skyfox888 发表于 2007-3-16 08:14:02

[求助]ROS问题:非法用户不停扫描我的ROS

看ROS的LOG文件时,发现每天都有不同IP地址的人都在不停的扫描ROS,试图登陆,不知道有没有办法解决.

naboo 发表于 2007-3-16 08:55:02

Drop port scanners
From MikroTik Wiki
To protect the Router from port scanners, we can record the IPs of hackers who try to scan your box. Using this address list we can drop connection from those IP
---------------------------------------
in /ip firewall filter

add chain=input protocol=tcp psd=21,3s,3,1 action=add-src-to-address-list address-list="port scanners"
address-list-timeout=2w comment="Port scanners to list " disabled=no
Various combinations of TCP flags can also indicate port scanner activity.

add chain=input protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg
action=add-src-to-address-list address-list="port scanners"
address-list-timeout=2w comment="NMAP FIN Stealth scan"
add chain=input protocol=tcp tcp-flags=fin,syn
action=add-src-to-address-list address-list="port scanners"
address-list-timeout=2w comment="SYN/FIN scan"
add chain=input protocol=tcp tcp-flags=syn,rst
action=add-src-to-address-list address-list="port scanners"
address-list-timeout=2w comment="SYN/RST scan"
add chain=input protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack
action=add-src-to-address-list address-list="port scanners"
address-list-timeout=2w comment="FIN/PSH/URG scan"
add chain=input protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg
action=add-src-to-address-list address-list="port scanners"
address-list-timeout=2w comment="ALL/ALL scan"
add chain=input protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
action=add-src-to-address-list address-list="port scanners"
address-list-timeout=2w comment="NMAP NULL scan"
Then you can drop those IPs:

add chain=input src-address-list="port scanners" action=drop comment="dropping port scanners" disabled=no


禁止别人登录:
drop all input

skyfox888 发表于 2007-3-16 11:22:01

那我自己想登陆呢?是不是需要绑定IP啊?

zooyo 发表于 2007-3-16 18:26:42

禁止服务里的SSH

prettywolf 发表于 2007-3-18 01:27:55

我的也是,老是有人用ssh登陆,
幸好我的密码有16位,而且有标点符号
页: [1]
查看完整版本: [求助]ROS问题:非法用户不停扫描我的ROS