+ Responder ao Tópico



  1. #1

    Question Tentativa de login via SSH remota

    Está dando esta mensagem aqui em meu MK...

    Alguém pode me ajudar.

    Pelo que vejo é uma tentativa de invasão? Como posso bloquear?

    feb/25/2008 12:04:22 system,error,critical login failure for user fabio from 200.107.11.181 via ss
    h
    feb/25/2008 12:04:27 system,error,critical login failure for user fermin from 200.107.11.181 via s
    sh
    feb/25/2008 12:04:32 system,error,critical login failure for user gabino from 200.107.11.181 via s
    sh
    feb/25/2008 12:04:37 system,error,critical login failure for user genaro from 200.107.11.181 via s
    sh
    feb/25/2008 12:04:42 system,error,critical login failure for user hilaria from 200.107.11.181 via
    ssh
    feb/25/2008 12:04:47 system,error,critical login failure for user hilario from 200.107.11.181 via
    ssh
    feb/25/2008 12:04:51 system,error,critical login failure for user ignacio from 200.107.11.181 via
    ssh
    feb/25/2008 12:04:55 system,error,critical login failure for user jenaro from 200.107.11.181 via s
    sh
    Terminal vt102 detected, using multiline input mode
    [[email protected]] >
    echo: system,error,critical login failure for user juliana from 200.107.11.181 via ssh
    [[email protected]] >
    echo: system,error,critical login failure for user juliano from 200.107.11.181 via ssh
    [[email protected]] >

  2. #2

    Padrão

    Citação Postado originalmente por luock Ver Post
    Está dando esta mensagem aqui em meu MK...

    Alguém pode me ajudar.

    Pelo que vejo é uma tentativa de invasão? Como posso bloquear?

    Aplica essas regras aqui no seu MK>


    ip firewall filter

    add chain=input action=drop dst-port=22 protocol=tcp \
    src-address-list=black_list comment="DROP SSH BRUTE FORCE" disabled=no
    add chain=input action=add-src-to-address-list connection-state=new \
    dst-port=22 protocol=tcp src-address-list=ssh_stage3 \
    address-list=black_list address-list-timeout=1d comment="" disabled=no
    add chain=input action=add-src-to-address-list connection-state=new \
    dst-port=22 protocol=tcp src-address-list=ssh_stage2 \
    address-list=ssh_stage3 address-list-timeout=1m comment="" disabled=no
    add chain=input action=add-src-to-address-list connection-state=new \
    dst-port=22 protocol=tcp src-address-list=ssh_stage1 \
    address-list=ssh_stage2 address-list-timeout=1m comment="" disabled=no
    add chain=input action=add-src-to-address-list connection-state=new \
    dst-port=22 protocol=tcp address-list=ssh_stage1 address-list-timeout=1m \
    comment="" disabled=no



  3. #3

    Padrão

    Ou simplesmente mude as portas ( ip > services ).
    Ou ainda determina so pra seu range de ip interno.

  4. #4

    Padrão

    Amigo seria de mais valia ter dado o link do site onde tem essas dicas....segue abaixo:

    Bruteforce login prevention (FTP - MikroTik Wiki)

    Citação Postado originalmente por Roberto21 Ver Post
    Aplica essas regras aqui no seu MK>


    ip firewall filter

    add chain=input action=drop dst-port=22 protocol=tcp \
    src-address-list=black_list comment="DROP SSH BRUTE FORCE" disabled=no
    add chain=input action=add-src-to-address-list connection-state=new \
    dst-port=22 protocol=tcp src-address-list=ssh_stage3 \
    address-list=black_list address-list-timeout=1d comment="" disabled=no
    add chain=input action=add-src-to-address-list connection-state=new \
    dst-port=22 protocol=tcp src-address-list=ssh_stage2 \
    address-list=ssh_stage3 address-list-timeout=1m comment="" disabled=no
    add chain=input action=add-src-to-address-list connection-state=new \
    dst-port=22 protocol=tcp src-address-list=ssh_stage1 \
    address-list=ssh_stage2 address-list-timeout=1m comment="" disabled=no
    add chain=input action=add-src-to-address-list connection-state=new \
    dst-port=22 protocol=tcp address-list=ssh_stage1 address-list-timeout=1m \
    comment="" disabled=no



  5. #5

    Padrão :D

    Agradeço a ajuda ai.

    Problema resolvido!