返回列表 發帖
mrandrewchan

Rank: 1
1# 跳轉到 » 倒序看帖
打印
tT
發表於 2013-3-28 02:38 | 顯示全部帖子

【RouterOS】 - Drop port scanners

本帖最後由 mrandrewchan 於 2013-3-28 02:45 編輯

以後吾怕比人掃 port 由其中國
( 最好做之前 backup 自己 config file )
In Winbox :

New Terminal > 貼上以下  

/ip firewall filter add chain=input protocol=tcp psd=21,3s,3,1 action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="Port scanners to list " disabled=no

/ip firewall filter add chain=input protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="NMAP FIN Stealth scan"

/ip firewall filter add chain=input protocol=tcp tcp-flags=fin,syn action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="SYN/FIN scan"

/ip firewall filter add chain=input protocol=tcp tcp-flags=syn,rst action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="SYN/RST scan"

/ip firewall filter add chain=input protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="FIN/PSH/URG scan"

/ip firewall filter add chain=input protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="ALL/ALL scan"

/ip firewall filter add chain=input protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="NMAP NULL scan"

/ip firewall filter add chain=input src-address-list="port scanners" action=drop comment="dropping port scanners" disabled=no

/ip firewall filter add chain=forward src-address-list="port scanners" action=drop comment="dropping port scanners" disabled=no

然後去 IP > Firewall > move up the rule to top
但小心自己做左 port forward 可能都會 drop (最後一句 )
收藏 分享
AC

mrandrewchan

Rank: 1
2#
發表於 2013-3-29 13:04 | 顯示全部帖子
本帖最後由 mrandrewchan 於 2013-3-29 13:21 編輯

我以前用dd-wrt 看到在網上不停有人scan router port, 之前我未買ROUTEROS 前用SONICWALL 更易在LOG 看到,最多是中國的IP , 我查過有時候是中國的ISP, 當然外國也有, 可能是 for reference , 可能攻擊,發現有open port 就用program try password,  我好幾年前那時不懂起了Linux Web server, 所有port 都開…然後一星期後被人安裝程式在我的Web server 上… 小心CHing


另外CHing 我想問怎樣把routeros 內的 firewall 所有port關……然後自己一個一個慢慢放出來
AC

TOP

mrandrewchan

Rank: 1
3#
發表於 2013-3-30 19:49 | 顯示全部帖子
回復 4# wochinaren123

我用TZ 170, 10 node VPN, 沒有WIFI, Firewall 吾洗比年費,買後登記才能用VPN function. 是朋友借我用……不知多少錢。
AC

TOP

mrandrewchan

Rank: 1
4#
發表於 2013-3-30 19:52 | 顯示全部帖子
回復 5# Qnewbie

謝謝 Qnewbie CHing
謝我試試
AC

TOP

返回列表