Follow us on...
Follow us on G+ Follow us on Twitter Follow us on Facebook Watch us on YouTube
Register
Page 1 of 2 12 LastLast
Results 1 to 15 of 22
  1. #1
    Status
    Offline
    dondon's Avatar
    Newbie
    Join Date
    Apr 2009
    Posts
    56
    Reviews
    Read 0 Reviews
    Downloads
    1
    Uploads
    0
    Feedback Score
    0

    Question Mikrotik di hack kah ?

    Click here to enlarge

    kalo liat dari hasil lognya sih ada yg coba masuk ke mikrotik saya via ssh..

    saya pake speedy familly... dapet IP Public Dynamic.

    udah 2x ini ada log sperti itu... tp IP nya beda sama yg ini saya tampilkan.
    nah untuk log IP yang pertama IPnya 69.162.85.163

    saya sengaja memang ga tutup ssh dan telnet.

    ada yg bisa bantu ga knpa dengan mikrotik saya ??

    ato enaknya diapain yak ?? mau ngebales jg ga ngerti caranya hahahahaha

  2. The Following User Says Thank You to dondon For This Useful Post:


  3. #2
    Status
    Offline
    harrychanputra's Avatar
    Baru Gabung
    Join Date
    Aug 2007
    Location
    Padang
    Posts
    16
    Reviews
    Read 0 Reviews
    Downloads
    1
    Uploads
    0
    Feedback Score
    0
    iyah ada yang coba bruceforce pass word Click here to enlarge, tambahahin aja bloking di firewall filter,,

  4. #3
    Status
    Offline
    achim's Avatar
    Member
    Join Date
    Dec 2008
    Location
    Mataram
    Posts
    241
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    paling enak tuh ubah port dafault servicex
    Code:
    / ip service 
    set ssh port=212 address=0.0.0.0/0 disabled=no
    kan gak seenaknya tuh... CMIIW

  5. The Following User Says Thank You to achim For This Useful Post:


  6. #4
    Status
    Offline
    Akangage's Avatar
    Administrator
    Join Date
    Aug 2007
    Location
    Daerah Khusus Ibukota Jakarta, Indonesia
    Posts
    4,195
    Reviews
    Read 0 Reviews
    Downloads
    210
    Uploads
    87
    Feedback Score
    0
    ngapain repot2, disable aja Click here to enlarge

  7. The Following 2 Users Say Thank You to Akangage For This Useful Post:


  8. #5
    Status
    Offline
    dondon's Avatar
    Newbie
    Join Date
    Apr 2009
    Posts
    56
    Reviews
    Read 0 Reviews
    Downloads
    1
    Uploads
    0
    Feedback Score
    0

    Talking

    saya cuman heran aja knp orang itu bisa tau IP saya..

    padahal kan dari speedynya aja dapet IP Dynamic

    dah gt saya remote ssh balik, dan itu bisa

    nih barusan aja ada lagi log remote ssh lagi... tp IP beda ...

    wew jadi curhat nih Click here to enlarge

  9. #6
    Status
    Offline
    dotter's Avatar
    Member
    Join Date
    Jul 2007
    Location
    WestJog
    Posts
    268
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    udah biasa pak sepeti itu Click here to enlarge , dibiasaken drop all, allow network yang di perbolehkan saja.

  10. #7
    Status
    Offline
    kdebugx86's Avatar
    Moderator
    Join Date
    Oct 2008
    Location
    greyarea
    Posts
    1,283
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by dondon Click here to enlarge
    saya cuman heran aja knp orang itu bisa tau IP saya..

    padahal kan dari speedynya aja dapet IP Dynamic

    dah gt saya remote ssh balik, dan itu bisa

    nih barusan aja ada lagi log remote ssh lagi... tp IP beda ...

    wew jadi curhat nih Click here to enlarge

    coba liat lagi deh
    itu user yang di bruteforce walter, tim , sama tony...
    itu user anda bukan ?
    kalo mau nge hack pastinya nama admin atau nama user anda yang terdaftar...
    dari situ aja uda ketauan koq.

  11. #8
    Status
    Offline
    dondon's Avatar
    Newbie
    Join Date
    Apr 2009
    Posts
    56
    Reviews
    Read 0 Reviews
    Downloads
    1
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by kdebugx86 Click here to enlarge
    coba liat lagi deh
    itu user yang di bruteforce walter, tim , sama tony...
    itu user anda bukan ?
    kalo mau nge hack pastinya nama admin atau nama user anda yang terdaftar...
    dari situ aja uda ketauan koq.
    sblumnya ada username root, admin, dll... pokoknya bnyak dah...

    cm heran aja lantaran apa dia mau masuk...

    dan kok bisa tau IP dari mana ?? kan dapet IP aja dynamic dari speedy

    klo sampe skrg udah 5x ada log sperti itu

    ada yg tau dia bs dapet IP dari mana ga ?Click here to enlarge

  12. #9
    Status
    Offline
    kdebugx86's Avatar
    Moderator
    Join Date
    Oct 2008
    Location
    greyarea
    Posts
    1,283
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    ip kan gampang dapetnya.. random aja.
    yah hal gini biasa saja kali, makanya di drop saja ip yang coba nge brute force. gampang koq, lihat tutorialnya di wiki banyak...Click here to enlarge

  13. #10
    Status
    Online
    spymedan's Avatar
    Moderator
    Join Date
    Oct 2007
    Location
    Medan Metropolitan
    Posts
    2,821
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by kdebugx86 Click here to enlarge
    ip kan gampang dapetnya.. random aja.
    yah hal gini biasa saja kali, makanya di drop saja ip yang coba nge brute force. gampang koq, lihat tutorialnya di wiki banyak...Click here to enlarge
    /ip firewall filter
    add chain=input protocol=tcp psd=21,3s,3,1 action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="Port scanners to list " disabled=no
    add chain=input protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="NMAP FIN Stealth scan"
    add chain=input protocol=tcp tcp-flags=fin,syn action=add-src-to-address-list address-list="port scanners"address-list-timeout=2w comment="SYN/FIN scan"
    add chain=input protocol=tcp tcp-flags=syn,rst action=add-src-to-address-list address-list="port scanners"address-list-timeout=2w comment="SYN/RST scan"
    add chain=input protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="FIN/PSH/URG scan"
    add chain=input protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="ALL/ALL scan"
    add chain=input protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="NMAP NULL scan"
    add chain=input src-address-list="port scanners" action=drop comment="dropping port scanners" disabled=no

    terus masuk ke /ip firewall address list nah disitu kandangin ip yg mengganggu mikocok kitaaa.... Click here to enlarge

  14. The Following 2 Users Say Thank You to spymedan For This Useful Post:


  15. #11
    Status
    Offline
    dondon's Avatar
    Newbie
    Join Date
    Apr 2009
    Posts
    56
    Reviews
    Read 0 Reviews
    Downloads
    1
    Uploads
    0
    Feedback Score
    0

    Talking

    Click here to enlarge Originally Posted by spymedan Click here to enlarge
    /ip firewall filter
    add chain=input protocol=tcp psd=21,3s,3,1 action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="Port scanners to list " disabled=no
    add chain=input protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="NMAP FIN Stealth scan"
    add chain=input protocol=tcp tcp-flags=fin,syn action=add-src-to-address-list address-list="port scanners"address-list-timeout=2w comment="SYN/FIN scan"
    add chain=input protocol=tcp tcp-flags=syn,rst action=add-src-to-address-list address-list="port scanners"address-list-timeout=2w comment="SYN/RST scan"
    add chain=input protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="FIN/PSH/URG scan"
    add chain=input protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="ALL/ALL scan"
    add chain=input protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="NMAP NULL scan"
    add chain=input src-address-list="port scanners" action=drop comment="dropping port scanners" disabled=no

    terus masuk ke /ip firewall address list nah disitu kandangin ip yg mengganggu mikocok kitaaa.... Click here to enlarge

    scriptnya udah aye masukin smua om...
    tp 5 log yang aye dapet itu justru beda2 IP yg masuk...
    udah aye kandangin sih 5 IP yang coba masuk ntu...

    heran aja ngapain jg yak dia isengin mikocok aye...??
    wong cuman buat latian2 doang... intinya sih mau ambil web proxy buat ngakalin speedy ngedrop setelah pemakean 3 giga trus di share 2 komputer dirumah
    oh iya.. aye pake mikrotiknya lewat Virtual PC...ngaruh ga yak ??

  16. #12
    Status
    Online
    spymedan's Avatar
    Moderator
    Join Date
    Oct 2007
    Location
    Medan Metropolitan
    Posts
    2,821
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by dondon Click here to enlarge
    scriptnya udah aye masukin smua om...
    tp 5 log yang aye dapet itu justru beda2 IP yg masuk...
    udah aye kandangin sih 5 IP yang coba masuk ntu...

    heran aja ngapain jg yak dia isengin mikocok aye...??
    wong cuman buat latian2 doang... intinya sih mau ambil web proxy buat ngakalin speedy ngedrop setelah pemakean 3 giga trus di share 2 komputer dirumah
    oh iya.. aye pake mikrotiknya lewat Virtual PC...ngaruh ga yak ??
    gak ngaruh....kalo pusing2 seh ssh di matiin aja di service.. Click here to enlarge telnet yg gak perlu gitu loh..

  17. The Following User Says Thank You to spymedan For This Useful Post:


  18. #13
    Status
    Offline
    brianchrist's Avatar
    Newbie
    Join Date
    Jun 2008
    Location
    bogor-cibubur-jakarta
    Posts
    36
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by dondon Click here to enlarge
    sblumnya ada username root, admin, dll... pokoknya bnyak dah...

    cm heran aja lantaran apa dia mau masuk...

    dan kok bisa tau IP dari mana ?? kan dapet IP aja dynamic dari speedy

    klo sampe skrg udah 5x ada log sperti itu

    ada yg tau dia bs dapet IP dari mana ga ?Click here to enlarge

    Biasanya yang melakukan brute force itu PC yang udah kena hack, lalu oleh hacker dijalankan program "scanner" yang mencoba semua IP dalam suatu range yang besar. Semua IP yang terdeteksi hidup dan port ssh nya terbuka, akan di coba di masukin menggunakan brute force attack lewat ssh.
    Jadi dia bukannya sengaja ngehack mikrotik kamu.

    ada 3 hal yang bisa dilakukan:
    1. cuekin aja, drop semua traffic nya atau ganti port atau lebih extrim tutup servicenya
    2. kumpulin IP nya, laporin ke pemilik IP tersebut
    3. buat honeypot, biarin dia masuk, log semua yang dia kerjakan, biasanya dia akan coba beritahu ke "penciptanya" bahwa system sudah ter-compromise dan bisa dijadikan "zombie", entah via email atau cara lainnya.

  19. The Following User Says Thank You to brianchrist For This Useful Post:


  20. #14
    Status
    Offline
    supik's Avatar
    Newbie
    Join Date
    Aug 2009
    Location
    sumbawa besar
    Posts
    46
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    tidak ada jaringan yang aman bro. bisa diakali, di bikin redundan router aja bro biar gak khawatir-khawatir. rusak satu ada lagi.

  21. #15
    Status
    Offline
    supik's Avatar
    Newbie
    Join Date
    Aug 2009
    Location
    sumbawa besar
    Posts
    46
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    pake ip publik/internet ya?
    kalo ada/pake vpn bisa lain urusannya. lebih baik pindah aja pake ip private dengan cloud computing.
    tapi kalo ga ada/pake vpn (sharing internet saja) dibuatkan redundan router adalah salah satu langkah bijak. Bisa pisik ataupun virtual. (kayaknya zen udah disupport mikrotik) googleaja....
    gak perlu takut.....
    Sekarang gak jaman hack-hackan.
    Apanya yang mau dihack? kalo semua pakeip private dengan cloud computing.

 

 
Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Modem Prolink Di Hack
    By yogaponsel in forum General Networking
    Replies: 14
    Last Post: 13-05-2010, 07:37
  2. Mikrotik Kena Hack
    By mikroseek in forum General Networking
    Replies: 28
    Last Post: 06-12-2009, 10:08
  3. Lomba Hack Mikrotik
    By xeon in forum News & Events
    Replies: 262
    Last Post: 25-09-2009, 15:35
  4. help: somebody will hack my router??
    By xxx123 in forum General Networking
    Replies: 18
    Last Post: 12-01-2008, 00:30

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •