找回密码
 注册

QQ登录

只需一步,快速开始

搜索
查看: 3184|回复: 4

[其它] [求助]ROS问题:非法用户不停扫描我的ROS

[复制链接]
发表于 2007-3-16 08:14:02 | 显示全部楼层 |阅读模式

马上注册,结交更多好友,享用更多功能,让你轻松玩转社区。

您需要 登录 才可以下载或查看,没有账号?注册

×
ros的LOG文件时,发现每天都有不同IP地址的人都在不停的扫描ROS,试图登陆,不知道有没有办法解决.
routeros
发表于 2007-3-16 08:55:02 | 显示全部楼层
Drop port scanners
From MikroTik Wiki
To protect the Router from port scanners, we can record the IPs of hackers who try to scan your box. Using this address list we can drop connection from those IP
---------------------------------------
in /ip firewall filter

add chain=input protocol=tcp psd=21,3s,3,1 action=add-src-to-address-list address-list="port scanners"
address-list-timeout=2w comment="Port scanners to list " disabled=no
Various combinations of TCP flags can also indicate port scanner activity.

add chain=input protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg
action=add-src-to-address-list address-list="port scanners"
address-list-timeout=2w comment="NMAP FIN Stealth scan"
add chain=input protocol=tcp tcp-flags=fin,syn
action=add-src-to-address-list address-list="port scanners"
address-list-timeout=2w comment="SYN/FIN scan"
add chain=input protocol=tcp tcp-flags=syn,rst
action=add-src-to-address-list address-list="port scanners"
address-list-timeout=2w comment="SYN/RST scan"
add chain=input protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack
action=add-src-to-address-list address-list="port scanners"
address-list-timeout=2w comment="FIN/PSH/URG scan"
add chain=input protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg
action=add-src-to-address-list address-list="port scanners"
address-list-timeout=2w comment="ALL/ALL scan"
add chain=input protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
action=add-src-to-address-list address-list="port scanners"
address-list-timeout=2w comment="NMAP NULL scan"
Then you can drop those IPs:

add chain=input src-address-list="port scanners" action=drop comment="dropping port scanners" disabled=no


禁止别人登录:
drop all input
routeros
回复

使用道具 举报

 楼主| 发表于 2007-3-16 11:22:01 | 显示全部楼层
那我自己想登陆呢?是不是需要绑定IP啊?
routeros
回复

使用道具 举报

发表于 2007-3-16 18:26:42 | 显示全部楼层
禁止服务里的SSH
routeros
回复

使用道具 举报

发表于 2007-3-18 01:27:55 | 显示全部楼层
我的也是,老是有人用ssh登陆,
幸好我的密码有16位,而且有标点符号
routeros
回复

使用道具 举报

您需要登录后才可以回帖 登录 | 注册

本版积分规则

QQ|Archiver|手机版|小黑屋|软路由 ( 渝ICP备15001194号-1|渝公网安备 50011602500124号 )

GMT+8, 2024-11-6 07:31 , Processed in 0.048360 second(s), 5 queries , Gzip On, Redis On.

Powered by Discuz! X3.5 Licensed

© 2001-2024 Discuz! Team.

快速回复 返回顶部 返回列表