Ke batla ho arolelana le sechaba mokhoa o bonolo le o sebetsang oa mokhoa oa ho sebelisa Mikrotik ho sireletsa marang-rang a hau le lits'ebeletso tsa "peeping out" ka morao ho litlhaselo tsa ka ntle. E leng, melao e meraro feela ea ho hlophisa pitsa ea mahe a linotsi ho Mikrotik.
Kahoo, a re nahaneng hore re na le ofisi e nyenyane, e nang le IP e ka ntle ka mor'a moo ho nang le seva sa RDP bakeng sa basebetsi ho sebetsa hole. Molao oa pele ke, ehlile, ho fetola port 3389 ho sebopeho sa kantle ho se seng. Empa sena se ke ke sa tšoarella nako e telele; kamora matsatsi a 'maloa, lethathamo la tlhahlobo ea li-server tsa terminal le tla qala ho bonts'a litumello tse' maloa tse hlolehileng motsotsoana ho tsoa ho bareki ba sa tsejoeng.
Boemo bo bong, u na le asterisk e patiloeng ka mor'a Mikrotik, ha e le hantle ha e le koung ea 5060 udp, 'me ka mor'a matsatsi a seng makae ho batla password ho boetse ho qala ... e, e, kea tseba, fail2ban ke ntho e' ngoe le e 'ngoe ea rona, empa re ntse re tlameha ho Ka mohlala, ke sa tsoa e kenya ho ubuntu 18.04 mme ke maketse ho fumana hore ka ntle ho lebokose fail2ban ha e na litlhophiso tsa hona joale tsa asterisk ho tloha lebokoseng le tšoanang la kabo ea ubuntu ... bakeng sa "li-recipe" tse entsoeng hantle ha li sa sebetsa, lipalo tsa ho lokolloa li ntse li eketseha ho theosa le lilemo, 'me lihlooho tse nang le "li-recipe" bakeng sa liphetolelo tsa khale ha li sa sebetsa,' me tse ncha ha li sa hlaha ...
Kahoo, ho na le pitsa ea mahe a linotsi ka bokhutšoanyane - ke pitsa ea mahe a linotsi, molemong oa rona, koung leha e le efe e tummeng ho IP e ka ntle, kopo leha e le efe ho boema-kepe bona ho tsoa ho mofani oa ka ntle e romela aterese ea src ho lethathamong le letšo. Tsohle.
/ip firewall filter
add action=add-src-to-address-list address-list="Honeypot Hacker"
address-list-timeout=30d0h0m chain=input comment="block honeypot ssh rdp winbox"
connection-state=new dst-port=22,3389,8291 in-interface=
ether4-wan protocol=tcp
add action=add-src-to-address-list address-list="Honeypot Hacker"
address-list-timeout=30d0h0m chain=input comment=
"block honeypot asterisk" connection-state=new dst-port=5060
in-interface=ether4-wan protocol=udp
/ip firewall raw
add action=drop chain=prerouting in-interface=ether4-wan src-address-list=
"Honeypot Hacker"
Molao oa pele ho li-ports tse tummeng tsa TCP 22, 3389, 8291 ea ether4-wan ea kantle ea interface e romela "moeti" IP lethathamong la "Honeypot Hacker" (likou tsa ssh, rdp le winbox li holofetse esale pele kapa li fetotsoe ho ba bang). Ea bobeli e etsa se tšoanang ho UDP 5060 e tsebahalang.
Molao oa boraro sethaleng sa pele ho tsela o theola lipakete ho "baeti" bao srs-aterese ea bona e kenyelletsoeng "Honeypot Hacker".
Ka mor'a libeke tse peli ke sebetsa le lehae la ka Mikrotik, lethathamo la "Honeypot Hacker" le kenyelelitse liaterese tsa IP tse ka bang sekete le halofo tsa ba ratang ho "tšoara ka udder" mehloli ea ka ea marang-rang (lapeng ho na le mohala oa ka, poso, nextcloud, rdp).
Mosebetsing, ha se ntho e 'ngoe le e' ngoe e ileng ea e-ba bonolo haholo, moo ba tsoela pele ho senya seva sa rdp ka li-passwords tse qobellang batho.
