@MikrotikRu
Boomer31.07.2018
12:30:33
12:30:33
никогда ранее на эти флаги не срабатывал сканер портов, а сегодня 1,5к адресов в бан отправило это правило.
причем 1,5к примерно за 6 чесов работы роутера
Boomer31.07.2018
12:32:09
12:32:09
а айпишники - от аляски до африки...
GoogleBoomer31.07.2018
12:32:34
12:32:34
и Российских тоже много.
Alexey31.07.2018
12:34:56
12:34:56
кто-то тебя спамит
Игорь31.07.2018
12:35:08
12:35:08
пффф это еще фигня
кстати такая фигня происходит тогда я на спидтесте заходил
Alexey31.07.2018
12:38:34
12:38:34
спидтест палит айпишники
ᅠ31.07.2018
12:40:13
12:40:13
Мы тут с коллегой задумались
А что если врубить маскарадинг и указать out-interface на котором несколько айпишек О_о
что он будет делать?
GoogleAlexey31.07.2018
12:43:02
12:43:02
http://mikrotik.vetriks.ru/wiki/%D0%93%D0%BE%D1%82%D0%BE%D0%B2%D1%8B%D0%B5_%D1%80%D0%B5%D1%88%D0%B5%D0%BD%D0%B8%D1%8F:%D0%97%D0%B0%D1%89%D0%B8%D1%82%D0%B0_%D0%BE%D1%82_brute-force_%D0%B0%D1%82%D0%B0%D0%BA_%D0%B4%D0%BB%D1%8F_SSH_%D0%B8_FTP
попробуй правила файрвола создать
и поставь запрет на вход на микрот с глобала, и определение микрота
Игорь31.07.2018
12:45:13
12:45:13
а я вот так прописал закинул в скрипт вроде ок
#########################################################################################################
# Rick Frey's Basic MikroTik Firewall Rev 5.0 (Free Version) #
#########################################################################################################
# Author: Rick Frey #
# email: #
# Username in MikroTik Forum is rickfrey #
#########################################################################################################
# License #
# This script has been created for use by the general public and may be used freely. This script may #
# not be sold! #
#########################################################################################################
#########################################################################################################
# Features #
# -Detect and block brute force attacks to the routers via SSH, Telnet, and Winbox (Disables WWW & FTP) #
# -Basic Antivirus filtering #
# -P2P Blocking #
# -High Connection Rate detection #
# -Basic Spam detection #
# -Basic Port Scanner Detection #
# -Bogon Address Blocking #
#########################################################################################################
###########################################################################################################################
###########################################################################################################################
#### Firewall Settings ####
###########################################################################################################################
/ip firewall connection tracking
set enabled=yes
###########################################################################################################################
#### Drop Invalid Connections ####
#### To make this more useful, create a copy of the forward chain rule and set the interface for each LAN intface ####
#### on your network. Remember to remove the orginal rule. ####
###########################################################################################################################
/ip firewall filter
add action=drop chain=input comment="Drop Invalid Connections" connection-state=invalid disabled=no
add action=drop chain=forward comment="Drop Invalid Connections" connection-state=invalid disabled=no
###########################################################################################################################
#### Must Add Admin IP Addresses in the Address List for Administering the Network in "Exempt Addresses" #####
###########################################################################################################################
add action=accept chain=input comment="Accept Exempt IP Addresses" disabled=no src-address-list="Exempt Addresses"
add action=accept chain=forward comment="Accept Exempt IP Addresses" disabled=no src-address-list="Exempt Addresses"
############################################################################################################################
#### Multiple "Black Lists" have been created to help identify why any given person has been blocked.#######################
#### By default Port Scanners Black List is disabled. The Firewall will continue to add these people to the ################
#### the Black List, but will not block them unless the Black List is enabled. Use with caution!!!! ########################
#### Once someone is on a Black List they are permanently recorded there. To remove them, go to the address list.###########
############################################################################################################################
add action=drop chain=input comment="Drop anyone in the Black List (Manually Added)" disabled=no src-address-list="Black List"
add action=drop chain=forward comment="Drop anyone in the Black List (Manually Added)" disabled=no src-address-list="Black List"
add action=drop chain=input comment="Drop anyone in the Black List (SSH)" disabled=no src-address-list="Black List (SSH)"
add action=drop chain=forward comment="Drop anyone in the Black List (SSH)" disabled=no src-address-list="Black List (SSH)"
add action=drop chain=input comment="Drop anyone in the Black List (Telnet)" disabled=no src-address-list="Black List (Telnet)"
add action=drop chain=forward comment="Drop anyone in the Black List (Telnet)" disabled=no src-address-list="Black List (Telnet)"
add action=drop chain=input comment="Drop anyone in the Black List (Winbox)" disabled=no src-address-list="Black List (Winbox)"
add action=drop chain=forward comment="Drop anyone in the Black List (Winbox)" disabled=no src-address-list="Black List (Winbox)"
add action=drop chain=input comment="Drop anyone in the WAN Port Scanner List" disabled=yes src-address-list="WAN Port Scanners"
add action=drop chain=forward comment="Drop anyone in the WAN Port Scanner List" disabled=yes src-address-list="WAN Port Scanners"
add action=drop chain=input comment="Drop anyone in the LAN Port Scanner List" disabled=yes src-address-list="LAN Port Scanners"
add action=drop chain=forward comment="Drop anyone in the LAN Port Scanner List" disabled=yes src-address-list="LAN Port Scanners"
add action=drop chain=input comment="Drop all Bogons" disabled=no src-address-list=Bogons
add action=drop chain=forward comment="Drop all Bogons" disabled=no src-address-list=Bogons
add action=drop chain=forward comment="Drop all P2P" disabled=yes p2p=all-p2p
add chain=output comment="Section Break" disabled=yes
###########################################################################################################################
#### Detect & Block Brute Force Login Attempts ####
###########################################################################################################################
add action=jump chain=input comment="Jump to RFC SSH Chain" disabled=no jump-target="RFC SSH Chain"
add action=add-src-to-address-list address-list="Black List (SSH)" address-list-timeout=0s chain="RFC SSH Chain" comment="Transfer repeated attempts from SSH Stage 3 to Black-List" connection-state=new disabled=no dst-port=22 protocol=tcp src-address-list="SSH Stage 3"
add action=add-src-to-address-list address-list="SSH Stage 3" address-list-timeout=1m chain="RFC SSH Chain" comment="Add succesive attempts to SSH Stage 3" connection-state=new disabled=no dst-port=22 protocol=tcp src-address-list="SSH Stage 2"
add action=add-src-to-address-list address-list="SSH Stage 2" address-list-timeout=1m chain="RFC SSH Chain" comment="Add succesive attempts to SSH Stage 2" connection-state=new disabled=no dst-port=22 protocol=tcp src-address-list="SSH Stage 1"
add action=add-src-to-address-list address-list="SSH Stage 1" address-list-timeout=1m chain="RFC SSH Chain" comment="Add intial attempt to SSH Stage 1 List" connection-state=new disabled=no dst-port=22 protocol=tcp
add action=return chain="RFC SSH Chain" comment="Return From RFC SSH Chain" disabled=no
add chain=output comment="Section Break" disabled=yes
add action=jump chain=input comment="Jump to RFC Telnet Chain" disabled=no jump-target="RFC Telnet Chain"
add action=add-src-to-address-list address-list="Black List (Telnet)" address-list-timeout=0s chain="RFC Telnet Chain" comment="Transfer repeated attempts from Telnet Stage 3 to Black-List" connection-state=new disabled=no dst-port=23 protocol=tcp src-address-list="Telnet Stage 3"
add action=add-src-to-address-list address-list="Telnet Stage 3" address-list-timeout=1m chain="RFC Telnet Chain" comment="Add succesive attempts to Telnet Stage 3" connection-state=new disabled=no dst-port=23 protocol=tcp src-address-list="Telnet Stage 2"
add action=add-src-to-address-list address-list="Telnet Stage 2" address-list-timeout=1m chain="RFC Telnet Chain" comment="Add succesive attempts to Telnet Stage 2" connection-state=new disabled=no dst-port=23 protocol=tcp src-address-list="Telnet Stage 1"
add action=add-src-to-address-list address-list="Telnet Stage 1" address-list-timeout=1m chain="RFC Telnet Chain" comment="Add Intial attempt to Telnet Stage 1" connection-state=new disabled=no dst-port=23 protocol=tcp
add action=return chain="RFC Telnet Chain" comment="Return From RFC Telnet Chain" disabled=no
add chain=output comment="Section Break" disabled=yes
add action=jump chain=input comment="Jump to RFC Winbox Chain" disabled=no jump-target="RFC Winbox Chain"
add action=add-src-to-address-list address-list="Black List (Winbox)" address-list-timeout=0s chain="RFC Winbox Chain" comment="Transfer repeated attempts from Winbox Stage 3 to Black-List" connection-state=new disabled=no dst-port=8291 protocol=tcp src-address-list="Winbox Stage 3"
add action=add-src-to-address-list address-list="Winbox Stage 3" address-list-timeout=1m chain="RFC Winbox Chain" comment="Add succesive attempts to Winbox Stage 3" connection-state=new disabled=no dst-port=8291 protocol=tcp src-address-list="Winbox Stage 2"
add action=add-src-to-address-list address-list="Winbox Stage 2" address-list-timeout=1m chain="RFC Winbox Chain" comment="Add succesive attempts to Winbox Stage 2" connection-state=new disabled=no dst-port=8291 protocol=tcp src-address-list="Winbox Stage 1"
add action=add-src-to-address-list address-list="Winbox Stage 1" address-list-timeout=1m chain="RFC Winbox Chain" comment="Add Intial attempt to Winbox Stage 1" connection-state=new disabled=no dst-port=8291 protocol=tcp
add action=return chain="RFC Winbox Chain" comment="Return From RFC Winbox Chain" disabled=no
add chain=output comment="Section Break" disabled=yes
###########################################################################################################################
#### Detect & Manage Port Scanners ####
###########################################################################################################################
/ip firewall filter
add action=add-src-to-address-list address-list="Wan Port Scanners" chain=input comment="Add TCP Port Scanners to Address List" protocol=tcp psd=40,3s,2,1
add action=add-src-to-address-list address-list="LAN Port Scanners" chain=forward comment="Add TCP Port Scanners to Address List" protocol=tcp psd=40,3s,2,1
add chain=output comment="Section Break" disabled=yes
###########################################################################################################################
#### Detect & Manage High Connection Rates ####
###########################################################################################################################
/ip firewall filter
add action=add-src-to-address-list address-list="(WAN High Connection Rates)" chain=input comment="Add WAN High Connections to Address List" connection-limit=100,32 protocol=tcp
add action=add-src-to-address-list address-list="(LAN High Connection Rates)" chain=forward comment="Add LAN High Connections to Address List" connection-limit=100,32 protocol=tcp
############################################################################################################################
#### The Virus Chain has been added at the request of customers, but there is no guarantee expressed or implied with the ###
#### Virus Chain. ##########################################################################################################
############################################################################################################################
/ip firewall address-list
add address=0.0.0.0/8 comment="RFC 1122 \"This host on this network\"" disabled=yes list=Bogons
add address=10.0.0.0/8 comment="RFC 1918 (Private Use IP Space)" disabled=yes list=Bogons
add address=100.64.0.0/10 comment="RFC 6598 (Shared Address Space)" disabled=yes list=Bogons
add address=127.0.0.0/8 comment="RFC 1122 (Loopback)" disabled=yes list=Bogons
add address=169.254.0.0/16 comment="RFC 3927 (Dynamic Configuration of IPv4 Link-Local Addresses)" disabled=yes list=Bogons
add address=172.16.0.0/12 comment="RFC 1918 (Private Use IP Space)" disabled=yes list=Bogons
add address=192.0.0.0/24 comment="RFC 6890 (IETF Protocol Assingments)" disabled=yes list=Bogons
add address=192.0.2.0/24 comment="RFC 5737 (Test-Net-1)" disabled=yes list=Bogons
add address=192.168.0.0/16 comment="RFC 1918 (Private Use IP Space)" disabled=yes list=Bogons
add address=198.18.0.0/15 comment="RFC 2544 (Benchmarking)" disabled=yes list=Bogons
add address=198.51.100.0/24 comment="RFC 5737 (Test-Net-2)" disabled=yes list=Bogons
add address=203.0.113.0/24 comment="RFC 5737 (Test-Net-3)" disabled=yes list=Bogons
add address=224.0.0.0/4 comment="RFC 5771 (Multicast Addresses) - Will affect OSPF, RIP, PIM, VRRP, IS-IS, and others. Use with caution.)" disabled=yes list=Bogons
add address=240.0.0.0/4 comment="RFC 1112 (Reserved)" disabled=yes list=Bogons
add address=192.31.196.0/24 comment="RFC 7535 (AS112-v4)" disabled=yes list=Bogons
add address=192.52.193.0/24 comment="RFC 7450 (AMT)" disabled=yes list=Bogons
add address=192.88.99.0/24 comment="RFC 7526 (Deprecated (6to4 Relay Anycast))" disabled=yes list=Bogons
add address=192.175.48.0/24 comment="RFC 7534 (Direct Delegation AS112 Service)" disabled=yes list=Bogons
add address=255.255.255.255 comment="RFC 919 (Limited Broadcast)" disabled=yes list=Bogons
##############################################################################################################################################
#### This is a list of all common ports as found on http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers and other sources. ##
#### By default they are enabled to prevent immediate problems when applying the script. Carefully review the list of ##
#### ports and remove or disable entries that are not needed. ##
##############################################################################################################################################
add action=jump chain=input comment="Jump to Virus Chain" disabled=no jump-target=Virus
add action=drop chain=Virus comment="Drop Blaster Worm" disabled=no dst-port=135-139 protocol=tcp
add action=drop chain=Virus comment="Drop Blaster Worm" disabled=no dst-port=445 protocol=tcp
add action=drop chain=Virus comment="Drop Blaster Worm" disabled=no dst-port=445 protocol=udp
add action=drop chain=Virus comment="Drop Messenger Worm" disabled=no dst-port=135-139 protocol=udp
add action=drop chain=Virus comment=Conficker disabled=no dst-port=593 protocol=tcp
add action=drop chain=Virus comment=Worm disabled=no dst-port=1024-1030 protocol=tcp
add action=drop chain=Virus comment="ndm requester" disabled=no dst-port=1363 protocol=tcp
add action=drop chain=Virus comment="ndm server" disabled=no dst-port=1364 protocol=tcp
add action=drop chain=Virus comment="screen cast" disabled=no dst-port=1368 protocol=tcp
add action=drop chain=Virus comment=hromgrafx disabled=no dst-port=1373 protocol=tcp
add action=drop chain=Virus comment="Drop MyDoom" disabled=no dst-port=1080 protocol=tcp
add action=drop chain=Virus comment=cichlid disabled=no dst-port=1377 protocol=tcp
add action=drop chain=Virus comment=Worm disabled=no dst-port=1433-1434 protocol=tcp
add action=drop chain=Virus comment="Drop Dumaru.Y" disabled=no dst-port=2283 protocol=tcp
add action=drop chain=Virus comment="Drop Beagle" disabled=no dst-port=2535 protocol=tcp
add action=drop chain=Virus comment="Drop Beagle.C-K" disabled=no dst-port=2745 protocol=tcp
add action=drop chain=Virus comment="Drop MyDoom" disabled=no dst-port=3127-3128 protocol=tcp
add action=drop chain=Virus comment="Drop Backdoor OptixPro" disabled=no dst-port=3410 protocol=tcp
add action=drop chain=Virus comment="Drop Sasser" disabled=no dst-port=5554 protocol=tcp
add action=drop chain=Virus comment=Worm disabled=no dst-port=4444 protocol=tcp
add action=drop chain=Virus comment=Worm disabled=no dst-port=4444 protocol=udp
add action=drop chain=Virus comment="Drop Beagle.B" disabled=no dst-port=8866 protocol=tcp
add action=drop chain=Virus comment="Drop Dabber.A-B" disabled=no dst-port=9898 protocol=tcp
add action=drop chain=Virus comment="Drop Dumaru.Y" disabled=no dst-port=10000 protocol=tcp
add action=drop chain=Virus comment="Drop MyDoom.B" disabled=no dst-port=10080 protocol=tcp
add action=drop chain=Virus comment="Drop NetBus" disabled=no dst-port=12345 protocol=tcp
add action=drop chain=Virus comment="Drop Kuang2" disabled=no dst-port=17300 protocol=tcp
add action=drop chain=Virus comment="Drop SubSeven" disabled=no dst-port=27374 protocol=tcp
add action=drop chain=Virus comment="Drop PhatBot, Agobot, Gaobot" disabled=no dst-port=65506 protocol=tcp
add action=return chain=Virus comment="Return From Virus Chain" disabled=no
add chain=output comment="Section Break" disabled=yes
###########################################################################################################################
#### This is the BOGON short list. ####
####!!!!! All subnets in this list will be blocked!!! Disable or remove any subnets that you are using!!!##################
###########################################################################################################################
add chain="Manage Common Ports" comment="FTPS Protocol (control):FTP over TLS/SSL" port=990 protocol=udp
add chain="Manage Common Ports" comment="TELNET protocol overTLS/SSL" port=992 protocol=tcp
add chain="Manage Common Ports" comment="TELNET protocol overTLS/SSL" port=992 protocol=udp
add chain="Manage Common Ports" comment="Internet Message Access Protocol over TLS/SSL (IMAPS)" port=993 protocol=tcp
add chain="Manage Common Ports" comment="Post Office Protocol3 over TLS/SSL (POP3S)" port=995 protocol=tcp
add chain="Manage Common Ports" comment="OVPN TCP Port 1194 (Local Management)" port=1194 protocol=tcp
add chain="Manage Common Ports" comment="PPTP Port 1723 (Local Management)" port=1723 protocol=tcp
add chain="Manage Common Ports" comment="L2TP UDP Port 1701 (Local Management)" port=1701 protocol=udp
add chain="Manage Common Ports" comment="L2TP UDP Port 4500 (Local Management)" port=4500 protocol=udp
/ip firewall filter
add chain=input comment="Accept Related or Established Connections" connection-state=established,related disabled=yes
add chain=forward comment="Accept New Connections" connection-state=new disabled=yes
add chain=forward comment="Accept Related or Established Connections" connection-state=established,related disabled=yes
##########################################################################################################################
#### Enable this rule in SAFE MODE and test before using##################################################################
##########################################################################################################################
add action=drop chain=forward comment="Drop all other LAN Traffic" disabled=yes
add action=drop chain=input comment="Drop all other WAN Traffic" disabled=yes
/ip firewall filter
add action=jump chain=forward comment="Jump to \"Manage Common Ports\" Chain" jump-target="Manage Common Ports"
add chain="Manage Common Ports" comment="\"All hosts on this subnet\" Broadcast" src-address=224.0.0.1
add chain="Manage Common Ports" comment="\"All routers on this subnet\" Broadcast" src-address=224.0.0.2
add chain="Manage Common Ports" comment="DVMRP (Distance Vector Multicast Routing Protocol)" src-address=224.0.0.4
add chain="Manage Common Ports" comment="OSPF - All OSPF Routers Broadcast" src-address=224.0.0.5
add chain="Manage Common Ports" comment="OSPF - OSPF DR Routers Broadcast" src-address=224.0.0.6
add chain="Manage Common Ports" comment="RIP Broadcast" src-address=224.0.0.9
add chain="Manage Common Ports" comment="EIGRP Broadcast" src-address=224.0.0.10
add chain="Manage Common Ports" comment="PIM Broadcast" src-address=224.0.0.13
add chain="Manage Common Ports" comment="VRRP Broadcast" src-address=224.0.0.18
add chain="Manage Common Ports" comment="IS-IS Broadcast" src-address=224.0.0.19
add chain="Manage Common Ports" comment="IS-IS Broadcast" src-address=224.0.0.20
add chain="Manage Common Ports" comment="IS-IS Broadcast" src-address=224.0.0.21
add chain="Manage Common Ports" comment="IGMP Broadcast" src-address=224.0.0.22
add chain="Manage Common Ports" comment="GRE Protocol (Local Management)" protocol=gre
add chain="Manage Common Ports" comment="FTPdata transfer" port=20 protocol=tcp
add chain="Manage Common Ports" comment="FTPdata transfer " port=20 protocol=udp
add chain="Manage Common Ports" comment="FTPcontrol (command)" port=21 protocol=tcp
add chain="Manage Common Ports" comment="Secure Shell(SSH)" port=22 protocol=tcp
add chain="Manage Common Ports" comment="Secure Shell(SSH) " port=22 protocol=udp
add chain="Manage Common Ports" comment=Telnet port=23 protocol=tcp
add chain="Manage Common Ports" comment=Telnet port=23 protocol=udp
add chain="Manage Common Ports" comment="Priv-mail: any privatemailsystem." port=24 protocol=tcp
add chain="Manage Common Ports" comment="Priv-mail: any privatemailsystem. " port=24 protocol=udp
add chain="Manage Common Ports" comment="Simple Mail Transfer Protocol(SMTP)" port=25 protocol=tcp
add chain="Manage Common Ports" comment="Simple Mail Transfer Protocol(SMTP) " port=25 protocol=udp
add chain="Manage Common Ports" comment="TIME protocol" port=37 protocol=tcp
add chain="Manage Common Ports" comment="TIME protocol " port=37 protocol=udp
add chain="Manage Common Ports" comment="ARPA Host Name Server Protocol & WINS" port=42 protocol=tcp
add chain="Manage Common Ports" comment="ARPA Host Name Server Protocol & WINS " port=42 protocol=udp
add chain="Manage Common Ports" comment="WHOIS protocol" port=43 protocol=tcp
add chain="Manage Common Ports" comment="WHOIS protocol" port=43 protocol=udp
add chain="Manage Common Ports" comment="Domain Name System (DNS)" port=53 protocol=tcp
add chain="Manage Common Ports" comment="Domain Name System (DNS)" port=53 protocol=udp
add chain="Manage Common Ports" comment="Mail Transfer Protocol(RFC 780)" port=57 protocol=tcp
add chain="Manage Common Ports" comment="(BOOTP) Server & (DHCP) " port=67 protocol=udp
add chain="Manage Common Ports" comment="(BOOTP) Client & (DHCP) " port=68 protocol=udp
add chain="Manage Common Ports" comment="Trivial File Transfer Protocol (TFTP) " port=69 protocol=udp
add chain="Manage Common Ports" comment="Gopher protocol" port=70 protocol=tcp
add chain="Manage Common Ports" comment="Finger protocol" port=79 protocol=tcp
add chain="Manage Common Ports" comment="Hypertext Transfer Protocol (HTTP)" port=80 protocol=tcp
add chain="Manage Common Ports" comment="RemoteTELNETService protocol" port=107 protocol=tcp
add chain="Manage Common Ports" comment="Post Office Protocolv2 (POP2)" port=109 protocol=tcp
add chain="Manage Common Ports" comment="Post Office Protocolv3 (POP3)" port=110 protocol=tcp
add chain="Manage Common Ports" comment="IdentAuthentication Service/Identification Protocol" port=113 protocol=tcp
add chain="Manage Common Ports" comment="Authentication Service (auth) " port=113 protocol=udp
add chain="Manage Common Ports" comment="Simple File Transfer Protocol (SFTP)" port=115 protocol=tcp
add chain="Manage Common Ports" comment="Network Time Protocol(NTP)" port=123 protocol=udp
add chain="Manage Common Ports" comment="NetBIOSNetBIOS Name Service" port=137 protocol=tcp
add chain="Manage Common Ports" comment="NetBIOSNetBIOS Name Service " port=137 protocol=udp
add chain="Manage Common Ports" comment="NetBIOSNetBIOS Datagram Service" port=138 protocol=tcp
add chain="Manage Common Ports" comment="NetBIOSNetBIOS Datagram Service " port=138 protocol=udp
add chain="Manage Common Ports" comment="NetBIOSNetBIOS Session Service" port=139 protocol=tcp
add chain="Manage Common Ports" comment="NetBIOSNetBIOS Session Service " port=139 protocol=udp
add chain="Manage Common Ports" comment="Internet Message Access Protocol (IMAP)" port=143 protocol=tcp
add chain="Manage Common Ports" comment="Background File Transfer Program (BFTP)" port=152 protocol=tcp
add chain="Manage Common Ports" comment="Background File Transfer Program (BFTP) " port=152 protocol=udp
add chain="Manage Common Ports" comment="SGMP,Simple Gateway Monitoring Protocol" port=153 protocol=tcp
add chain="Manage Common Ports" comment="SGMP,Simple Gateway Monitoring Protocol " port=153 protocol=udp
add chain="Manage Common Ports" comment="DMSP, Distributed Mail Service Protocol" port=158 protocol=tcp
add chain="Manage Common Ports" comment="DMSP, Distributed Mail Service Protocol " port=158 protocol=udp
add chain="Manage Common Ports" comment="Simple Network Management Protocol(SNMP) " port=161 protocol=udp
add chain="Manage Common Ports" comment="Simple Network Management ProtocolTrap (SNMPTRAP)" port=162 protocol=tcp
add chain="Manage Common Ports" comment="Simple Network Management ProtocolTrap (SNMPTRAP) " port=162 protocol=udp
add chain="Manage Common Ports" comment="BGP (Border Gateway Protocol)" port=179 protocol=tcp
add chain="Manage Common Ports" comment="Internet Message Access Protocol (IMAP), version 3" port=220 protocol=tcp
add chain="Manage Common Ports" comment="Internet Message Access Protocol (IMAP), version 3" port=220 protocol=udp
add chain="Manage Common Ports" comment="BGMP, Border Gateway Multicast Protocol" port=264 protocol=tcp
add chain="Manage Common Ports" comment="BGMP, Border Gateway Multicast Protocol " port=264 protocol=udp
add chain="Manage Common Ports" comment="Lightweight Directory Access Protocol (LDAP)" port=389 protocol=tcp
add chain="Manage Common Ports" comment="Lightweight Directory Access Protocol (LDAP)" port=389 protocol=udp
add chain="Manage Common Ports" comment="SSTP TCP Port 443 (Local Management) & HTTPS" port=443 protocol=tcp
add chain="Manage Common Ports" comment="Microsoft-DSActive Directory, Windows shares" port=445 protocol=tcp
add chain="Manage Common Ports" comment="L2TP/ IPSEC UDP Port 500 (Local Management)" port=500 protocol=udp
add chain="Manage Common Ports" comment="Modbus, Protocol" port=502 protocol=tcp
add chain="Manage Common Ports" comment="Modbus, Protocol " port=502 protocol=udp
add chain="Manage Common Ports" comment="Shell (Remote Shell, rsh, remsh)" port=514 protocol=tcp
add chain="Manage Common Ports" comment="Syslog - used for system logging " port=514 protocol=udp
add chain="Manage Common Ports" comment="Routing Information Protocol (RIP) " port=520 protocol=udp
add chain="Manage Common Ports" comment="e-mail message submission (SMTP)" port=587 protocol=tcp
add chain="Manage Common Ports" comment="LDP,Label Distribution Protocol" port=646 protocol=tcp
add chain="Manage Common Ports" comment="LDP,Label Distribution Protocol" port=646 protocol=udp
add chain="Manage Common Ports" comment="FTPS Protocol (data):FTP over TLS/SSL" port=989 protocol=tcp
add chain="Manage Common Ports" comment="FTPS Protocol (data):FTP over TLS/SSL" port=989 protocol=udp
add chain="Manage Common Ports" comment="FTPS Protocol (control):FTP over TLS/SSL" port=990 protocol=tcp
Игорь31.07.2018
12:45:17
12:45:17
Поделись этим конфигом, посмотрю, чего у меня нет, если не жалко (в личку)
Ilya31.07.2018
12:46:30
12:46:30
зачётная портянка
Combot31.07.2018
12:46:38
12:46:38
Игорь Маркин (0) увеличил репутацию ? Лось ? (1)
GoogleAlexey31.07.2018
12:46:45
12:46:45
http://mikrotikready.blogspot.com/2016/06/bruteforce-login-prevention-for-telnet.html
Игорь31.07.2018
12:48:01
12:48:01
А у меня перестали форситься, хотя попытки подбора пароля регулярны, но с большими интервалами. И фильтр new connection трафик 0
Станислав31.07.2018
12:56:21
12:56:21
в пастебин ее сдейте что ли
Sergey31.07.2018
12:58:17
12:58:17
Лось. А поделись скриптом на автобан :)
Aleksej31.07.2018
13:00:59
13:00:59
add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LANЧто подразумевается под кроме LAN?
ᅠ31.07.2018
13:03:58
13:03:58
ну точнее не совсем так
Всё что не находится в списке LAN
попадает под этот критерий
если аплинк 1
ᅠ31.07.2018
13:04:43
13:04:43
и айпишник от провайдера 1
то это всё что летит извне
Sergey31.07.2018
13:05:29
13:05:29
Ли если есть сыночка :) да я не правильно выразился :)
ᅠ31.07.2018
13:05:30
13:05:30
вот, если кому надо :)
ᅠ31.07.2018
13:06:15
13:06:15
все имплементы рекомендую делать токльо из под сейф режима
GoogleSergey31.07.2018
13:06:27
13:06:27
Ок
ᅠ31.07.2018
13:06:30
13:06:30
фаервол умнее создателя ХД
Закинет в бан, потом неделю будешь ждать шоб оттуда выйти
AdminERROR: S client not available
ᅠ31.07.2018
13:07:52
13:07:52
если нужно чтоб брутфорсеров банило навсегда
то в 3м стейдже уберите время
( address-list-timeout )
Sergey31.07.2018
13:08:22
13:08:22
Ага
Alexey31.07.2018
13:10:24
13:10:24
вот таг вроде можно посмотреть даже если не настроено ничего
только надо сделать бридж отделньый для сфп интерфейса
Évgeny31.07.2018
13:11:59
13:11:59
ᅠ31.07.2018
13:18:50
13:18:50
Игорь31.07.2018
13:18:57
13:18:57
если нужно чтоб брутфорсеров банило навсегда
Список бесконечно увеличиваться будет. У меня бан на 2 неделиAleksej31.07.2018
13:19:26
13:19:26
ну, дискавер это вообще отдельный список О_о
т.е. по факту только те списки которые мы создали ручками?ᅠ31.07.2018
13:20:11
13:20:11
Список бесконечно увеличиваться будет. У меня бан на 2 недели
я вот сегодня как раз задумался над 2мя вещами : синхронизацией этих списков между железом и проверкой на повторное попаданиеИгорь31.07.2018
13:21:16
13:21:16
Я этим давно озадачен, но все пути пролегают через сфинкториальное отверстие
ᅠ31.07.2018
13:22:43
13:22:43
ну чего, сливать на 1 точку новые, там парсить, сравнивать и выливать обратно
Google
Кирилл31.07.2018
13:43:53
13:43:53
а вдруг линуксоЕды тут есть?
какой шрифт нужно поставить, чтобы в winbox отображалась кириллица?
Nikita31.07.2018
13:45:02
13:45:02
у меня вроде бы дефолтно все работало
Vladimir31.07.2018
13:47:15
13:47:15
Да перепутал я, написал ниже, что 256
Institor31.07.2018
13:47:15
13:47:15
пример?
Uml31.07.2018
14:06:21
14:06:21
у меня странный пинг.фото
-100% packet loss
и пинг идет задвоенный до абонента
DmitriyАлександр31.07.2018
14:26:50
14:26:50
Help help help! уже много времени застрял на одной и той же проблемой. помогите решить эту загадку про vrf. 2 внешних динамических айпи, надо сделать что бы одна подсеть натилась через первый внешний айпи, а вторая подсеть натилась через второй айпи (динамические внешние айпи на разных интерфейсах)
Alexey31.07.2018
14:27:18
14:27:18
решил настроить VLAnы по новому, раньше было 1 тэгированый порт с 4 виланами и один нетегированный с 1 из этих же виланов, на всех виланах были адреса и все роутилось тиком.
мне надо было добавить еще один тегированый порт, было не совсем понятно как это делать - добавлять новый "субинтерфейс", но куда тогда вешать адрес? делать бридж из двух субинтерфейсов и вешать адрес на него?
пошел другим путем через бриджи и влан фильтры
и тут выяснилось странное. примеры в вики нерабочие, выполнение рекомендаций мелким шрифтом (добавить в тегируемые порты сам бридж) помогло, но с нетегируемыми то что делать? сейчас у меня адрес шлюза в вилане, где есть нетегируемый порт, висит на самом бридже. а что делать, если мне понадобится добавить нетегируемый порт в другом вилане?
Dim-soft31.07.2018
14:29:04
14:29:04
можно ди winbox по ключам сделать ?
Открыть в Telegram