 facit.
Tertia regula in scaena prae-fuso stillat facis ex "hospitibus", quorum electronica in "Hneypot Piratica" continetur.
Post duas hebdomades operandi cum domo mea Mikrotik, index "Honeypot Hacker" comprehendit circiter unum et dimidium mille inscriptionum IP eorum qui amo "uber tenere" meae retis facultates (domi mea est telephonia, electronica; nextcloud, rdp.) Impetus violenti bruti cessaverunt, beatitudo veniebat.
In opere, non omnia tam simplicia evaserunt, ibi pergunt tesseras bruta cogendorum servo frangere.
Apparet, numerus portus a scanner definitus est multo ante melpot verso in, et in quarentenam non tam facile est ut plus quam 100 utentes reconfigure, quorum 20% plus 65 annorum sunt. In casu, cum portus mutari non potest, parva operatio est. Simile quid in Interreti vidi, sed est aliqua additionis additamentum et hitum involutum:
Praecepta Vestibulum Portus Pulsandi
/ip firewall filter
add action=add-src-to-address-list address-list=rdp_blacklist
address-list-timeout=15m chain=forward comment=rdp_to_blacklist
connection-state=new dst-port=3389 protocol=tcp src-address-list=
rdp_stage12
add action=add-src-to-address-list address-list=rdp_stage12
address-list-timeout=4m chain=forward connection-state=new dst-port=3389
protocol=tcp src-address-list=rdp_stage11
add action=add-src-to-address-list address-list=rdp_stage11
address-list-timeout=4m chain=forward connection-state=new dst-port=3389
protocol=tcp src-address-list=rdp_stage10
add action=add-src-to-address-list address-list=rdp_stage10
address-list-timeout=4m chain=forward connection-state=new dst-port=3389
protocol=tcp src-address-list=rdp_stage9
add action=add-src-to-address-list address-list=rdp_stage9
address-list-timeout=4m chain=forward connection-state=new dst-port=3389
protocol=tcp src-address-list=rdp_stage8
add action=add-src-to-address-list address-list=rdp_stage8
address-list-timeout=4m chain=forward connection-state=new dst-port=3389
protocol=tcp src-address-list=rdp_stage4
add action=add-src-to-address-list address-list=rdp_stage7
address-list-timeout=4m chain=forward connection-state=new dst-port=3389
protocol=tcp src-address-list=rdp_stage6
add action=add-src-to-address-list address-list=rdp_stage6
address-list-timeout=4m chain=forward connection-state=new dst-port=3389
protocol=tcp src-address-list=rdp_stage5
add action=add-src-to-address-list address-list=rdp_stage5
address-list-timeout=4m chain=forward connection-state=new dst-port=
3389 protocol=tcp src-address-list=rdp_stage4
add action=add-src-to-address-list address-list=rdp_stage4
address-list-timeout=4m chain=forward connection-state=new dst-port=
3389 protocol=tcp src-address-list=rdp_stage3
add action=add-src-to-address-list address-list=rdp_stage3
address-list-timeout=4m chain=forward connection-state=new dst-port=3389
protocol=tcp src-address-list=rdp_stage2
add action=add-src-to-address-list address-list=rdp_stage2
address-list-timeout=4m chain=forward connection-state=new dst-port=3389
protocol=tcp src-address-list=rdp_stage1
add action=add-src-to-address-list address-list=rdp_stage1
address-list-timeout=4m chain=forward connection-state=new dst-port=3389
protocol=tcp
/ip firewall raw
add action=drop chain=prerouting in-interface=ether4-wan src-address-list=
rdp_blacklist
In 4 minutis, client remotus tantum 12 novas "petitiones" RDP servo facere permittitur. Unum inceptum login est ab 1 ad 4 "petitiones". Ad XII "petitionem" interclusio per 12 minuta. In casu meo, oppugnatores caesim servo non destiterunt, timers accommodaverunt et nunc lentissime faciunt, talis celeritas lectionis efficaciam oppugnationis ad nihilum reducit. Societas operariorum conductorum fere nullum incommodum in opere de consiliis acceptis experitur.
Alius paulo dolus
Haec regula secundum schedulam a.m. volvitur et ad quintum annum a.m. vertit, cum reales homines definite dormiunt, et fraudatores automated vigilare pergunt.
/ip firewall filter
add action=add-src-to-address-list address-list=rdp_blacklist
address-list-timeout=1w0d0h0m chain=forward comment=
"night_rdp_blacklist" connection-state=new disabled=
yes dst-port=3389 protocol=tcp src-address-list=rdp_stage8Iam die 8 connexionis IP oppugnatoris notarat per hebdomadam. Pulchritudo!
Bene, praeter supra, coniunctionem ad Wiki articulum adiungam cum operante setup pro Mikrotik a retis scanneribus tuendis.
In meis strophis, hic ambitus opera cum mellino regulae supra scriptae, eas bene complens.
UPD: Ut in commentationibus suggessit, regulae guttae fasciculus ad INCOCTUS ad sarcinam iter itineris reducendum mota est.
Source: www.habr.com