База знаний IT

База знаний старого айтишника

Bruteforce Mikrotik

10 Ноя, 2020 MikroTik, Сети 0 Комментариев

Ниже представлен код для защиты от подбора паролей к RDP подключению, все шаги попадания в blacklist выведены в отдельную цепочку для уменьшения нагрузки на firewall, правило дропающее любые подключения с ip адресов blacklist`а выведено в цепочку RAW для уменьшения нагрузки. В blacklist ip адреса будут добавляться на всегда.
По необходимости конфиг можно изменить на нужный порт для которого нужна данная защита.

/ip firewall filter add action=jump chain=forward connection-state=new dst-port=3389 jump-target=rdp_bruteforce protocol=tcp
 /ip firewall filter add action=accept chain=rdp_bruteforce comment="accept rdp address-list ITL" dst-port=3389 fragment=no protocol=tcp src-address-list=rdp_white_list
 /ip firewall filter add action=add-src-to-address-list address-list=rdp_blacklist address-list-timeout=none-dynamic chain=rdp_bruteforce connection-state=new dst-port=3389 protocol=tcp src-address-list=rdp_stage12
 /ip firewall filter add action=add-src-to-address-list address-list=rdp_stage12 address-list-timeout=4m chain=rdp_bruteforce connection-state=new dst-port=3389 protocol=tcp src-address-list=rdp_stage11
 /ip firewall filter add action=add-src-to-address-list address-list=rdp_stage11 address-list-timeout=4m chain=rdp_bruteforce connection-state=new dst-port=3389 protocol=tcp src-address-list=rdp_stage10
 /ip firewall filter add action=add-src-to-address-list address-list=rdp_stage10 address-list-timeout=4m chain=rdp_bruteforce connection-state=new dst-port=3389 protocol=tcp src-address-list=rdp_stage9
 /ip firewall filter add action=add-src-to-address-list address-list=rdp_stage9 address-list-timeout=4m chain=rdp_bruteforce connection-state=new dst-port=3389 protocol=tcp src-address-list=rdp_stage8
 /ip firewall filter add action=add-src-to-address-list address-list=rdp_stage8 address-list-timeout=4m chain=rdp_bruteforce connection-state=new dst-port=3389 protocol=tcp src-address-list=rdp_stage7
 /ip firewall filter add action=add-src-to-address-list address-list=rdp_stage7 address-list-timeout=4m chain=rdp_bruteforce connection-state=new dst-port=3389 protocol=tcp src-address-list=rdp_stage6
 /ip firewall filter add action=add-src-to-address-list address-list=rdp_stage6 address-list-timeout=4m chain=rdp_bruteforce connection-state=new dst-port=3389 protocol=tcp src-address-list=rdp_stage5
 /ip firewall filter add action=add-src-to-address-list address-list=rdp_stage5 address-list-timeout=4m chain=rdp_bruteforce connection-state=new dst-port=3389 protocol=tcp src-address-list=rdp_stage4
 /ip firewall filter add action=add-src-to-address-list address-list=rdp_stage4 address-list-timeout=4m chain=rdp_bruteforce connection-state=new dst-port=3389 protocol=tcp src-address-list=rdp_stage3
 /ip firewall filter add action=add-src-to-address-list address-list=rdp_stage3 address-list-timeout=4m chain=rdp_bruteforce connection-state=new dst-port=3389 protocol=tcp src-address-list=rdp_stage2
 /ip firewall filter add action=add-src-to-address-list address-list=rdp_stage2 address-list-timeout=4m chain=rdp_bruteforce connection-state=new dst-port=3389 protocol=tcp src-address-list=rdp_stage1
 /ip firewall filter add action=add-src-to-address-list address-list=rdp_stage1 address-list-timeout=4m chain=rdp_bruteforce connection-state=new dst-port=3389 protocol=tcp
 /ip firewall filter add action=return chain=rdp_bruteforce connection-state=new
 /ip firewall raw add action=drop chain=prerouting comment="drop rdp brute forcers" in-interface-list=WAN src-address-list=rdp_blacklist

Ответить

Вы должны быть зарегистрированы в для возможности комментировать.