Follow us on...
Follow us on G+ Follow us on Twitter Follow us on Facebook Watch us on YouTube
Register
Results 1 to 13 of 13
  1. #1
    Status
    Offline
    rama3njoy's Avatar
    Baru Gabung
    Join Date
    Jan 2009
    Location
    jogja
    Posts
    7
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0

    mikrotik ane diserang via ssh

    mo share n tanya2 bos
    mikrotik bos2 pada diserang gak ya?
    punyaku hampir tiap hari ada yg nyerang via SSH
     

    Click here to enlarge

    sampe capek bikin rule-nya Click here to enlarge

  2. #2
    Status
    Offline
    xXx
    xXx's Avatar
    Member
    Join Date
    Apr 2010
    Location
    H34VEN'S KNOW
    Posts
    137
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    tenang aja bro itu kan pelakunya dari 1 alamat ip yang sama mencoba login masuk ke mk , tapi gagal ... Click here to enlarge ,drop aja ip-nya 180.210.205.214

  3. #3
    Status
    Offline
    dhopack's Avatar
    Forum Guru
    Join Date
    Dec 2010
    Location
    KUDUS
    Posts
    1,919
    Reviews
    Read 0 Reviews
    Downloads
    2
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by rama3njoy Click here to enlarge
    ...
    sampe capek bikin rule-nya ...
    serang balik om hehehe,
    disable ssh MTnya(jika tidak dipakai) biar gak capek bikin rule Click here to enlarge

  4. #4
    Status
    Offline
    adhielesmana's Avatar
    Administrator
    Join Date
    Jan 2009
    Location
    http://www.adhielesmana.com
    Posts
    3,054
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    new terminal = /ip service ssh disabled=yes

    CMIIW
    tur salah kamar.. kartu merah sik..

  5. #5
    Status
    Offline
    ampenannet's Avatar
    Regional Mataram
    Join Date
    Feb 2010
    Location
    Mataram Lombok
    Posts
    358
    Reviews
    Read 0 Reviews
    Downloads
    4
    Uploads
    7
    Feedback Score
    0
    Click here to enlarge Originally Posted by rama3njoy Click here to enlarge
    mo share n tanya2 bos
    mikrotik bos2 pada diserang gak ya?
    punyaku hampir tiap hari ada yg nyerang via SSH
     

    Click here to enlarge

    sampe capek bikin rule-nya Click here to enlarge
    Click here to enlarge Originally Posted by adhielesmana Click here to enlarge
    new terminal = /ip service ssh disabled=yes

    CMIIW
    tur salah kamar.. kartu merah sik..
    Wah dapet kartu merah tuh dari om adhi Click here to enlarge makanya perhatiin kamarnya om....Click here to enlarge

  6. #6
    Status
    Offline
    xXx
    xXx's Avatar
    Member
    Join Date
    Apr 2010
    Location
    H34VEN'S KNOW
    Posts
    137
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    tur salah kamar.. kartu merah sik..
    wasitnya dah cpek bikin rule

    Click here to enlargeClick here to enlargeClick here to enlarge

  7. #7
    Status
    Offline
    manakautau's Avatar
    Member
    Join Date
    Aug 2010
    Location
    Pedalaman Hutan Kalimantan tengah
    Posts
    175
    Reviews
    Read 0 Reviews
    Downloads
    7
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by rama3njoy Click here to enlarge
    mo share n tanya2 bos
    mikrotik bos2 pada diserang gak ya?
    punyaku hampir tiap hari ada yg nyerang via SSH
     

    Click here to enlarge

    sampe capek bikin rule-nya Click here to enlarge
    ane juga mengalami, bisa aja disable sshnya atau buat firewall filter rule Port Scanner...
    ini biasa-nya digunain...wal hasil aman tuuuch

  8. #8
    Status
    Offline
    rama3njoy's Avatar
    Baru Gabung
    Join Date
    Jan 2009
    Location
    jogja
    Posts
    7
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by smartbonny Click here to enlarge
    tenang aja bro itu kan pelakunya dari 1 alamat ip yang sama mencoba login masuk ke mk , tapi gagal ... Click here to enlarge ,drop aja ip-nya 180.210.205.214
    itu udah aku drop banyak bgt IP yg nyerang, liat dibawah log deh Click here to enlarge

    Click here to enlarge Originally Posted by dhopack Click here to enlarge
    serang balik om hehehe,
    disable ssh MTnya(jika tidak dipakai) biar gak capek bikin rule Click here to enlarge
    lha klo teknisiku yg mo ngremote gmana klo ssh-nya aku disable ?? Click here to enlarge

    Click here to enlarge Originally Posted by adhielesmana Click here to enlarge
    new terminal = /ip service ssh disabled=yes

    CMIIW
    tur salah kamar.. kartu merah sik..
    Click here to enlarge Originally Posted by ampenannet Click here to enlarge
    Wah dapet kartu merah tuh dari om adhi Click here to enlarge makanya perhatiin kamarnya om....Click here to enlarge
    Click here to enlarge Originally Posted by smartbonny Click here to enlarge
    wasitnya dah cpek bikin rule

    Click here to enlargeClick here to enlargeClick here to enlarge
    perasaan kemarin dah ga salah lho, aku masuk ke ask-help, secara tidak langsung aku minta solusi Click here to enlarge

    Click here to enlarge Originally Posted by manakautau Click here to enlarge
    ane juga mengalami, bisa aja disable sshnya atau buat firewall filter rule Port Scanner...
    ini biasa-nya digunain...wal hasil aman tuuuch
    gimana tu bos bikinnya Click here to enlarge maksudnya di drop gitu ??

  9. #9
    Status
    Offline
    dhopack's Avatar
    Forum Guru
    Join Date
    Dec 2010
    Location
    KUDUS
    Posts
    1,919
    Reviews
    Read 0 Reviews
    Downloads
    2
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by rama3njoy Click here to enlarge
    ...
    lha klo teknisiku yg mo ngremote gmana klo ssh-nya aku disable ?? Click here to enlarge
    ...
    lah kan remotenya bisa pake winbox aja gak pake ssh2nan Click here to enlarge

  10. #10
    Status
    Offline
    lini's Avatar
    Forum Guru
    Join Date
    Sep 2007
    Location
    Karawaci
    Posts
    1,961
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    2 (100%)
    ssh penting kalo mau remote dari non winbox...misal lg diluar cuman bermodal ipad, epad, bb, dll....solusinya ganti aja port standar ssh/telnet ke yg lain, pasti tenang....lalu port yg gak dipake baru didisable.

  11. #11
    Status
    Offline
    brutuz_1's Avatar
    VIP Member
    Join Date
    Feb 2010
    Posts
    790
    Reviews
    Read 0 Reviews
    Downloads
    3
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by lini Click here to enlarge
    ssh penting kalo mau remote dari non winbox...misal lg diluar cuman bermodal ipad, epad, bb, dll....solusinya ganti aja port standar ssh/telnet ke yg lain, pasti tenang....lalu port yg gak dipake baru didisable.
    setuju sama om lini, kalo ssh masih di butuhkan, mending ganti az port nya, default port nya 22, coba gnti az ke nomor cantik dan unik....Click here to enlarge hati2 bentrok sama nmor cantik yg lain....

  12. #12
    Status
    Offline
    manakautau's Avatar
    Member
    Join Date
    Aug 2010
    Location
    Pedalaman Hutan Kalimantan tengah
    Posts
    175
    Reviews
    Read 0 Reviews
    Downloads
    7
    Uploads
    0
    Feedback Score
    0
    gimana tu bos bikinnya Click here to enlarge maksudnya di drop gitu ??[/QUOTE]

    ini scriptnya,

    add action=drop chain=forward disabled=no dst-port=445 protocol=tcp
    add action=drop chain=input disabled=no dst-port=445 protocol=tcp
    add action=drop chain=forward disabled=no dst-port=135 protocol=tcp
    add action=drop chain=input disabled=no dst-port=135 protocol=tcp
    add action=drop chain=forward disabled=no dst-port=139 protocol=tcp
    add action=drop chain=input disabled=no dst-port=139 protocol=tcp
    add action=drop chain=input disabled=no dst-port=8080 protocol=tcp
    add action=drop chain=input disabled=no dst-port=3377 protocol=tcp
    add action=add-src-to-address-list address-list="Port Scanners" \
    address-list-timeout=2w chain=input comment="Port Scanners" disabled=no \
    protocol=tcp psd=21,3s,3,1
    add action=add-src-to-address-list address-list="Port Scanners" \
    address-list-timeout=2w chain=input comment="NMAP FIN Stealth Scan" \
    disabled=no protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg
    add action=add-src-to-address-list address-list="Port Scanners" \
    address-list-timeout=2w chain=input comment="SYN/FIN Scan" disabled=no \
    protocol=tcp tcp-flags=fin,syn
    add action=add-src-to-address-list address-list="Port Scanners" \
    address-list-timeout=2w chain=input comment="SYN/RST Scan" disabled=no \
    protocol=tcp tcp-flags=syn,rst
    add action=add-src-to-address-list address-list="port Scanners" \
    address-list-timeout=2w chain=input comment="FIN/PSH/URG Scan" disabled=\
    no protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack
    add action=add-src-to-address-list address-list="Port Scanners" \
    address-list-timeout=2w chain=input comment="ALL Scan" disabled=no \
    protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg
    add action=add-src-to-address-list address-list="Port Scanners" \
    address-list-timeout=2w chain=input comment="NMAP NULL Scan" disabled=no \
    protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
    add action=drop chain=input comment="Dropping Port Scanners" disabled=no \
    protocol=tcp src-address-list="Port Scanners"
    add action=drop chain=forward comment="Block IDENT Request" disabled=no \
    dst-port=113 protocol=tcp
    add action=drop chain=forward comment="Block IRC" disabled=no dst-port=\
    6667-7000 protocol=tcp

    kalau ada yang salah mohon maaf, tapi ini ane pasang di mikrotik ane dan juga di mikrotik kantor

  13. #13
    Status
    Offline
    xXx
    xXx's Avatar
    Member
    Join Date
    Apr 2010
    Location
    H34VEN'S KNOW
    Posts
    137
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    bikin rule siapa aja yg blh akses ke RB yg lainnya di drop

    /ip fi fi
    add chain=input src address=(ip yang diizinkan) action=accept
    add chain=input action=drop
    add chain=forward src address=(ip yang diizinkan) action=accept
    add chain=forward action=drop

    bisa dibikin dulu list ipnya trus mainin di src-address-list ato di mac address si teknisi yg remote
    jangan lupa rule drop setelah itu

    Click here to enlarge

 

 

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Tolong donk, Mikrotik saya diserang terus :(
    By Spongebob_kerenz in forum General Networking
    Replies: 20
    Last Post: 18-07-2012, 12:57
  2. Server Mikrotik Ane diserang dari WAN
    By thepekopon in forum General Networking
    Replies: 9
    Last Post: 30-12-2010, 16:31

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •