ROS防扫描和简单攻击能达到这功能不？如图示（firewall模块改进）

cracks

ros防扫描和简单攻击能达到这功能不？如图示（firewall模块改进........................)手写..



1.ROS问题:非法用户不停扫描我的ROS能防止端口扫描么?-多实在的问题呀
2..............

[ 本帖最后由 cracks 于 2007-9-11 16:50 编辑 ]

cracks

有些功能是可以配置出来，不过能配置出几个，请大家进一步跟贴。共10项防护。
这套防御系统还是不错的。这10种行为基本无机会入网。


[ 本帖最后由 cracks 于 2007-9-11 18:38 编辑 ]

cracks

如何拒绝端口扫描(只提到了tcp的，先定位上图中的"3")
　
如何拒绝端口扫描
为保护路由器不受端口扫描的探测，我们可以记录下试图探测你的IP，并使用IP地址列表记录下，然后拒绝这些IP访问。
在/ip firewall filter
add chain=input protocol=tcp psd=21,3s,3,1 action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="Port scanners to list " disabled=no
TCP flags的各种端口扫描表现组合情况：
add chain=input protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="NMAP FIN Stealth scan"

add chain=input protocol=tcp tcp-flags=fin,syn action=add-src-to-address-list address-list="port scanners"address-list-timeout=2w comment="SYN/FIN scan"

add chain=input protocol=tcp tcp-flags=syn,rst action=add-src-to-address-list address-list="port scanners"address-list-timeout=2w comment="SYN/RST scan"

add chain=input protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="FIN/PSH/URG scan"

add chain=input protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="ALL/ALL scan"

add chain=input protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="NMAP NULL scan"
这里丢弃那些试图探测你的IP地址：
add chain=input src-address-list="port scanners" action=drop comment="dropping port scanners" disabled=no
同样，你也可以丢弃通过路由器探测内网的IP，将这些规则用到forward链表中，但要把该规则放到forward规则之上。

[ 本帖最后由 cracks 于 2007-9-11 17:25 编辑 ]

wys8898

这软件能与ros结合吗?

tpy372

呵呵。。。不是说有这个图示功能就一定能防的，要看攻击的原理，那有这么傻瓜式的东西。。。
这些只不过防标准的普通攻击而已

naboo

Drop port scanners
From MikroTik Wiki
Jump to: navigation, search
To protect the Router from port scanners, we can record the IPs of hackers who try to scan your box. Using this address list we can drop connection from those IP

in /ip firewall filter

add chain=input protocol=tcp psd=21,3s,3,1 action=add-src-to-address-list address-list="port scanners"
address-list-timeout=2w comment="Port scanners to list " disabled=no
Various combinations of TCP flags can also indicate port scanner activity.

add chain=input protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg
action=add-src-to-address-list address-list="port scanners"
address-list-timeout=2w comment="NMAP FIN Stealth scan"
add chain=input protocol=tcp tcp-flags=fin,syn
action=add-src-to-address-list address-list="port scanners"
address-list-timeout=2w comment="SYN/FIN scan"
add chain=input protocol=tcp tcp-flags=syn,rst
action=add-src-to-address-list address-list="port scanners"
address-list-timeout=2w comment="SYN/RST scan"
add chain=input protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack
action=add-src-to-address-list address-list="port scanners"
address-list-timeout=2w comment="FIN/PSH/URG scan"
add chain=input protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg
action=add-src-to-address-list address-list="port scanners"
address-list-timeout=2w comment="ALL/ALL scan"
add chain=input protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
action=add-src-to-address-list address-list="port scanners"
address-list-timeout=2w comment="NMAP NULL scan"
Then you can drop those IPs:

add chain=input src-address-list="port scanners" action=drop comment="dropping port scanners" disabled=no
Similarly, you can drop these port scanners in the forward chain, but using the above rules with "chain=forward".

Retrieved from "http://wiki.mikrotik.com/wiki/Drop_port_scanners"

zzyzzyboy

楼上的看上去好像是ISA
再有就是这才是好的防火墙策略，以前贴那些什么封端口啦，没有啥实际意义
顶你一下， 楼主

net1974

敢问楼主的图示是什么防火墙？超强！·············

cracks

回楼上的，这不是isa

net1974

楼主，什么墙？

网络-浪子

这图的设备功能一般啊,感觉就一表面而己........至少也得弄占PIX515的上来

cracks

这是个实用的功能，确实可以防住x-scan  流光类的扫描工具　.

lomey

不错，看看