Kamoo ho bonahalang kateng, nomoro ea boema-kepe e ne e khethiloe ke sehatisi nako e telele pele pitsa ea mahe a linotsi e buloa, 'me nakong ea karabelo ha ho bonolo haholo ho hlophisa basebelisi ba fetang 100, bao 20% ea bona ba fetang lilemo tse 65. Tabeng ea ha kou e ke ke ea fetoloa, ho na le risepe e nyane e sebetsang. Ke bone ntho e tšoanang Marang-rang, empa ho na le tlatsetso le tokiso e ntle e amehang:
Melao ea ho lokisa Port Knocking
/ip firewall filter
add action=add-src-to-address-list address-list=rdp_blacklist
address-list-timeout=15m chain=forward comment=rdp_to_blacklist
connection-state=new dst-port=3389 protocol=tcp src-address-list=
rdp_stage12
add action=add-src-to-address-list address-list=rdp_stage12
address-list-timeout=4m chain=forward connection-state=new dst-port=3389
protocol=tcp src-address-list=rdp_stage11
add action=add-src-to-address-list address-list=rdp_stage11
address-list-timeout=4m chain=forward connection-state=new dst-port=3389
protocol=tcp src-address-list=rdp_stage10
add action=add-src-to-address-list address-list=rdp_stage10
address-list-timeout=4m chain=forward connection-state=new dst-port=3389
protocol=tcp src-address-list=rdp_stage9
add action=add-src-to-address-list address-list=rdp_stage9
address-list-timeout=4m chain=forward connection-state=new dst-port=3389
protocol=tcp src-address-list=rdp_stage8
add action=add-src-to-address-list address-list=rdp_stage8
address-list-timeout=4m chain=forward connection-state=new dst-port=3389
protocol=tcp src-address-list=rdp_stage4
add action=add-src-to-address-list address-list=rdp_stage7
address-list-timeout=4m chain=forward connection-state=new dst-port=3389
protocol=tcp src-address-list=rdp_stage6
add action=add-src-to-address-list address-list=rdp_stage6
address-list-timeout=4m chain=forward connection-state=new dst-port=3389
protocol=tcp src-address-list=rdp_stage5
add action=add-src-to-address-list address-list=rdp_stage5
address-list-timeout=4m chain=forward connection-state=new dst-port=
3389 protocol=tcp src-address-list=rdp_stage4
add action=add-src-to-address-list address-list=rdp_stage4
address-list-timeout=4m chain=forward connection-state=new dst-port=
3389 protocol=tcp src-address-list=rdp_stage3
add action=add-src-to-address-list address-list=rdp_stage3
address-list-timeout=4m chain=forward connection-state=new dst-port=3389
protocol=tcp src-address-list=rdp_stage2
add action=add-src-to-address-list address-list=rdp_stage2
address-list-timeout=4m chain=forward connection-state=new dst-port=3389
protocol=tcp src-address-list=rdp_stage1
add action=add-src-to-address-list address-list=rdp_stage1
address-list-timeout=4m chain=forward connection-state=new dst-port=3389
protocol=tcp
/ip firewall raw
add action=drop chain=prerouting in-interface=ether4-wan src-address-list=
rdp_blacklist
Ka metsotso e 4, moreki ea hole o lumelloa ho etsa "likopo" tse ncha tse 12 feela ho seva sa RDP. Teko e le 'ngoe ea ho kena ke ho tloha ho 1 ho isa ho 4 "likopo". Ka "kopo" ea bo12 - ho thibela metsotso e 15. Tabeng ea ka, bahlaseli ha baa ka ba khaotsa ho senya seva, ba ikamahanya le nako 'me hona joale ba e etsa butle-butle, lebelo le joalo la khetho le fokotsa katleho ea tlhaselo ho ea ho zero. Basebeletsi ba k'hamphani ha ba bone litšitiso ho hang mosebetsing ho latela mehato e nkuoeng.
Leqheka le leng le lenyane
Molao ona o fetoha ho ea ka kemiso ea hora ea pele 'me o tima ka 5 hoseng, ha batho ba sebele ba robetse,' me ba khethang li-automated ba tsoela pele ho falimeha.
/ip firewall filter
add action=add-src-to-address-list address-list=rdp_blacklist
address-list-timeout=1w0d0h0m chain=forward comment=
"night_rdp_blacklist" connection-state=new disabled=
yes dst-port=3389 protocol=tcp src-address-list=rdp_stage8E se e ntse e le khokahanong ea 8th, IP ea mohlaseli e ngotsoe ka har'a beke. Botle!
Hantle, ho phaella ho tse ka holimo, ke tla eketsa sehokelo ho sengoloa sa Wiki se nang le setaele se sebetsang bakeng sa ho sireletsa Mikrotik ho li-scanner tsa marang-rang.
Ho lisebelisoa tsa ka, mokhoa ona o sebetsa hammoho le melao ea mahe a linotsi e hlalositsoeng ka holimo, e tlatselletsang hantle.
UPD: Joalokaha ho khothalelitsoe litlhalosong, molao oa ho theola pakete o fetiselitsoe ho RAW ho fokotsa mojaro ho router.
Source: www.habr.com