Follow us on...
Follow us on G+ Follow us on Twitter Follow us on Facebook Watch us on YouTube
Register
Results 1 to 10 of 10
  1. #1
    Status
    Offline
    jacks's Avatar
    Baru Gabung
    Join Date
    Aug 2011
    Posts
    12
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0

    Log mikrotik penuh dengan ip publik yang coba masuk via ssh

    Langsung aja gan belakangan banyak ip publik di log mikrotik, nih maksudnya apa gan y.. mohon penjelasannya dari master2... Click here to enlarge
    nih penampakannya gan

    Click here to enlarge

  2. #2
    Status
    Offline
    powh's Avatar
    Newbie
    Join Date
    Sep 2009
    Posts
    60
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by jacks Click here to enlarge
    Click here to enlarge
    kENA Bom gan Click here to enlarge
    itu bruteforce SSH jadi ada orang luar dari ipnya itu mau masuk k tempat agan lewat service SSH. jadi nebak account adminnya Click here to enlarge sampek tembus dg berbagai kombinasi user &pass.
    Cara penanganan tergantung agan:
    1. Disable service SSHnya (efeknya agan juga ngak bisa remote via ssh dari luar Click here to enlarge)
    2. Buat firewall misal jika dalam 10 detik ada hitcount ssh 5kali maka di drop.
    Klu ditempat ane utk router mikrotik
    ane disable SSH & scanning port tdk diperbolehkan biar ngak ada orang tergiur nyoba masuk Click here to enlarge
    UTk mslah bila mau remote server2 kantor dari luar pakek VPN Click here to enlarge
    alhamdulillah aman...

  3. The Following User Says Thank You to powh For This Useful Post:


  4. #3
    Status
    Offline
    jacks's Avatar
    Baru Gabung
    Join Date
    Aug 2011
    Posts
    12
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by powh Click here to enlarge
    kENA Bom gan Click here to enlarge
    itu bruteforce SSH jadi ada orang luar dari ipnya itu mau masuk k tempat agan lewat service SSH. jadi nebak account adminnya Click here to enlarge sampek tembus dg berbagai kombinasi user &pass.
    Cara penanganan tergantung agan:
    1. Disable service SSHnya (efeknya agan juga ngak bisa remote via ssh dari luar Click here to enlarge)
    2. Buat firewall misal jika dalam 10 detik ada hitcount ssh 5kali maka di drop.
    Klu ditempat ane utk router mikrotik
    ane disable SSH & scanning port tdk diperbolehkan biar ngak ada orang tergiur nyoba masuk Click here to enlarge
    UTk mslah bila mau remote server2 kantor dari luar pakek VPN Click here to enlarge
    alhamdulillah aman...
    wew gitu y gan, ane juga bingung tiap hari beda2 ip yang masuk...

  5. #4
    Status
    Offline
    dhopack's Avatar
    Forum Guru
    Join Date
    Dec 2010
    Location
    KUDUS
    Posts
    1,919
    Reviews
    Read 0 Reviews
    Downloads
    2
    Uploads
    0
    Feedback Score
    0
    serang balik aja Click here to enlarge

  6. The Following User Says Thank You to dhopack For This Useful Post:


  7. #5
    Status
    Offline
    jacks's Avatar
    Baru Gabung
    Join Date
    Aug 2011
    Posts
    12
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by dhopack Click here to enlarge
    serang balik aja Click here to enlarge
    nah ini nih yang ditunggu tunggu, diserang pake apa gan y... Click here to enlarge

    nih lagi kumpulin bahan2 perang Click here to enlarge

  8. #6
    Status
    Offline
    rahwana's Avatar
    Forum Guru
    Join Date
    Nov 2007
    Location
    Sidoarjo, Jawa Timur, Indonesia, Indonesia
    Posts
    1,337
    Reviews
    Read 0 Reviews
    Downloads
    2
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by jacks Click here to enlarge
    Langsung aja gan belakangan banyak ip publik di log mikrotik, nih maksudnya apa gan y.. mohon penjelasannya dari master2... Click here to enlarge
    nih penampakannya gan

    Click here to enlarge
    Cara paling sederhana adalah dengan memindahkan SSH dari port 22 ke port yang lain misalnya 222 atau 2222 atau 22222 atau 20022 dll.
    caranya lewat menu ip - services - ssh
    Sehingga SSH tetap bisa, tapi portnya sudah 'tersembunyi' dan hanya kita yang tau. Kalau pakai port standart maka banyak program yang bisa dipakai scan.

