RAPANI-ID : MENERIMA JASA SETTING MIKROTIK - JASA SETTING PROXY - JASA INSTALASI DAN PEMBUATAN WARNET GAME ONLINE TELP 082170824476 (WA)
Apa itu SSH BruteForce Attack
SSH/FTP BruteForce Attack yaitu teknik penyerangan terhadap sistem keamanan komputer dengan percobaan login dalam bentuk user dan password yang memugkinkan dan mudah di tebak. di log mikrotik biasanya sering kita jumpai dengan tulisan warna merah, login failure for user root form xxx via ssh, jika dibiarkan ini akan dapat menurunkan performance, karna memakan penggunaan Memory dan CPU.
Cara Block SSH FTP Telnet Brute Force Mikrotik
Untuk mengatasi hal ini, kita dapat menambahkan filter terhadap serangan-serangan gila dan tidak berguna ini, login menggunakan winbox dan buka new terminal lalu Copi paste Script dibawah ini :
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 |
/ip ser set telnet disabled=yes set ftp disabled=yes set ssh disabled=yes /ip fi fi add chain=input protocol=tcp dst-port=21 src-address-list=ftp_blacklist action=drop \ comment="drop ftp brute forcers" add chain=output action=accept protocol=tcp content="530 Login incorrect" dst-limit=1/1m,9,dst-address/1m add chain=output action=add-dst-to-address-list protocol=tcp content="530 Login incorrect" \ address-list=ftp_blacklist address-list-timeout=3h add chain=input protocol=tcp dst-port=22 src-address-list=ssh_blacklist action=drop \ comment="drop ssh brute forcers" disabled=no add chain=input protocol=tcp dst-port=22 connection-state=new \ src-address-list=ssh_stage3 action=add-src-to-address-list address-list=ssh_blacklist \ address-list-timeout=10d comment="" disabled=no add chain=input protocol=tcp dst-port=22 connection-state=new \ src-address-list=ssh_stage2 action=add-src-to-address-list address-list=ssh_stage3 \ address-list-timeout=1m comment="" disabled=no add chain=input protocol=tcp dst-port=22 connection-state=new src-address-list=ssh_stage1 \ action=add-src-to-address-list address-list=ssh_stage2 address-list-timeout=1m comment="" disabled=no add chain=input protocol=tcp dst-port=22 connection-state=new action=add-src-to-address-list \ address-list=ssh_stage1 address-list-timeout=1m comment="" disabled=no add chain=forward protocol=tcp dst-port=22 src-address-list=ssh_blacklist action=drop \ comment="drop ssh brute downstream" disabled=no |
Hasilnya anda akan mendapatnya ratusan Ip yang diblok ke dalam address list 🙂
