Kei te hiahia ahau ki te whakapuaki ki te hapori he huarahi ngawari me te mahi me pehea te whakamahi i te Mikrotik hei tiaki i to whatunga me nga ratonga "te titiro" mai i muri mai i nga whakaeke o waho. Ara, e toru noa nga ture hei whakarite i te honeypot i runga i Mikrotik.
Na, me whakaaro he tari iti ta matou, me tetahi IP o waho kei muri kei reira he tūmau RDP mo nga kaimahi ki te mahi mamao. Ko te ture tuatahi, ko te whakarereke i te tauranga 3389 i runga i te atanga o waho ki tetahi atu. Engari e kore e roa tenei; i muri i nga ra e rua, ka tiimata te raarangi arotake a te kaitoro kapeka ki te whakaatu i nga whakamanatanga rahua mo ia hekona mai i nga kaihoko kore mohio.
Ko tetahi atu ahuatanga, kei a koe he whetūrangi huna i muri i a Mikrotik, o te akoranga kaore i runga i te tauranga 5060 udp, a i muri i nga ra e rua ka timata ano te rapu kupuhipa ... ae, ae, e mohio ana ahau, ko fail2ban nga mea katoa, engari me mahi tonu tatou. mahi ki runga... hei tauira, no tata nei i whakauruhia e au ki runga i te ubuntu 18.04 me te miharo i te kitenga mai i te pouaka fail2ban karekau he tautuhinga o naianei mo te whetūriki mai i te pouaka kotahi o te tohatoha ubuntu ano... me te rapu i nga tautuhinga tere. no te mea kua kore e mahi nga "tohanga" kua oti te mahi, kei te tipu haere nga nama mo nga whakaputanga i roto i nga tau, a ko nga tuhinga me nga "tohutohu" mo nga putanga tawhito kua kore e mahi, me nga mea hou kaore e puta ...
Na, he aha te honeypot i roto i te poto - he honeypot, i roto i to tatou take, tetahi tauranga rongonui i runga i te IP waho, tetahi tono ki tenei tauranga i te kiritaki waho tuku te wāhitau src ki te rārangi pango. Katoa.
/ip firewall filter
add action=add-src-to-address-list address-list="Honeypot Hacker"
address-list-timeout=30d0h0m chain=input comment="block honeypot ssh rdp winbox"
connection-state=new dst-port=22,3389,8291 in-interface=
ether4-wan protocol=tcp
add action=add-src-to-address-list address-list="Honeypot Hacker"
address-list-timeout=30d0h0m chain=input comment=
"block honeypot asterisk" connection-state=new dst-port=5060
in-interface=ether4-wan protocol=udp
/ip firewall raw
add action=drop chain=prerouting in-interface=ether4-wan src-address-list=
"Honeypot Hacker"
Ko te ture tuatahi mo nga tauranga TCP rongonui 22, 3389, 8291 o te atanga o waho ether4-wan ka tukuna te IP "manuhiri" ki te rarangi "Honeypot Hacker" (kua monoa nga tauranga mo te ssh, rdp me te winbox i mua, ka huri ranei ki etahi atu). He pera ano te tuarua ki te UDP 5060 rongonui.
Ko te ture tuatoru i te wa i mua i te ararere ka whakaheke i nga paatete mai i nga "manuhiri" kei roto te wahitau srs i roto i te "Honeypot Hacker".
I muri i nga wiki e rua o te mahi tahi me taku kainga Mikrotik, kei roto i te rarangi "Honeypot Hacker" tata ki te kotahi mano me te hawhe mano nga wahitau IP o te hunga e pai ana ki te "pupuri i te udder" aku rauemi whatunga (kei te kainga kei taku ake waea, meera, nextcloud, rdp) Ka mutu nga whakaeke a te hunga tutu, ka tae mai te koa.
I te mahi, ehara i te mea he ngawari noa nga mea katoa, kei reira tonu ka takahia te tūmau rdp na roto i nga kupu huna.
Te ahua nei, i whakatauhia te nama tauranga e te matawai i mua noa i te whakakaohia o te honeypot, a i te wa o te taratahi ehara i te mea ngawari ki te whirihora ano i nga kaiwhakamahi neke atu i te 100, ko te 20% kua neke atu i te 65 tau. I roto i te take kaore e taea te whakarereke i te tauranga, he iti te tunu mahi. Kua kite ahau i tetahi mea penei i runga i te Ipurangi, engari he taapiri taapiri me te whakatikatika pai kei roto:
Ture mo te whirihora Port Patoto
/ip firewall filter
add action=add-src-to-address-list address-list=rdp_blacklist
address-list-timeout=15m chain=forward comment=rdp_to_blacklist
connection-state=new dst-port=3389 protocol=tcp src-address-list=
rdp_stage12
add action=add-src-to-address-list address-list=rdp_stage12
address-list-timeout=4m chain=forward connection-state=new dst-port=3389
protocol=tcp src-address-list=rdp_stage11
add action=add-src-to-address-list address-list=rdp_stage11
address-list-timeout=4m chain=forward connection-state=new dst-port=3389
protocol=tcp src-address-list=rdp_stage10
add action=add-src-to-address-list address-list=rdp_stage10
address-list-timeout=4m chain=forward connection-state=new dst-port=3389
protocol=tcp src-address-list=rdp_stage9
add action=add-src-to-address-list address-list=rdp_stage9
address-list-timeout=4m chain=forward connection-state=new dst-port=3389
protocol=tcp src-address-list=rdp_stage8
add action=add-src-to-address-list address-list=rdp_stage8
address-list-timeout=4m chain=forward connection-state=new dst-port=3389
protocol=tcp src-address-list=rdp_stage4
add action=add-src-to-address-list address-list=rdp_stage7
address-list-timeout=4m chain=forward connection-state=new dst-port=3389
protocol=tcp src-address-list=rdp_stage6
add action=add-src-to-address-list address-list=rdp_stage6
address-list-timeout=4m chain=forward connection-state=new dst-port=3389
protocol=tcp src-address-list=rdp_stage5
add action=add-src-to-address-list address-list=rdp_stage5
address-list-timeout=4m chain=forward connection-state=new dst-port=
3389 protocol=tcp src-address-list=rdp_stage4
add action=add-src-to-address-list address-list=rdp_stage4
address-list-timeout=4m chain=forward connection-state=new dst-port=
3389 protocol=tcp src-address-list=rdp_stage3
add action=add-src-to-address-list address-list=rdp_stage3
address-list-timeout=4m chain=forward connection-state=new dst-port=3389
protocol=tcp src-address-list=rdp_stage2
add action=add-src-to-address-list address-list=rdp_stage2
address-list-timeout=4m chain=forward connection-state=new dst-port=3389
protocol=tcp src-address-list=rdp_stage1
add action=add-src-to-address-list address-list=rdp_stage1
address-list-timeout=4m chain=forward connection-state=new dst-port=3389
protocol=tcp
/ip firewall raw
add action=drop chain=prerouting in-interface=ether4-wan src-address-list=
rdp_blacklist
I roto i nga meneti 4, ka whakaaetia te kiritaki mamao ki te tuku 12 "tono" hou ki te tūmau RDP. Ko tetahi ngana takiuru mai i te 1 ki te 4 "tono". I te 12th "tono" - aukati mo te 15 meneti. I roto i taku keehi, kaore nga kaiwhaiwhai i mutu ki te tarai i te kaimau, ka whakatika ratou ki nga taima, ka tere haere inaianei, na te tere o te kowhiringa ka whakaiti i te whai huatanga o te whakaeke ki te kore. Ko nga kaimahi o te kamupene karekau he raruraru i te mahi mai i nga tikanga i mahia.
Ko tetahi atu tinihanga iti
Ka huri tenei ture i runga i te raarangi i te 5 karaka ka mutu i te XNUMX karaka, ka tino moe te tangata tuturu, ka oho tonu nga kaikokoti aunoa.
/ip firewall filter
add action=add-src-to-address-list address-list=rdp_blacklist
address-list-timeout=1w0d0h0m chain=forward comment=
"night_rdp_blacklist" connection-state=new disabled=
yes dst-port=3389 protocol=tcp src-address-list=rdp_stage8Kei runga i te hononga 8, kua whakaingoatia te IP o te kaitukino mo te wiki. Ataahua!
Ae, i tua atu i nga korero o runga ake nei, ka tapiritia e ahau he hononga ki tetahi tuhinga Wiki me te mahinga mahi mo te tiaki i a Mikrotik mai i nga matawai whatunga.
I runga i aku taputapu, ka mahi tahi tenei tautuhinga me nga ture honeypot e whakaahuatia ana i runga ake nei, he pai te whakakii.
UPD: I roto i nga korero, kua nukuhia te ture whakaheke paatete ki te RAW hei whakaiti i te uta o te pouara.
Source: will.com