電訊茶室's Archiver

mrandrewchan 發表於 2013-3-28 02:38

【RouterOS】 - Drop port scanners

[i=s] 本帖最後由 mrandrewchan 於 2013-3-28 02:45 編輯 [/i]

以後吾怕比人掃 port 由其中國
[color=Red]( 最好做之前 backup 自己 config file )[/color]
In Winbox :

New Terminal > 貼上以下  

/ip firewall filter add chain=input protocol=tcp psd=21,3s,3,1 action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="Port scanners to list " disabled=no

/ip firewall filter add chain=input protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="NMAP FIN Stealth scan"

/ip firewall filter add chain=input protocol=tcp tcp-flags=fin,syn action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="SYN/FIN scan"

/ip firewall filter add chain=input protocol=tcp tcp-flags=syn,rst action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="SYN/RST scan"

/ip firewall filter add chain=input protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="FIN/PSH/URG scan"

/ip firewall filter add chain=input protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="ALL/ALL scan"

/ip firewall filter add chain=input protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="NMAP NULL scan"

/ip firewall filter add chain=input src-address-list="port scanners" action=drop comment="dropping port scanners" disabled=no

/ip firewall filter add chain=forward src-address-list="port scanners" action=drop comment="dropping port scanners" disabled=no

然後去 IP > Firewall > move up the rule to top
但小心自己做左 port forward 可能都會 drop (最後一句 )

角色 發表於 2013-3-29 09:45

[b]回復 [url=http://www.telecom-cafe.com/forum/redirect.php?goto=findpost&pid=32093&ptid=5450]1#[/url] [i]mrandrewchan[/i] [/b]

CHing,他们为什么scan我们port?进行网络攻击?

mrandrewchan 發表於 2013-3-29 13:04

[i=s] 本帖最後由 mrandrewchan 於 2013-3-29 13:21 編輯 [/i]

我以前用dd-wrt 看到在網上不停有人scan router port, 之前我未買ROUTEROS 前用SONICWALL 更易在LOG 看到,最多是中國的IP , 我查過有時候是中國的ISP, 當然外國也有, 可能是 for reference , 可能攻擊,發現有open port 就用program try password,  我好幾年前那時不懂起了Linux Web server, 所有port 都開…然後一星期後被人安裝程式在我的Web server 上… 小心CHing


另外CHing 我想問怎樣把routeros 內的 firewall 所有port關……然後自己一個一個慢慢放出來

wochinaren123 發表於 2013-3-29 16:36

**** 作者被禁止或刪除 內容自動屏蔽 ****

Qnewbie 發表於 2013-3-29 17:34

[b]回復 [url=http://www.telecom-cafe.com/forum/redirect.php?goto=findpost&pid=32133&ptid=5450]3#[/url] [i]mrandrewchan[/i] [/b]

Basically, you add a rule "Drop all others" would work.[code] /ip firewall filter add chain=input action=drop in-interface=YOUR_WAN_INTERFACE[/code]Note: This rule MUST be the last rule. I "brick" the router once by moving this rule to the top in mistake and have to do the HARD-RESET:L

wochinaren123 發表於 2013-3-29 18:40

**** 作者被禁止或刪除 內容自動屏蔽 ****

Qnewbie 發表於 2013-3-29 19:58

[b]回復 [url=http://www.telecom-cafe.com/forum/redirect.php?goto=findpost&pid=32142&ptid=5450]6#[/url] [i]wochinaren123[/i] [/b]


    I think the "back-door" theory for Huawei(more?) is just what the States has been done to other countries and assumes that others do the same. As well inspected by security personnel and the final report for hearing is just "risk" for back-door.

Need real example?
[url]http://en.wikipedia.org/wiki/Stuxnet[/url]

Even further, how could you prevent attack initiated by hardware? As most ICs are manufactured in States:L

wochinaren123 發表於 2013-3-29 21:09

**** 作者被禁止或刪除 內容自動屏蔽 ****

mrandrewchan 發表於 2013-3-30 19:49

[b]回復 [url=http://www.telecom-cafe.com/forum/redirect.php?goto=findpost&pid=32137&ptid=5450]4#[/url] [i]wochinaren123[/i] [/b]

我用TZ 170, 10 node VPN, 沒有WIFI, Firewall 吾洗比年費,買後登記才能用VPN function. 是朋友借我用……不知多少錢。

mrandrewchan 發表於 2013-3-30 19:52

[b]回復 [url=http://www.telecom-cafe.com/forum/redirect.php?goto=findpost&pid=32139&ptid=5450]5#[/url] [i]Qnewbie[/i] [/b]

謝謝 Qnewbie CHing
謝我試試

頁: [1]

Powered by Discuz! Archiver 7.2  © 2001-2009 Comsenz Inc.