電訊茶室 - Powered by Discuz! Board

標題: 【RouterOS】 - Drop port scanners [打印本頁]

作者: mrandrewchan 時間: 2013-3-28 02:38 標題: 【RouterOS】 - Drop port scanners

本帖最後由 mrandrewchan 於 2013-3-28 02:45 編輯

以後吾怕比人掃 port 由其中國
( 最好做之前 backup 自己 config file )
In Winbox :

New Terminal > 貼上以下

/ip firewall filter add chain=input protocol=tcp psd=21,3s,3,1 action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="Port scanners to list " disabled=no

/ip firewall filter add chain=input protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="NMAP FIN Stealth scan"

/ip firewall filter add chain=input protocol=tcp tcp-flags=fin,syn action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="SYN/FIN scan"

/ip firewall filter add chain=input protocol=tcp tcp-flags=syn,rst action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="SYN/RST scan"

/ip firewall filter add chain=input protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="FIN/PSH/URG scan"

/ip firewall filter add chain=input protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="ALL/ALL scan"

/ip firewall filter add chain=input protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="NMAP NULL scan"

/ip firewall filter add chain=input src-address-list="port scanners" action=drop comment="dropping port scanners" disabled=no

/ip firewall filter add chain=forward src-address-list="port scanners" action=drop comment="dropping port scanners" disabled=no

然後去 IP > Firewall > move up the rule to top
但小心自己做左 port forward 可能都會 drop (最後一句 )

作者: 角色 時間: 2013-3-29 09:45

回復 1# mrandrewchan

CHing，他们为什么scan我们port？进行网络攻击？

作者: mrandrewchan 時間: 2013-3-29 13:04

本帖最後由 mrandrewchan 於 2013-3-29 13:21 編輯

我以前用dd-wrt 看到在網上不停有人scan router port, 之前我未買ROUTEROS 前用SONICWALL 更易在LOG 看到，最多是中國的IP , 我查過有時候是中國的ISP, 當然外國也有, 可能是 for reference , 可能攻擊，發現有open port 就用program try password, 我好幾年前那時不懂起了Linux Web server, 所有port 都開…然後一星期後被人安裝程式在我的Web server 上… 小心CHing

另外CHing 我想問怎樣把routeros 內的 firewall 所有port關……然後自己一個一個慢慢放出來

作者: wochinaren123 時間: 2013-3-29 16:36

提示: 作者被禁止或刪除內容自動屏蔽

作者: Qnewbie 時間: 2013-3-29 17:34

回復 3# mrandrewchan

Basically, you add a rule "Drop all others" would work.

/ip firewall filter add chain=input action=drop in-interface=YOUR_WAN_INTERFACE

複製代碼

Note: This rule MUST be the last rule. I "brick" the router once by moving this rule to the top in mistake and have to do the HARD-RESET

作者: wochinaren123 時間: 2013-3-29 18:40

提示: 作者被禁止或刪除內容自動屏蔽

作者: Qnewbie 時間: 2013-3-29 19:58

回復 6# wochinaren123

I think the "back-door" theory for Huawei(more?) is just what the States has been done to other countries and assumes that others do the same. As well inspected by security personnel and the final report for hearing is just "risk" for back-door.

Need real example?
http://en.wikipedia.org/wiki/Stuxnet

Even further, how could you prevent attack initiated by hardware? As most ICs are manufactured in States

作者: wochinaren123 時間: 2013-3-29 21:09

提示: 作者被禁止或刪除內容自動屏蔽

作者: mrandrewchan 時間: 2013-3-30 19:49

回復 4# wochinaren123

我用TZ 170, 10 node VPN, 沒有WIFI, Firewall 吾洗比年費，買後登記才能用VPN function. 是朋友借我用……不知多少錢。

作者: mrandrewchan 時間: 2013-3-30 19:52

回復 5# Qnewbie

謝謝 Qnewbie CHing
謝我試試

歡迎光臨電訊茶室 (http://telecom-cafe.com/forum/)