Firewall / Tentativa de derrubar servidor
Você tem regras de firewall pra evitar ataques com macs errados ou de força fruta?
Pra verificar se é antena, pega ai no teu cadastro teus 10 primeiros clientes, da epoca q tava tudo bem, exclui todos os outros do teu sistema e deixa só esses 10 rodando pra ver se vai ter problema, se não tiver tenha certeza ou é fonte com pouca Ah ou é tentativa de insavasao. O processador e memoria da RB estão em quantos %?
Da uma olhada nesses scripts..., uso alguns deles..., ta bem explicadinho...
/ ip firewall mangle
add chain=prerouting p2p=all-p2p action=mark-connection \
new-connection-mark=p2p_m passthrough=yes comment="p2p_mark" disabled=no
add chain=prerouting connection-mark=p2p_m action=mark-packet \
new-packet-mark=p2p passthrough=yes comment="p2p_mark1" disabled=no
add chain=prerouting protocol=tcp dst-port=569 action=mark-connection \
new-connection-mark=msn_con passthrough=yes comment="" disabled=no
add chain=prerouting protocol=tcp dst-port=1080 action=mark-connection \
new-connection-mark=msn_con passthrough=yes comment="" disabled=no
add chain=prerouting protocol=udp dst-port=569 action=mark-connection \
new-connection-mark=msn_con passthrough=yes comment="" disabled=no
add chain=prerouting connection-mark=msn_con action=mark-packet \
new-packet-mark=msn passthrough=yes comment="" disabled=no
/ ip firewall filter
add chain=input in-interface=!bridge_link protocol=tcp dst-port=3128 action=drop \
comment="bloqueio acesso externo ao proxy" disabled=no
add chain=forward src-address=10.1.0.0 protocol=tcp tcp-flags=syn \
connection-limit=20,16 action=drop comment="bloqueia mais de 20 \
requisicoes por cliente" disabled=no
add chain=forward p2p=all-p2p action=drop comment="bloqueia P2P da galera" \
disabled=yes
[Mangle]
/ ip firewall mangle
add chain=forward src-address=10.0.0.0/16 protocol=tcp dst-port=2121 \
action=mark-packet new-packet-mark=semlimite passthrough=yes \
comment="Marcando Pacotes Sem Limite Conexao" disabled=no
add chain=forward src-address=10.0.0.0/16 protocol=tcp dst-port=46792 \
action=mark-packet new-packet-mark=semlimite passthrough=yes comment="" \
disabled=no
add chain=forward src-address=10.0.0.0/16 protocol=tcp dst-port=23 \
action=mark-packet new-packet-mark=semlimite passthrough=yes comment="" \
disabled=no
add chain=forward src-address=10.0.0.0/16 protocol=tcp dst-port=25 \
action=mark-packet new-packet-mark=semlimite passthrough=yes comment="" \
disabled=no
add chain=forward src-address=10.0.0.0/16 protocol=tcp dst-port=53 \
action=mark-packet new-packet-mark=semlimite passthrough=yes comment="" \
disabled=no
add chain=forward src-address=10.0.0.0/16 protocol=udp dst-port=53 \
action=mark-packet new-packet-mark=semlimite passthrough=yes comment="" \
disabled=no
add chain=forward src-address=10.0.0.0/16 protocol=tcp dst-port=80 \
action=mark-packet new-packet-mark=semlimite passthrough=yes comment="" \
disabled=no
add chain=forward src-address=10.0.0.0/16 protocol=tcp dst-port=110 \
action=mark-packet new-packet-mark=semlimite passthrough=yes comment="" \
disabled=no
add chain=forward src-address=10.0.0.0/16 protocol=tcp dst-port=443 \
action=mark-packet new-packet-mark=semlimite passthrough=yes comment="" \
disabled=no
add chain=forward src-address=10.0.0.0/16 protocol=tcp dst-port=3128 \
action=mark-packet new-packet-mark=semlimite passthrough=yes comment="" \
disabled=no
add chain=forward src-address=10.0.0.0/16 protocol=tcp dst-port=6891-6901 \
action=mark-packet new-packet-mark=semlimite passthrough=yes comment="" \
disabled=no
[Filter]
/ ip firewall filter
add chain=forward src-address=10.0.0.0/16 protocol=tcp tcp-flags=syn \
packet-mark=!semlimite connection-limit=25,32 action=drop comment="Limitando \
numero conexoes simultaneas" disabled=no
/ip firewall filter
add action=drop chain=forward comment="bloqueia conexoes invalidas" \
connection-state=invalid disabled=no
add action=accept chain=forward comment="permite conexoes estabelecidas" \
connection-state=established disabled=no tcp-flags=!syn
add action=accept chain=forward comment="permite conexoes relatadas" \
connection-state=related disabled=no
add chain=forward protocol=tcp dst-port=137-139 action=drop comment="bloqueia netbios"
add chain=forward protocol=tcp dst-port=445 action=drop comment="bloqueia netbios"
add chain=forward src-address=0.0.0.0 dst-address=0.0.0.0 action=drop comment="bloqueia visualizacao interna"
/ip firewall mangle add chain=postrouting out-interface=bridge_link action=change-ttl new-ttl=set:1 comment="bloqueia compartilhamento pelo windows"
/ip firewall mangle add chain=forward protocol=icmp action=change-ttl new-ttl=set:30 comment="bloqueia traceroute"
/ip firewall filter add chain=input dst-address=10.0.0.0/16 protocol=icmp icmp-options=8 action=drop disabled=no comment="bloqueia ping"
/ip firewall filter add chain=forward protocol=icmp icmp-options=8 action=drop disabled=no comment="bloqueia ping"
/ip firewall filter
add chain=input protocol=udp dst-port=5678 action=drop comment="bloqueia scan winbox"
add chain=input src-address=10.0.1.1 protocol=tcp dst-port=8291 action=accept comment="libera scan winbox para neguinho"
add chain=input src-address=10.0.0.0/16 protocol=tcp dst-port=8291 action=drop comment="bloqueia winbox"
add chain=input src-address=10.0.0.0/16 protocol=tcp dst-port=20561 action=drop comment="bloqueia mac winbox"
/remove tabela arp agendar para fazer isso de 5 em 5 minutos
:foreach i in=[ ip arp find interface=ether1 ] do={ /ip arp remove $i }