» Blokowanie brute force SSH drixter’s blog

Blokowanie brute force SSH

Inną ciekawą rzeczą jest automatyczne blokowanie ataków na SSH, gdzie intruz generuje sporo połączeń do naszego serwera i próbuje ataku brute force:

add action=reject chain=forward comment=SSHAttack disabled=no dst-address=192.168.0.1 dst-port=22 in-interface=WAN out-interface=FIDO protocol=tcp reject-with=
    icmp-admin-prohibited src-address-list=DROP

add action=jump chain=forward connection-state=new disabled=no dst-address=192.168.0.1 dst-port=22 in-interface=WAN jump-target=SSHAttack out-interface=FIDO protocol=tcp

add action=log chain=SSHAttack disabled=no dst-address=192.168.0.1 dst-port=22 in-interface=WAN log-prefix=”SSH incoming” out-interface=FIDO protocol=tcp

add action=return chain=SSHAttack disabled=no dst-address=192.168.0.1 dst-port=22 in-interface=WAN limit=3/1m,3 out-interface=FIDO protocol=tcp

add action=add-src-to-address-list address-list=DROP address-list-timeout=30m chain=SSHAttack disabled=no dst-address=192.168.0.1 dst-port=22 protocol=tcp

This entry was posted on niedziela, kwiecień 10th, 2011 at 12:19 and is filed under Hardware, MikroTik.

drixter’s blog

Blokowanie brute force SSH

Dodaj komentarz

Archiwum

Kategorie