返回列表 發帖

【RouterOS】 - Drop port scanners

本帖最後由 mrandrewchan 於 2013-3-28 02:45 編輯

以後吾怕比人掃 port 由其中國
( 最好做之前 backup 自己 config file )
In Winbox :

New Terminal > 貼上以下  

/ip firewall filter add chain=input protocol=tcp psd=21,3s,3,1 action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="Port scanners to list " disabled=no

/ip firewall filter add chain=input protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="NMAP FIN Stealth scan"

/ip firewall filter add chain=input protocol=tcp tcp-flags=fin,syn action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="SYN/FIN scan"

/ip firewall filter add chain=input protocol=tcp tcp-flags=syn,rst action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="SYN/RST scan"

/ip firewall filter add chain=input protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="FIN/PSH/URG scan"

/ip firewall filter add chain=input protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="ALL/ALL scan"

/ip firewall filter add chain=input protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="NMAP NULL scan"

/ip firewall filter add chain=input src-address-list="port scanners" action=drop comment="dropping port scanners" disabled=no

/ip firewall filter add chain=forward src-address-list="port scanners" action=drop comment="dropping port scanners" disabled=no

然後去 IP > Firewall > move up the rule to top
但小心自己做左 port forward 可能都會 drop (最後一句 )
AC

回復 1# mrandrewchan

CHing,他们为什么scan我们port?进行网络攻击?

TOP

本帖最後由 mrandrewchan 於 2013-3-29 13:21 編輯

我以前用dd-wrt 看到在網上不停有人scan router port, 之前我未買ROUTEROS 前用SONICWALL 更易在LOG 看到,最多是中國的IP , 我查過有時候是中國的ISP, 當然外國也有, 可能是 for reference , 可能攻擊,發現有open port 就用program try password,  我好幾年前那時不懂起了Linux Web server, 所有port 都開…然後一星期後被人安裝程式在我的Web server 上… 小心CHing


另外CHing 我想問怎樣把routeros 內的 firewall 所有port關……然後自己一個一個慢慢放出來
AC

TOP

提示: 作者被禁止或刪除 內容自動屏蔽

TOP

回復 3# mrandrewchan

Basically, you add a rule "Drop all others" would work.
  1. /ip firewall filter add chain=input action=drop in-interface=YOUR_WAN_INTERFACE
複製代碼
Note: This rule MUST be the last rule. I "brick" the router once by moving this rule to the top in mistake and have to do the HARD-RESET
RB750G, RB2011UAS-2HnD
IP01, A580IP, AT-610

TOP

提示: 作者被禁止或刪除 內容自動屏蔽

TOP

回復 6# wochinaren123


    I think the "back-door" theory for Huawei(more?) is just what the States has been done to other countries and assumes that others do the same. As well inspected by security personnel and the final report for hearing is just "risk" for back-door.

Need real example?
http://en.wikipedia.org/wiki/Stuxnet

Even further, how could you prevent attack initiated by hardware? As most ICs are manufactured in States
RB750G, RB2011UAS-2HnD
IP01, A580IP, AT-610

TOP

提示: 作者被禁止或刪除 內容自動屏蔽

TOP

回復 4# wochinaren123

我用TZ 170, 10 node VPN, 沒有WIFI, Firewall 吾洗比年費,買後登記才能用VPN function. 是朋友借我用……不知多少錢。
AC

TOP

回復 5# Qnewbie

謝謝 Qnewbie CHing
謝我試試
AC

TOP

返回列表