Ndikufuna kugawana ndi anthu ammudzi njira yosavuta komanso yogwirira ntchito ya momwe mungagwiritsire ntchito Mikrotik kuteteza maukonde anu ndi mautumiki "oyang'ana" kumbuyo kwake kuchokera kuzinthu zakunja. Momwemo, malamulo atatu okha okonzekera uchi pa Mikrotik.
Kotero, tiyeni tiyerekeze kuti tili ndi ofesi yaing'ono, yokhala ndi IP yakunja kumbuyo komwe kuli seva ya RDP kuti antchito azigwira ntchito kutali. Lamulo loyamba ndiloti, kusintha doko 3389 pa mawonekedwe akunja kupita ku lina. Koma izi sizitenga nthawi yayitali; pakadutsa masiku angapo, chipika chowunikira ma seva omaliza chidzayamba kuwonetsa zilolezo zingapo zomwe zalephera pamphindikati kuchokera kwa makasitomala osadziwika.
Chinthu china, muli ndi asterisk yobisika kuseri kwa Mikrotik, ndithudi osati pa doko la udp 5060, ndipo patapita masiku angapo kufufuza kwachinsinsi kumayambanso ... mwachitsanzo, ndinayiyika posachedwa pa ubuntu 2 ndipo ndinadabwa kupeza kuti m'bokosilo fail18.04ban mulibe zoikamo za asterisk kuchokera ku bokosi lomwelo la kugawa kwa ubuntu ... "Maphikidwe" okonzeka sakugwiranso ntchito, ziwerengero zotulutsidwa zikukulirakulira m'zaka zapitazi, ndipo zolemba zokhala ndi "maphikidwe" amitundu yakale sizikugwiranso ntchito, ndipo zatsopano sizimawonekeranso ...
Kotero, ndi chiyani poto mwachidule - ndi uchi, kwa ife, doko lililonse lodziwika pa IP yakunja, pempho lililonse ku doko ili kuchokera kwa kasitomala wakunja limatumiza adilesi ya src ku mndandanda wakuda. Zonse.
/ip firewall filter
add action=add-src-to-address-list address-list="Honeypot Hacker"
address-list-timeout=30d0h0m chain=input comment="block honeypot ssh rdp winbox"
connection-state=new dst-port=22,3389,8291 in-interface=
ether4-wan protocol=tcp
add action=add-src-to-address-list address-list="Honeypot Hacker"
address-list-timeout=30d0h0m chain=input comment=
"block honeypot asterisk" connection-state=new dst-port=5060
in-interface=ether4-wan protocol=udp
/ip firewall raw
add action=drop chain=prerouting in-interface=ether4-wan src-address-list=
"Honeypot Hacker"
Lamulo loyamba pamadoko odziwika a TCP 22, 3389, 8291 a mawonekedwe akunja a ether4-wan amatumiza "mlendo" IP ku mndandanda wa "Honeypot Hacker" (madoko a ssh, rdp ndi winbox amalephereka pasadakhale kapena amasinthidwa kwa ena). Wachiwiri amachitanso chimodzimodzi pa UDP 5060 yotchuka.
Lamulo lachitatu pa siteji isanakwane imagwetsa mapaketi kuchokera kwa "alendo" omwe srs-address ikuphatikizidwa mu "Honeypot Hacker".
Pambuyo pa milungu iwiri yogwira ntchito ndi nyumba yanga Mikrotik, mndandanda wa "Honeypot Hacker" unaphatikizapo ma adilesi a IP pafupifupi chikwi chimodzi ndi theka cha omwe amakonda "kugwira udder" chuma changa cha intaneti (kunyumba kuli telephony yanga, makalata, nextcloud, rdp).
Kuntchito, sizinthu zonse zomwe zidakhala zophweka, pamenepo akupitiliza kuswa seva ya rdp ndi mawu achinsinsi okakamiza mwankhanza.
Mwachiwonekere, nambala ya doko idatsimikiziridwa ndi scanner kale poto wa uchi usanatsegulidwe, ndipo panthawi yokhala kwaokha sikophweka kukonzanso ogwiritsa ntchito oposa 100, omwe 20% ali ndi zaka zoposa 65. Pankhani yomwe doko silingasinthidwe, pali njira yaying'ono yogwirira ntchito. Ndawonapo zina zofananira pa intaneti, koma pali zina zowonjezera komanso kukonza bwino komwe kumakhudzidwa:
Malamulo sintha Port Kugogoda
/ip firewall filter
add action=add-src-to-address-list address-list=rdp_blacklist
address-list-timeout=15m chain=forward comment=rdp_to_blacklist
connection-state=new dst-port=3389 protocol=tcp src-address-list=
rdp_stage12
add action=add-src-to-address-list address-list=rdp_stage12
address-list-timeout=4m chain=forward connection-state=new dst-port=3389
protocol=tcp src-address-list=rdp_stage11
add action=add-src-to-address-list address-list=rdp_stage11
address-list-timeout=4m chain=forward connection-state=new dst-port=3389
protocol=tcp src-address-list=rdp_stage10
add action=add-src-to-address-list address-list=rdp_stage10
address-list-timeout=4m chain=forward connection-state=new dst-port=3389
protocol=tcp src-address-list=rdp_stage9
add action=add-src-to-address-list address-list=rdp_stage9
address-list-timeout=4m chain=forward connection-state=new dst-port=3389
protocol=tcp src-address-list=rdp_stage8
add action=add-src-to-address-list address-list=rdp_stage8
address-list-timeout=4m chain=forward connection-state=new dst-port=3389
protocol=tcp src-address-list=rdp_stage4
add action=add-src-to-address-list address-list=rdp_stage7
address-list-timeout=4m chain=forward connection-state=new dst-port=3389
protocol=tcp src-address-list=rdp_stage6
add action=add-src-to-address-list address-list=rdp_stage6
address-list-timeout=4m chain=forward connection-state=new dst-port=3389
protocol=tcp src-address-list=rdp_stage5
add action=add-src-to-address-list address-list=rdp_stage5
address-list-timeout=4m chain=forward connection-state=new dst-port=
3389 protocol=tcp src-address-list=rdp_stage4
add action=add-src-to-address-list address-list=rdp_stage4
address-list-timeout=4m chain=forward connection-state=new dst-port=
3389 protocol=tcp src-address-list=rdp_stage3
add action=add-src-to-address-list address-list=rdp_stage3
address-list-timeout=4m chain=forward connection-state=new dst-port=3389
protocol=tcp src-address-list=rdp_stage2
add action=add-src-to-address-list address-list=rdp_stage2
address-list-timeout=4m chain=forward connection-state=new dst-port=3389
protocol=tcp src-address-list=rdp_stage1
add action=add-src-to-address-list address-list=rdp_stage1
address-list-timeout=4m chain=forward connection-state=new dst-port=3389
protocol=tcp
/ip firewall raw
add action=drop chain=prerouting in-interface=ether4-wan src-address-list=
rdp_blacklist
Mu mphindi 4, kasitomala wakutali amaloledwa kupanga "zopempha" zatsopano za 12 ku seva ya RDP. Kuyesa kumodzi kolowera ndikuchokera ku 1 mpaka 4 "zopempha". Pa "pempho" la 12 - kutsekereza kwa mphindi 15. Kwa ine, owukirawo sanasiye kuthyola seva, adasinthidwa ndi nthawi ndipo tsopano azichita pang'onopang'ono, kuthamanga koteroko kumachepetsa mphamvu ya kuukira kwa zero. Ogwira ntchito pakampaniyo samakumana ndi vuto lililonse kuntchito chifukwa cha zomwe achita.
Chinyengo china chaching'ono
Lamuloli limatsegulidwa molingana ndi ndandanda ya 5 koloko ndikuzimitsa XNUMX koloko, pamene anthu enieni akugona, ndipo osankha okha amapitirizabe kukhala maso.
/ip firewall filter
add action=add-src-to-address-list address-list=rdp_blacklist
address-list-timeout=1w0d0h0m chain=forward comment=
"night_rdp_blacklist" connection-state=new disabled=
yes dst-port=3389 protocol=tcp src-address-list=rdp_stage8Kale pamalumikizidwe a 8, IP ya wowukirayo idasindikizidwa kwa sabata. Kukongola!
Chabwino, kuwonjezera pa zomwe tafotokozazi, ndiwonjezera ulalo ku nkhani ya Wiki yokhala ndi dongosolo lothandizira kuteteza Mikrotik ku makina ojambulira maukonde.
Pazida zanga, izi zimagwira ntchito limodzi ndi malamulo a mphika wa uchi omwe tawafotokozera pamwambapa, ndikuwathandiza bwino.
UPD: Monga momwe tafotokozera m'mawu, lamulo lotsitsa paketi lasunthidwa ku RAW kuti muchepetse katundu pa rauta.
Source: www.habr.com