    Salam,

    Ayom Rahwana
    -----------------------
    PT. Laxo Global Akses
    Internet Provider for Solo, Surabaya, Sidoarjo, Kediri, Purwokerto
    Contact Us if you need Internet : ayom.rahwana@gmail.com

  9. The Following 2 Users Say Thank You to rahwana For This Useful Post:


  10. #7
    Status
    Offline
    tanpa_kabel's Avatar
    Member Senior
    Join Date
    Oct 2009
    Location
    Jakarta, Indonesia, Indonesia
    Posts
    363
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    kalo ane coba pake cara ini :



    kenapa ga ubah port service aja? ane penasaran pengen tau IPnya, kl pake itu IP nya bisa masuk log adress-list.. Click here to enlarge

  11. The Following User Says Thank You to tanpa_kabel For This Useful Post:


  12. #8
    Status
    Offline
    jacks's Avatar
    Baru Gabung
    Join Date
    Aug 2011
    Posts
    12
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by rahwana Click here to enlarge
    Cara paling sederhana adalah dengan memindahkan SSH dari port 22 ke port yang lain misalnya 222 atau 2222 atau 22222 atau 20022 dll.
    caranya lewat menu ip - services - ssh
    Sehingga SSH tetap bisa, tapi portnya sudah 'tersembunyi' dan hanya kita yang tau. Kalau pakai port standart maka banyak program yang bisa dipakai scan.

    Salam,

    Ayom Rahwana
    -----------------------
    PT. Laxo Global Akses
    Internet Provider for Solo, Surabaya, Sidoarjo, Kediri, Purwokerto
    Contact Us if you need Internet : ayom.rahwana@gmail.com

    Wah mantab nih Om langsung ke TKP.... Click here to enlarge

  13. #9
    Status
    Offline
    Vandal's Avatar
    Member
    Join Date
    May 2011
    Location
    Port 3128
    Posts
    107
    Reviews
    Read 0 Reviews
    Downloads
    2
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by jacks Click here to enlarge
    nah ini nih yang ditunggu tunggu, diserang pake apa gan y... Click here to enlarge

    nih lagi kumpulin bahan2 perang Click here to enlarge
    DDOS IPnya gan.. Click here to enlarge Click here to enlarge Click here to enlarge Click here to enlarge

  14. The Following User Says Thank You to Vandal For This Useful Post:


  15. #10
    Status
    Offline
    krzy's Avatar
    Baru Gabung
    Join Date
    Dec 2011
    Posts
    3
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Kalo ngga mau ganti port ssh ama port ftp, paake perintah yang ada di bawah ini masbro, SSH ama FTP bruteforce bakal masuk keblacklist

    /ip firewall filter
    add chain=input protocol=tcp dst-port=22 src-address-list=ssh_blacklist action=drop comment="drop ssh brute forcers" disabled=no
    add chain=input protocol=tcp dst-port=22 connection-state=new src-address-list=ssh_stage3 action=add-src-to-address-list address-list=ssh_blacklist address-list-timeout=10d comment="" disabled=no
    add chain=input protocol=tcp dst-port=22 connection-state=new src-address-list=ssh_stage2 action=add-src-to-address-list address-list=ssh_stage3 address-list-timeout=1m comment="" disabled=no
    add chain=input protocol=tcp dst-port=22 connection-state=new src-address-list=ssh_stage1 action=add-src-to-address-list address-list=ssh_stage2 address-list-timeout=1m comment="" disabled=no
    add chain=input protocol=tcp dst-port=22 connection-state=new action=add-src-to-address-list address-list=ssh_stage1 address-list-timeout=1m comment="" disabled=no

    /ip firewall filter
    add chain=input protocol=tcp dst-port=21 src-address-list=ftp_blacklist action=drop comment="drop ftp brute forcers"
    add chain=output action=accept protocol=tcp content="530 Login incorrect" dst-limit=1/1m,9,dst-address/1m
    add chain=output action=add-dst-to-address-list protocol=tcp content="530 Login incorrect" address-list=ftp_blacklist address-list-timeout=3h


    semoga membantu.

 

 

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Yang pernah coba dual nstreme masuk donk
    By HarryCadas in forum Wireless Networking
    Replies: 1
    Last Post: 20-07-2012, 08:31
  2. routing link ke private ip koq masuk ke publik terus????
    By mailmamen in forum General Networking
    Replies: 7
    Last Post: 05-11-2010, 02:45
  3. [ask] blok ip yg coba masuk pake ssh n telnet
    By sone in forum Beginner Basics
    Replies: 20
    Last Post: 02-04-2010, 14:50
  4. [ask] rules untuk masuk box dengan subnet yang berbeda ?
    By routerbies in forum General Networking
    Replies: 5
    Last Post: 15-09-2009, 19:59

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •