求助,有人试探登录我路由,我该怎么办?
今天登录软件路由看到有一段这样的文字:(4613 messages not shown)
aug/02/2006 07:54:23 system,error,critical login failure for user guest from 61.115.118.59 via ssh
aug/02/2006 07:54:29 system,error,critical login failure for user webmaster from 61.115.118.59 via ssh
aug/02/2006 07:54:38 system,error,critical login failure for user mysql from 61.115.118.59 via ssh
aug/02/2006 07:54:42 system,error,critical login failure for user oracle from 61.115.118.59 via ssh
aug/02/2006 07:54:48 system,error,critical login failure for user library from 61.115.118.59 via ssh
aug/02/2006 07:54:57 system,error,critical login failure for user info from 61.115.118.59 via ssh
aug/02/2006 07:55:04 system,error,critical login failure for user shell from 61.115.118.59 via ssh
aug/02/2006 07:55:11 system,error,critical login failure for user linux from 61.115.118.59 via ssh
Terminal ansi detected, using single line input mode
我查了一下,这地址是日本东京,我日他狗日,大家帮我看看他是不是想登录我的路由。
请大家帮我提供一些应付对策。
我的版本是
MikroTik RouterOS 2.9.6 (c) 1999-2005 没事,你可以让它进来,关门打狗! 怎么样子才能打那只狗呢。有什么办法我也能进他那看看呢。 这家伙肯定是想做坏事,应该我的服务器的日志一天就被他搞满了。TMD狗日的 。 最简单的方法,是将SSH端口换个只有你知道的端口,或者直接将SSH端口关闭 ssh是什么啊?
我去找找资料、 drop他的ip 对DORP了他的小IP 给你个防火墙脚本,你执行一下,可以自动把扫描你ROS的IP发过来的包全部DROP,然后列在防火墙地址里面!
/ip firewall filter add chain=input protocol=tcp psd=21,3s,3,1 action=add-src-to-address-list address-list="port scanners" address-list-timeout=14d comment="Port scanners to list " disabled=no
/ip firewall filter add chain=input protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg action=add-src-to-address-list address-list="port scanners" address-list-timeout=14d comment="NMAP FIN Stealth scan"
/ip firewall filter add chain=input protocol=tcp tcp-flags=fin,syn action=add-src-to-address-list address-list="port scanners" address-list-timeout=14d comment="SYN/FIN scan"
/ip firewall filter add chain=input protocol=tcp tcp-flags=syn,rst action=add-src-to-address-list address-list="port scanners" address-list-timeout=14d comment="SYN/RST scan"
/ip firewall filter add chain=input protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack action=add-src-to-address-list address-list="port scanners" address-list-timeout=14d comment="FIN/PSH/URG scan"
/ip firewall filter add chain=input protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg action=add-src-to-address-list address-list="port scanners" address-list-timeout=14d comment="ALL/ALL scan"
/ip firewall filter add chain=input protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg action=add-src-to-address-list address-list="port scanners" address-list-timeout=14d comment="NMAP NULL scan"
/ip firewall filter add chain=input src-address-list="port scanners" action=drop comment="dropping port scanners" disabled=no
!
天天都有人扫我的ROS,都按照上面的规则DROP 没事的,那些人把你的ROS当成是普通的LINUX罢了。ROS的账号最好还是改掉,不要用admin
页:
[1]