Замена fail2ban для Mikrotik на скриптах

Взято отсюда: http://wiki.mikrotik.com/wiki/Bruteforce_login_prevention_(FTP_%26_SSH)

Опробовано на MikroTik RB2011UiAS-2HnD-IN с прошивкой Router OS 6.34.1

Было так:

bruteforce на mikrotik
bruteforce-атака на mikrotik

ip firewall filter

add chain=input protocol=tcp dst-port=22 src-address-list=ssh_blacklist action=drop \
comment=»drop ssh brute forcers» disabled=no

add chain=input protocol=tcp dst-port=22 connection-state=new \
src-address-list=ssh_stage3 action=add-src-to-address-list address-list=ssh_blacklist \
address-list-timeout=1h comment=»» disabled=no

add chain=input protocol=tcp dst-port=22 connection-state=new \
src-address-list=ssh_stage2 action=add-src-to-address-list address-list=ssh_stage3 \
address-list-timeout=20s comment=»» disabled=no

add chain=input protocol=tcp dst-port=22 connection-state=new src-address-list=ssh_stage1 \
action=add-src-to-address-list address-list=ssh_stage2 address-list-timeout=20s comment=»» disabled=no

add chain=input protocol=tcp dst-port=22 connection-state=new action=add-src-to-address-list \
address-list=ssh_stage1 address-list-timeout=20s comment=»» disabled=no

Динамически банит IP на 1 час

MikroTik Routerboard Logo
MikroTik Routerboard Logo

Аналогично поступаем для бана брутфорсеров на Tenet и FTP

ftp blocker

ip firewall filter
add chain=input protocol=tcp dst-port=21 src-address-list=black_list action=drop \
comment=»drop ftp brute forcers» disabled=no
add chain=input protocol=tcp dst-port=21 connection-state=new \
src-address-list=ftp_stage3 action=add-src-to-address-list address-list=black_list address-list-timeout=1d \
comment=»» disabled=no
add chain=input protocol=tcp dst-port=21 connection-state=new \
src-address-list=ftp_stage2 action=add-src-to-address-list address-list=ftp_stage3 address-list-timeout=1m \
comment=»» disabled=no
add chain=input protocol=tcp dst-port=21 connection-state=new \
src-address-list=ftp_stage1 action=add-src-to-address-list address-list=ftp_stage2 address-list-timeout=1m \
comment=»» disabled=no
add chain=input protocol=tcp dst-port=21 connection-state=new \
action=add-src-to-address-list address-list=ftp_stage1 address-list-timeout=1m comment=»» \
disabled=no

telnet blocker

ip firewall filter
add chain=input protocol=tcp dst-port=23 src-address-list=black_list action=drop \
comment=»drop telnet brute forcers» disabled=no
add chain=input protocol=tcp dst-port=23 connection-state=new \
src-address-list=telnet_stage3 action=add-src-to-address-list address-list=black_list address-list-timeout=1d \
comment=»» disabled=no
add chain=input protocol=tcp dst-port=23 connection-state=new \
src-address-list=telnet_stage2 action=add-src-to-address-list address-list=telnet_stage3 address-list-timeout=1m \
comment=»» disabled=no
add chain=input protocol=tcp dst-port=23 connection-state=new \
src-address-list=telnet_stage1 action=add-src-to-address-list address-list=telnet_stage2 address-list-timeout=1m \
comment=»» disabled=no
add chain=input protocol=tcp dst-port=23 connection-state=new \
action=add-src-to-address-list address-list=telnet_stage1 address-list-timeout=1m comment=»» \
disabled=no

Добавить комментарий