BLOQUEAR SCARNER-PORT

Tema en 'Scripting & Scheduling' comenzado por MikrotikPeru, 9 de Febrero de 2016.

  1. MikrotikPeru

    MikrotikPeru Well-Known Member

    Código (Text):
    /ip firewall filter

    add action=drop chain=input comment="drop ssh brute forcers" disabled=no \
    dst-port=22 protocol=tcp src-address-list=black_list
    add action=add-src-to-address-list address-list=black_list \
    address-list-timeout=1d chain=input comment="" connection-state=new \
    disabled=no dst-port=22 protocol=tcp src-address-list=ssh_stage3
    add action=add-src-to-address-list address-list=ssh_stage3 \
    address-list-timeout=30m chain=input comment="" connection-state=new \
    disabled=no dst-port=22 protocol=tcp src-address-list=ssh_stage2
    add action=add-src-to-address-list address-list=ssh_stage2 \
    address-list-timeout=2m chain=input comment="" connection-state=new \
    disabled=no dst-port=22 protocol=tcp src-address-list=ssh_stage1
    add action=add-src-to-address-list address-list=ssh_stage1 \
    address-list-timeout=1m chain=input comment="" connection-state=new \
    disabled=no dst-port=22 protocol=tcp
    add action=drop chain=input comment="drop ftp brute forcers" disabled=no \
    dst-port=21 protocol=tcp src-address-list=black_list
    add action=add-src-to-address-list address-list=black_list \
    address-list-timeout=1d chain=input comment="" connection-state=new \
    disabled=no dst-port=21 protocol=tcp src-address-list=ftp_stage3
    add action=add-src-to-address-list address-list=ftp_stage3 \
    address-list-timeout=1m chain=input comment="" connection-state=new \
    disabled=no dst-port=21 protocol=tcp src-address-list=ftp_stage2
    add action=add-src-to-address-list address-list=ftp_stage2 \
    address-list-timeout=1m chain=input comment="" connection-state=new \
    disabled=no dst-port=21 protocol=tcp src-address-list=ftp_stage1
    add action=add-src-to-address-list address-list=ftp_stage1 \
    address-list-timeout=1m chain=input comment="" connection-state=new \
    disabled=no dst-port=21 protocol=tcp
    add action=drop chain=input comment="drop telnet brute forcers" disabled=no \
    dst-port=23 protocol=tcp src-address-list=black_list
    add action=add-src-to-address-list address-list=black_list \
    address-list-timeout=1d chain=input comment="" connection-state=new \
    disabled=no dst-port=23 protocol=tcp src-address-list=telnet_stage3
    add action=add-src-to-address-list address-list=telnet_stage3 \
    address-list-timeout=30m chain=input comment="" connection-state=new \
    disabled=no dst-port=23 protocol=tcp src-address-list=telnet_stage2
    add action=add-src-to-address-list address-list=telnet_stage2 \
    address-list-timeout=2m chain=input comment="" connection-state=new \
    disabled=no dst-port=23 protocol=tcp src-address-list=telnet_stage1
    add action=add-src-to-address-list address-list=telnet_stage1 \
    address-list-timeout=1m chain=input comment="" connection-state=new \
    disabled=no dst-port=23 protocol=tcp



    CODIGO BLOQUEO -SCANER PORT


    Código (Text):
    add action=add-src-to-address-list address-list="port scanners" \
    address-list-timeout=2w chain=input comment="Port scanners to list " \
    disabled=no protocol=tcp psd=21,3s,3,1
    add action=add-src-to-address-list address-list="port scanners" \
    address-list-timeout=2w chain=input comment="NMAP FIN Stealth scan" \
    disabled=no protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg
    add action=add-src-to-address-list address-list="port scanners" \
    address-list-timeout=2w chain=input comment="SYN/FIN scan" disabled=no \
    protocol=tcp tcp-flags=fin,syn
    add action=add-src-to-address-list address-list="port scanners" \
    address-list-timeout=2w chain=input comment="SYN/RST scan" disabled=no \
    protocol=tcp tcp-flags=syn,rst
    add action=add-src-to-address-list address-list="port scanners" \
    address-list-timeout=2w chain=input comment="FIN/PSH/URG scan" disabled=\
    no protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack
    add action=add-src-to-address-list address-list="port scanners" \
    address-list-timeout=2w chain=input comment="ALL/ALL scan" disabled=no \
    protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg
    add action=add-src-to-address-list address-list="port scanners" \
    address-list-timeout=2w chain=input comment="NMAP NULL scan" disabled=no \
    protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
    add action=drop chain=input comment="dropping port scanners" disabled=no \
    src-address-list="port scanners"
     
     
  2. rifranco202325

    rifranco202325 New Member

    en si que hace
     
  3. MikrotikPeru

    MikrotikPeru Well-Known Member

    El PSD de mikrotik lo que hace es cuando alguien escanean una lista de puertos de tal a tal rango lo puedes poner en Black List asi protegerte de usuarios que usan NMAP
     

Comparte esta página