Follow us on...
Follow us on G+ Follow us on Twitter Follow us on Facebook Watch us on YouTube
Register
Page 2 of 3 FirstFirst 123 LastLast
Results 16 to 30 of 45
  1. #16
    Status
    Offline
    anjis's Avatar
    Newbie
    Join Date
    Jul 2007
    Posts
    56
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Kalau yg di block Mac-Address nya bisa ga ?

  2. #17
    Status
    Offline
    xLaM's Avatar
    Baru Gabung
    Join Date
    Sep 2007
    Posts
    1
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Mantap broooo..kebetulan wa mau eksperimen.Click here to enlarge

  3. #18
    Status
    Offline
    sone's Avatar
    Member
    Join Date
    Aug 2007
    Posts
    266
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    ooo gitu

    tes dulu ah, karena di mikrotik aku sering kali org iseng
    Last edited by sone; 13-10-2007 at 16:39.

  4. #19
    Status
    Offline
    sone's Avatar
    Member
    Join Date
    Aug 2007
    Posts
    266
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    uda di tes bos

    masa sekali login masuk (bukan fail loh, tapi sukses login) terus di masukkan ke address list sebagai blacklist yg kita cantumkan

    uda gitu gak bisa login lagi jika logout

  5. #20
    Status
    Offline
    kadek's Avatar
    Baru Gabung
    Join Date
    Feb 2008
    Location
    denpasar
    Posts
    3
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0

    Red face tolongin dunk

    aku baru gabung ne, code2 di atas kalo di winbox di paste di menu apa ya??
    help me masih cupu bgt!!!Click here to enlarge
    punyaku juga mulai ada yg coba2 masuk ne!! help me

  6. #21
    Status
    Offline
    emruxc's Avatar
    Calon Member
    Join Date
    Oct 2007
    Posts
    86
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by okto_2005 Click here to enlarge
    kita bisa mendafarkan ip yg berusaha masuk ke daftar black-list, contoh untuk ssh sbb:

    dibawah untuk usaha pertama masuk, jika membandel diproses ke tahap berikutnya
    Code:
    add chain=input protocol=tcp dst-port=22 connection-state=new \
    action=add-src-to-address-list address-list=bl_list_ssh1 address-list-timeout=1m comment="" \
    disabled=no
    
    add chain=input protocol=tcp dst-port=22 connection-state=new \
    src-address-list=bl_list_ssh1 action=add-src-to-address-list address-list=bl_list_ssh2 address-list-timeout=1m \
    comment="" disabled=no
    
    add chain=input protocol=tcp dst-port=22 connection-state=new \
    src-address-list=bl_list_ssh2 action=add-src-to-address-list address-list=bl_list_ssh3 address-list-timeout=1m \
    comment="" disabled=no
    
    add chain=input protocol=tcp dst-port=22 connection-state=new \
    src-address-list=bl_list_ssh3 action=add-src-to-address-list address-list=black_list address-list-timeout=1d \
    comment="" disabled=no
    nah akhirnya kalo masih bandel udah 3 kali mo nyoba masuk terus, maka ip nya di ban selama 1 hari (lihat timeout diatas).

    Code:
    / ip firewall filter
    add chain=input protocol=tcp dst-port=22 src-address-list=black_list action=drop \
    comment="drop ssh brute forcers" disabled=no

    cara 2, lebih simpel:
    Code:
    / ip firewall filter
    add chain=input in-interface=ether1 protocol=tcp dst-port=22 src-address-list=ftp_blacklist action=drop
    
    # accept 10 incorrect logins per minute
    / ip firewall filter
    add chain=output action=accept protocol=tcp content=530 Login incorrect dst-limit=1/1m,9,dst-address/1m
    
    #add to blacklist
    add chain=output action=add-dst-to-address-list protocol=tcp content=530 Login incorrect address-list=blacklist address-list-timeout=3h
    kalo kode diatas ini jika dalam 1 menit berusaha 10 kali login (lht script baris kedua, dst-limit=1/1m,9 di login nya yg kesepuluh masuk daftar hitam dan diban selama 3jam, address-list=blacklist address-list-timeout=3h).

    kalo mo dibuat range juga bisa portnya tinggal dikasi dst-port=21-23 (utk ftp,ssh,telnet)
    keren juga tuh, boleh coba ah.. thx bro

  7. #22
    Status
    Offline
    bayu_grass's Avatar
    Baru Gabung
    Join Date
    Aug 2009
    Posts
    15
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by emruxc Click here to enlarge
    keren juga tuh, boleh coba ah.. thx bro
    ini nih Click here to enlarge baru top scurity hotspot

  8. #23
    Status
    Offline
    all21's Avatar
    Member
    Join Date
    Apr 2008
    Posts
    283
    Reviews
    Read 0 Reviews
    Downloads
    4
    Uploads
    0
    Feedback Score
    0
    ane dah bikin.... dan di ane timenya ane kasin 360d
    jadi kalo ada yang coba² masuk.....
    Click here to enlargeClick here to enlarge byeeeeeeeeeeeeeeee
    selama setaon
    wakakakakakakakakaka
    coz ane sshnya ane buka dari luar.....
    dan sering ada yang nyoba masuk dan coba di user admin.....
    ato root
    ato recruit
    hehehe

  9. #24
    Status
    Offline
    xopal's Avatar
    Member
    Join Date
    Jan 2010
    Posts
    245
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Coba ahhh...Click here to enlarge

  10. #25
    Status
    Offline
    kodox's Avatar
    Member
    Join Date
    Jul 2010
    Location
    Karawang, Jabar
    Posts
    206
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by okto_2005 Click here to enlarge
    Code:
    / ip firewall filter
    add chain=input in-interface=ether1 protocol=tcp dst-port=22 src-address-list=ftp_blacklist action=drop
    
    # accept 10 incorrect logins per minute
    / ip firewall filter
    add chain=output action=accept protocol=tcp content=530 Login incorrect dst-limit=1/1m,9,dst-address/1m
    
    #add to blacklist
    add chain=output action=add-dst-to-address-list protocol=tcp content=530 Login incorrect address-list=blacklist address-list-timeout=3h
    kalo kode diatas ini jika dalam 1 menit berusaha 10 kali login (lht script baris kedua, dst-limit=1/1m,9 di login nya yg kesepuluh masuk daftar hitam dan diban selama 3jam, address-list=blacklist address-list-timeout=3h).

    kalo mo dibuat range juga bisa portnya tinggal dikasi dst-port=21-23 (utk ftp,ssh,telnet)
    Mohon pencerahannya master..... Click here to enlargeClick here to enlarge
    sy dah cobain settingan di atas, cm koq ip yg di coba buat login walaupun udah 11x salah gak ke daftar ip nya bahkan di cobain login pake username & password yg valid & msh pk ip yg sama langsung bisa masuk ya....? sy coba2 rubah lewat winbox bagian rate, sy ganti jadi 1/1 min, 10/1 min, 60/1 min & 1/1 sec hasilnya masih sama. coba ngerubah burst dari 9 ke 3 sama juga, kira2 salah dmn ya...? mohon bantuannya, krn tiap hari ada aja log dengan status "login failure for user xxxxxx via winbox from xxx.xxx.xxx.xxx" & kalo dpt status buat di isiin di bagian content-nya dimana ya? Ini semua filter yg aktif:
    Code:
    Flags: X - disabled, I - invalid, D - dynamic 
     0   ;;; Buang Permintaan Dari Lan Yg IP-nya Tidak Terdaftar
         chain=input action=drop src-address-list=!localnet 
         in-interface=Port5-Lan 
    
     1   ;;; Tolak IP Yg Udah Gagal Login 4x Lewat Tower
         chain=input action=drop protocol=tcp 
         src-address-list=Router_Login_BlackList in-interface=Port1-Tower 
         dst-port=21,22,23,8291 
    
     2   ;;; Gagal Login 4x Lewat Tower IP-nya ke Blacklist Seharian
         chain=output action=accept protocol=tcp content=530 Login incorrect 
         dst-limit=1,4,dst-address/1m 
    
     3   ;;; Daftarin IP Yg Gagal Login Lewat Tower
         chain=output action=add-dst-to-address-list protocol=tcp 
         address-list=Router_Login_BlackList address-list-timeout=1d 
         content=530 Login incorrect 
    
     4   ;;; Ijinkan Koneksi Yg Telah Tersambung
         chain=forward action=accept connection-state=established 
    
     5   ;;; Ijinkan Koneksi Yg Berhubungan
         chain=forward action=accept connection-state=related 
    
     6   ;;; Buang Koneksi Yg Salah
         chain=forward action=drop connection-state=invalid 
    
     7   ;;; Daftarin IP Port Scanner
         chain=input action=add-src-to-address-list protocol=tcp psd=21,3s,3,1 
         address-list=Port Scanner address-list-timeout=2w 
    
     8   ;;; Daftarin IP Port Scanner (NMAP FIN Stealth Scan)
         chain=input action=add-src-to-address-list 
         tcp-flags=fin,!syn,!rst,!psh,!ack,!urg protocol=tcp 
         address-list=Port Scanner address-list-timeout=2w 
    
     9   ;;; Daftarin IP Port Scanner (SYN/FIN Scan)
         chain=input action=add-src-to-address-list tcp-flags=fin,syn 
         protocol=tcp address-list=Port Scanner address-list-timeout=2w 
    
    10   ;;; Daftarin IP Port Scanner (SYN/RST Scan)
         chain=input action=add-src-to-address-list tcp-flags=syn,rst 
         protocol=tcp address-list=Port Scanner address-list-timeout=2w 
    
    11   ;;; Daftarin IP Port Scanner (FIN/PSH/URG Scan)
         chain=input action=add-src-to-address-list 
         tcp-flags=fin,psh,urg,!syn,!rst,!ack protocol=tcp 
         address-list=Port Scanner address-list-timeout=2w 
    
    12   ;;; Daftarin IP Port Scanner (ALL/ALL Scan)
         chain=input action=add-src-to-address-list 
         tcp-flags=fin,syn,rst,psh,ack,urg protocol=tcp address-list=Port Scanner 
         address-list-timeout=2w 
    
    13   ;;; Daftarin IP Port Scanner (NMAP NULL Scan)
         chain=input action=add-src-to-address-list 
         tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg protocol=tcp 
         address-list=Port Scanner address-list-timeout=2w 
    
    14   ;;; Blok Port scanner
         chain=input action=drop src-address-list=Port Scanner 
    
    15   ;;; Blok Virus Conficker
         chain=forward action=drop packet-mark=Paket_Virus_Conficker

  11. #26
    Status
    Offline
    kambeeng's Avatar
    Member Senior
    Join Date
    Jan 2008
    Posts
    483
    Reviews
    Read 0 Reviews
    Downloads
    2
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by kodox Click here to enlarge
    Mohon pencerahannya master..... Click here to enlargeClick here to enlarge
    sy dah cobain settingan di atas, cm koq ip yg di coba buat login walaupun udah 11x salah gak ke daftar ip nya bahkan di cobain login pake username & password yg valid & msh pk ip yg sama langsung bisa masuk ya....? sy coba2 rubah lewat winbox bagian rate, sy ganti jadi 1/1 min, 10/1 min, 60/1 min & 1/1 sec hasilnya masih sama. coba ngerubah burst dari 9 ke 3 sama juga, kira2 salah dmn ya...? mohon bantuannya, krn tiap hari ada aja log dengan status "login failure for user xxxxxx via winbox from xxx.xxx.xxx.xxx" & kalo dpt status buat di isiin di bagian content-nya dimana ya? Ini semua filter yg aktif:
    Code:
    Flags: X - disabled, I - invalid, D - dynamic 
     0   ;;; Buang Permintaan Dari Lan Yg IP-nya Tidak Terdaftar
         chain=input action=drop src-address-list=!localnet 
         in-interface=Port5-Lan 
    
     1   ;;; Tolak IP Yg Udah Gagal Login 4x Lewat Tower
         chain=input action=drop protocol=tcp 
         src-address-list=Router_Login_BlackList in-interface=Port1-Tower 
         dst-port=21,22,23,8291 
    
     2   ;;; Gagal Login 4x Lewat Tower IP-nya ke Blacklist Seharian
         chain=output action=accept protocol=tcp content=530 Login incorrect 
         dst-limit=1,4,dst-address/1m 
    
     3   ;;; Daftarin IP Yg Gagal Login Lewat Tower
         chain=output action=add-dst-to-address-list protocol=tcp 
         address-list=Router_Login_BlackList address-list-timeout=1d 
         content=530 Login incorrect 
    
     4   ;;; Ijinkan Koneksi Yg Telah Tersambung
         chain=forward action=accept connection-state=established 
    
     5   ;;; Ijinkan Koneksi Yg Berhubungan
         chain=forward action=accept connection-state=related 
    
     6   ;;; Buang Koneksi Yg Salah
         chain=forward action=drop connection-state=invalid 
    
     7   ;;; Daftarin IP Port Scanner
         chain=input action=add-src-to-address-list protocol=tcp psd=21,3s,3,1 
         address-list=Port Scanner address-list-timeout=2w 
    
     8   ;;; Daftarin IP Port Scanner (NMAP FIN Stealth Scan)
         chain=input action=add-src-to-address-list 
         tcp-flags=fin,!syn,!rst,!psh,!ack,!urg protocol=tcp 
         address-list=Port Scanner address-list-timeout=2w 
    
     9   ;;; Daftarin IP Port Scanner (SYN/FIN Scan)
         chain=input action=add-src-to-address-list tcp-flags=fin,syn 
         protocol=tcp address-list=Port Scanner address-list-timeout=2w 
    
    10   ;;; Daftarin IP Port Scanner (SYN/RST Scan)
         chain=input action=add-src-to-address-list tcp-flags=syn,rst 
         protocol=tcp address-list=Port Scanner address-list-timeout=2w 
    
    11   ;;; Daftarin IP Port Scanner (FIN/PSH/URG Scan)
         chain=input action=add-src-to-address-list 
         tcp-flags=fin,psh,urg,!syn,!rst,!ack protocol=tcp 
         address-list=Port Scanner address-list-timeout=2w 
    
    12   ;;; Daftarin IP Port Scanner (ALL/ALL Scan)
         chain=input action=add-src-to-address-list 
         tcp-flags=fin,syn,rst,psh,ack,urg protocol=tcp address-list=Port Scanner 
         address-list-timeout=2w 
    
    13   ;;; Daftarin IP Port Scanner (NMAP NULL Scan)
         chain=input action=add-src-to-address-list 
         tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg protocol=tcp 
         address-list=Port Scanner address-list-timeout=2w 
    
    14   ;;; Blok Port scanner
         chain=input action=drop src-address-list=Port Scanner 
    
    15   ;;; Blok Virus Conficker
         chain=forward action=drop packet-mark=Paket_Virus_Conficker
    susah amat meningan om buat aja ip yang allow dan yang blaclixr di jamin tuh penyusup mentok or ganti port ssh nya ke port yang lain Click here to enlarge

  12. #27
    Status
    Offline
    kodox's Avatar
    Member
    Join Date
    Jul 2010
    Location
    Karawang, Jabar
    Posts
    206
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by kambeeng Click here to enlarge
    susah amat meningan om buat aja ip yang allow dan yang blaclixr di jamin tuh penyusup mentok or ganti port ssh nya ke port yang lain Click here to enlarge
    cara paling guampang buanget seeh emang begonoh om.... cuma kalo ip nya di biarin yg "iseng" bakal tetep aja terus nyoba, nah.... buat ngasih "efek jera" sama yg "iseng" kan salah 1 caranya ya yg di share ama om Okto ini...

  13. #28
    Status
    Offline
    mrengestik's Avatar
    Newbie
    Join Date
    Mar 2008
    Posts
    46
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by kodox Click here to enlarge
    cara paling guampang buanget seeh emang begonoh om.... cuma kalo ip nya di biarin yg "iseng" bakal tetep aja terus nyoba, nah.... buat ngasih "efek jera" sama yg "iseng" kan salah 1 caranya ya yg di share ama om Okto ini...
    apanya yang mau dicoba kalo port nya di tutup?? emang bisa Click here to enlarge tutup port/ganti port lain mendingan, gak nambah2in rule firewall yang bikin lebih berat ajah..

    kalo diterapkan di hotspot kayaknya bagus tuh.. Click here to enlarge

  14. #29
    Status
    Offline
    yogi.mikrotikid's Avatar
    Baru Gabung
    Join Date
    May 2010
    Posts
    6
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Gan.., saran saya mending matiin semua proses remote dari luar. Klo mau masuk kedalam, gunakan koneksi VPN. Menurut ane sih lebih secure ya.

    Sori belum bisa ngasih tutorial vpn-nya. Masih newbie soalnya. Coba aja ubek-ubek disini. Thx.

  15. #30
    Status
    Offline
    the_javu1988's Avatar
    Baru Gabung
    Join Date
    Feb 2011
    Location
    Jakarta
    Posts
    1
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0

    Thumbs down

    Click here to enlarge Originally Posted by okto_2005 Click here to enlarge
    kita bisa mendafarkan ip yg berusaha masuk ke daftar black-list, contoh untuk ssh sbb:

    dibawah untuk usaha pertama masuk, jika membandel diproses ke tahap berikutnya
    Code:
    add chain=input protocol=tcp dst-port=22 connection-state=new \
    action=add-src-to-address-list address-list=bl_list_ssh1 address-list-timeout=1m comment="" \
    disabled=no
    
    add chain=input protocol=tcp dst-port=22 connection-state=new \
    src-address-list=bl_list_ssh1 action=add-src-to-address-list address-list=bl_list_ssh2 address-list-timeout=1m \
    comment="" disabled=no
    
    add chain=input protocol=tcp dst-port=22 connection-state=new \
    src-address-list=bl_list_ssh2 action=add-src-to-address-list address-list=bl_list_ssh3 address-list-timeout=1m \
    comment="" disabled=no
    
    add chain=input protocol=tcp dst-port=22 connection-state=new \
    src-address-list=bl_list_ssh3 action=add-src-to-address-list address-list=black_list address-list-timeout=1d \
    comment="" disabled=no
    nah akhirnya kalo masih bandel udah 3 kali mo nyoba masuk terus, maka ip nya di ban selama 1 hari (lihat timeout diatas).

    Code:
    / ip firewall filter
    add chain=input protocol=tcp dst-port=22 src-address-list=black_list action=drop \
    comment="drop ssh brute forcers" disabled=no

    cara 2, lebih simpel:
    Code:
    / ip firewall filter
    add chain=input in-interface=ether1 protocol=tcp dst-port=22 src-address-list=ftp_blacklist action=drop
    
    # accept 10 incorrect logins per minute
    / ip firewall filter
    add chain=output action=accept protocol=tcp content=530 Login incorrect dst-limit=1/1m,9,dst-address/1m
    
    #add to blacklist
    add chain=output action=add-dst-to-address-list protocol=tcp content=530 Login incorrect address-list=blacklist address-list-timeout=3h
    kalo kode diatas ini jika dalam 1 menit berusaha 10 kali login (lht script baris kedua, dst-limit=1/1m,9 di login nya yg kesepuluh masuk daftar hitam dan diban selama 3jam, address-list=blacklist address-list-timeout=3h).

    kalo mo dibuat range juga bisa portnya tinggal dikasi dst-port=21-23 (utk ftp,ssh,telnet)


    mantap Gan..... Maturnuwun Maknyus nech....... Click here to enlarge

    Kalo Boleh Sekalian aja tendang tuh yang login..... mulu kesel jadinya....Click here to enlarge

 

 
Page 2 of 3 FirstFirst 123 LastLast

Thread Information

Users Browsing this Thread

There are currently 2 users browsing this thread. (0 members and 2 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •