Follow us on...
Follow us on G+ Follow us on Twitter Follow us on Facebook Watch us on YouTube
Register
Page 1 of 2 12 LastLast
Results 1 to 15 of 21
  1. #1
    Status
    Offline
    sone's Avatar
    Member
    Join Date
    Aug 2007
    Posts
    266
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0

    [ask] blok ip yg coba masuk pake ssh n telnet

    hi guys, bole tanya gak

    ada gak cara melindungi / blok ip org yg iseng masuk pake ssh (port 22) dan telnet (port 23), soalnya di log mikrotik aku byk kali ip yg coba ssh atau telnet ke servre aku

    Click here to enlargeClick here to enlargeClick here to enlarge

  2. #2
    Status
    Offline
    [a]
    [a]'s Avatar
    Administrator
    Join Date
    Jun 2007
    Location
    Jakarta, Indonesia, Indonesia
    Posts
    1,729
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    1 (100%)
    klo service tsb ga sering2 amat lo pake mending lo matiin ajah bro..

    daripada lo ribet nge-blok2in IP yg nakal....

  3. #3
    Status
    Offline
    okto_2005's Avatar
    Member Super Senior
    Join Date
    Jul 2007
    Posts
    655
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    repost... cb liat thread lama kl g salah bagian scripting

  4. #4
    Status
    Offline
    sone's Avatar
    Member
    Join Date
    Aug 2007
    Posts
    266
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    aku coba sendiri cara ini:

    ssh blocker

    / ip firewall filter
    add chain=input protocol=tcp dst-port=22 src-address-list=black_list action=drop \
    comment="drop ssh brute forcers" disabled=no
    add chain=input protocol=tcp dst-port=22 connection-state=new \
    src-address-list=ssh_stage3 action=add-src-to-address-list address-list=black_list address-list-timeout=1d \
    comment="" disabled=no
    add chain=input protocol=tcp dst-port=22 connection-state=new \
    src-address-list=ssh_stage2 action=add-src-to-address-list address-list=ssh_stage3 address-list-timeout=1m \
    comment="" disabled=no
    add chain=input protocol=tcp dst-port=22 connection-state=new \
    src-address-list=ssh_stage1 action=add-src-to-address-list address-list=ssh_stage2 address-list-timeout=1m \
    comment="" disabled=no
    add chain=input protocol=tcp dst-port=22 connection-state=new \
    action=add-src-to-address-list address-list=ssh_stage1 address-list-timeout=1m comment="" \
    disabled=no

    ftp blocker

    / ip firewall filter
    add chain=input protocol=tcp dst-port=21 src-address-list=black_list action=drop \
    comment="drop ftp brute forcers" disabled=no
    add chain=input protocol=tcp dst-port=21 connection-state=new \
    src-address-list=ftp_stage3 action=add-src-to-address-list address-list=black_list address-list-timeout=1d \
    comment="" disabled=no
    add chain=input protocol=tcp dst-port=21 connection-state=new \
    src-address-list=ftp_stage2 action=add-src-to-address-list address-list=ftp_stage3 address-list-timeout=1m \
    comment="" disabled=no
    add chain=input protocol=tcp dst-port=21 connection-state=new \
    src-address-list=ftp_stage1 action=add-src-to-address-list address-list=ftp_stage2 address-list-timeout=1m \
    comment="" disabled=no
    add chain=input protocol=tcp dst-port=21 connection-state=new \
    action=add-src-to-address-list address-list=ftp_stage1 address-list-timeout=1m comment="" \
    disabled=no
    telnet blocker

    / ip firewall filter
    add chain=input protocol=tcp dst-port=23 src-address-list=black_list action=drop \
    comment="drop telnet brute forcers" disabled=no
    add chain=input protocol=tcp dst-port=23 connection-state=new \
    src-address-list=telnet_stage3 action=add-src-to-address-list address-list=black_list address-list-timeout=1d \
    comment="" disabled=no
    add chain=input protocol=tcp dst-port=23 connection-state=new \
    src-address-list=telnet_stage2 action=add-src-to-address-list address-list=telnet_stage3 address-list-timeout=1m \
    comment="" disabled=no
    add chain=input protocol=tcp dst-port=23 connection-state=new \
    src-address-list=telnet_stage1 action=add-src-to-address-list address-list=telnet_stage2 address-list-timeout=1m \
    comment="" disabled=no
    add chain=input protocol=tcp dst-port=23 connection-state=new \
    action=add-src-to-address-list address-list=telnet_stage1 address-list-timeout=1m comment="" \
    disabled=no
    tapi ada yg aneh, begitu dia masuk ftp ssh telnet, otomatis ip nya kena blok lgsg, padahal kan mau nya yg ip iseng2 aja yg kena blok jika mencoba login dgn id n pass yg sama

    seperti yg saya temukan di bagian tutorial

  5. The Following 2 Users Say Thank You to sone For This Useful Post:


  6. #5
    Status
    Offline
    lonthong2002's Avatar
    Member Senior
    Join Date
    Jul 2007
    Location
    Malang
    Posts
    397
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    1 (100%)
    kalau aku sih tak ganti ip service untuk ssh nya , gak pake default , 22 or 23.. tapi diganti ke 2007 , 2000, 7171 , atau apa aja dech (pokoknya bukan port yg dipakai windows)

  7. #6
    Status
    Offline
    sone's Avatar
    Member
    Join Date
    Aug 2007
    Posts
    266
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by lonthong2002 Click here to enlarge
    kalau aku sih tak ganti ip service untuk ssh nya , gak pake default , 22 or 23.. tapi diganti ke 2007 , 2000, 7171 , atau apa aja dech (pokoknya bukan port yg dipakai windows)
    hmm, tapi kalo pake cara diatas kan ip yg diblacklist bisa nampak di address list yg di add

  8. #7
    Status
    Offline
    neyman's Avatar
    Newbie
    Join Date
    Oct 2007
    Posts
    20
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    hemmm gimana klo misalnya dibikin suatu firewall yang hanya memperbolehkan alamat tertentu saja yang boleh mengakses router selain itu di drop.
    misal untuk yang diperbolehkan untuk mengakses router adalah komputer administrator dengan ip 192.168.0.1

    contoh firewall yang akan dibangun :
    Code:
    /ip firewall filter add chain=input src-address=192.168.0.1 action=accept
    /ip firewall filter add chain=input action=drop
    contoh diatas hanya memperbolehkan ip 192.168.0.1 saja yang bisa mengakses router

    silahkan dieksperimen lagi bro

    thanx

  9. The Following 2 Users Say Thank You to neyman For This Useful Post:


  10. #8
    Status
    Offline
    si_uye's Avatar
    Baru Gabung
    Join Date
    Oct 2007
    Location
    Bandung
    Posts
    14
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0

    Smile

    Click here to enlarge Originally Posted by sone Click here to enlarge
    aku coba sendiri cara ini:

    ssh blocker


    ftp blocker


    telnet blocker



    tapi ada yg aneh, begitu dia masuk ftp ssh telnet, otomatis ip nya kena blok lgsg, padahal kan mau nya yg ip iseng2 aja yg kena blok jika mencoba login dgn id n pass yg sama

    seperti yg saya temukan di bagian tutorial
    klo daftar ip yang kena block ma rules nya di mana?

  11. #9
    Status
    Offline
    lini's Avatar
    Forum Guru
    Join Date
    Sep 2007
    Location
    Karawaci
    Posts
    1,961
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    2 (100%)
    Click here to enlarge Originally Posted by si_uye Click here to enlarge
    klo daftar ip yang kena block ma rules nya di mana?
    Itu otomatis ditambahkan melalui command "action=add-src-to-address-list address-list=black_list"

    Jadi rules diatas akan ngecek "brute force attack" apa bukan melalui 3 stage/tahap, jika iya masukkan ip source attacker di masukkan ke dalam list ip "black_list"

    Coba dibaca perlahan lahan dan dicermati baek baek Click here to enlarge

  12. The Following User Says Thank You to lini For This Useful Post:


  13. #10
    Status
    Offline
    emmerdale's Avatar
    Calon Member
    Join Date
    Oct 2007
    Location
    World
    Posts
    80
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    keren tuh script na.. ^^

  14. The Following User Says Thank You to emmerdale For This Useful Post:


  15. #11
    Status
    Offline
    felix_sg's Avatar
    Member Super Senior
    Join Date
    Sep 2007
    Location
    indonesia
    Posts
    607
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by neyman Click here to enlarge
    hemmm gimana klo misalnya dibikin suatu firewall yang hanya memperbolehkan alamat tertentu saja yang boleh mengakses router selain itu di drop.
    misal untuk yang diperbolehkan untuk mengakses router adalah komputer administrator dengan ip 192.168.0.1

    contoh firewall yang akan dibangun :
    Code:
    /ip firewall filter add chain=input src-address=192.168.0.1 action=accept
    /ip firewall filter add chain=input action=drop
    contoh diatas hanya memperbolehkan ip 192.168.0.1 saja yang bisa mengakses router

    silahkan dieksperimen lagi bro

    thanx
    mas neyman... numpang tanya.. kalo ip nya mau lebih dari satu yang bisa akses untuk ip private dan satu ip untuk ip public, gimana cara modifnya...

    thanks Click here to enlarge... oot nihClick here to enlarge

  16. The Following User Says Thank You to felix_sg For This Useful Post:


  17. #12
    Status
    Offline
    neyman's Avatar
    Newbie
    Join Date
    Oct 2007
    Posts
    20
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    mas neyman... numpang tanya.. kalo ip nya mau lebih dari satu yang bisa akses untuk ip private dan satu ip untuk ip public, gimana cara modifnya...
    bisa tinggal kita tambahkan aja misalnya kita hendak menambahkan ip private 192.168.1.1 dan ip public 202.149.76.2, contoh:

    Code:
    /ip firewall filter add chain=input src-address=192.168.1.1 action=accept place-before=0
    /ip firewall filter add chain=input src-address=202.149.76.2 action=accept place-before=0
    selalu letakkan file yang diperbolehkan diatas action drop

  18. #13
    Status
    Offline
    t4mp4h's Avatar
    Baru Gabung
    Join Date
    Apr 2008
    Posts
    6
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by sone Click here to enlarge
    aku coba sendiri cara ini:

    ssh blocker

    tapi ada yg aneh, begitu dia masuk ftp ssh telnet, otomatis ip nya kena blok lgsg, padahal kan mau nya yg ip iseng2 aja yg kena blok jika mencoba login dgn id n pass yg sama
    iya,. ya... saya juga ngalami hal serupa... bagian mana yang kurang pas ya ?

  19. #14
    Status
    Offline
    t4mp4h's Avatar
    Baru Gabung
    Join Date
    Apr 2008
    Posts
    6
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by neyman Click here to enlarge
    bisa tinggal kita tambahkan aja misalnya kita hendak menambahkan ip private 192.168.1.1 dan ip public 202.149.76.2, contoh:

    Code:
    /ip firewall filter add chain=input src-address=192.168.1.1 action=accept place-before=0
    /ip firewall filter add chain=input src-address=202.149.76.2 action=accept place-before=0
    selalu letakkan file yang diperbolehkan diatas action drop
    1. berarti kalau ada lebih dari 1 IP tinggal nambah rule per IP aja ya ?
    2. setiap nambahin "place-before=0" tempat saya koq muncul seperti ini ya ...
    Code:
    /ip firewall filter add chain=input src-address=202.149.76.2 action=accept place-before=0
    item number must be assigned by a print command
    use print command before using an item number in a command
    Apa yang salah ya ?

  20. #15
    Status
    Offline
    Akangage's Avatar
    Administrator
    Join Date
    Aug 2007
    Location
    Daerah Khusus Ibukota Jakarta, Indonesia
    Posts
    4,195
    Reviews
    Read 0 Reviews
    Downloads
    210
    Uploads
    87
    Feedback Score
    0
    Iya nih repost!!! Sebaiknya di cari dulu. Ini dah pernah di bahas Click here to enlarge

 

 
Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 2 users browsing this thread. (0 members and 2 guests)

Similar Threads

  1. Cara blok ip gmn sih?
    By server_2net in forum Scripting @ Mikrotik
    Replies: 66
    Last Post: 05-09-2014, 17:20
  2. Memperjelas cara blok IP
    By HolyShied in forum General Networking
    Replies: 11
    Last Post: 23-08-2011, 13:20
  3. [ask] blok website porno
    By sone in forum Scripting @ Mikrotik
    Replies: 60
    Last Post: 19-08-2011, 11:32
  4. <SHARE> pengalaman pake mikrotik + SR 2
    By d3v4 in forum Wireless Networking
    Replies: 24
    Last Post: 10-10-2007, 16:30
  5. nembak AP pake mikrotik
    By Rifq in forum Beginner Basics
    Replies: 2
    Last Post: 09-09-2007, 01:40

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •