Tentativa de login via SSH remota

**luock** · 25-02-2008, 12:05

Está dando esta mensagem aqui em meu MK...

Alguém pode me ajudar.

Pelo que vejo é uma tentativa de invasão? Como posso bloquear?

feb/25/2008 12:04:22 system,error,critical login failure for user fabio from 200.107.11.181 via ss
h
feb/25/2008 12:04:27 system,error,critical login failure for user fermin from 200.107.11.181 via s
sh
feb/25/2008 12:04:32 system,error,critical login failure for user gabino from 200.107.11.181 via s
sh
feb/25/2008 12:04:37 system,error,critical login failure for user genaro from 200.107.11.181 via s
sh
feb/25/2008 12:04:42 system,error,critical login failure for user hilaria from 200.107.11.181 via
ssh
feb/25/2008 12:04:47 system,error,critical login failure for user hilario from 200.107.11.181 via
ssh
feb/25/2008 12:04:51 system,error,critical login failure for user ignacio from 200.107.11.181 via
ssh
feb/25/2008 12:04:55 system,error,critical login failure for user jenaro from 200.107.11.181 via s
sh
Terminal vt102 detected, using multiline input mode
[admin@MikroTik] >
echo: system,error,critical login failure for user juliana from 200.107.11.181 via ssh
[admin@MikroTik] >
echo: system,error,critical login failure for user juliano from 200.107.11.181 via ssh
[admin@MikroTik] >

**Roberto21** · 25-02-2008, 12:34

Postado originalmente por luock

Está dando esta mensagem aqui em meu MK...

Alguém pode me ajudar.

Pelo que vejo é uma tentativa de invasão? Como posso bloquear?

Aplica essas regras aqui no seu MK>

ip firewall filter

add chain=input action=drop dst-port=22 protocol=tcp \
src-address-list=black_list comment="DROP SSH BRUTE FORCE" disabled=no
add chain=input action=add-src-to-address-list connection-state=new \
dst-port=22 protocol=tcp src-address-list=ssh_stage3 \
address-list=black_list address-list-timeout=1d comment="" disabled=no
add chain=input action=add-src-to-address-list connection-state=new \
dst-port=22 protocol=tcp src-address-list=ssh_stage2 \
address-list=ssh_stage3 address-list-timeout=1m comment="" disabled=no
add chain=input action=add-src-to-address-list connection-state=new \
dst-port=22 protocol=tcp src-address-list=ssh_stage1 \
address-list=ssh_stage2 address-list-timeout=1m comment="" disabled=no
add chain=input action=add-src-to-address-list connection-state=new \
dst-port=22 protocol=tcp address-list=ssh_stage1 address-list-timeout=1m \
comment="" disabled=no

**rps67** · 25-02-2008, 19:01

Ou simplesmente mude as portas ( ip > services ).
Ou ainda determina so pra seu range de ip interno.

**fbig** · 26-02-2008, 11:51

Amigo seria de mais valia ter dado o link do site onde tem essas dicas....segue abaixo:

Bruteforce login prevention (FTP - MikroTik Wiki)

Postado originalmente por Roberto21

Aplica essas regras aqui no seu MK>

ip firewall filter

add chain=input action=drop dst-port=22 protocol=tcp \
src-address-list=black_list comment="DROP SSH BRUTE FORCE" disabled=no
add chain=input action=add-src-to-address-list connection-state=new \
dst-port=22 protocol=tcp src-address-list=ssh_stage3 \
address-list=black_list address-list-timeout=1d comment="" disabled=no
add chain=input action=add-src-to-address-list connection-state=new \
dst-port=22 protocol=tcp src-address-list=ssh_stage2 \
address-list=ssh_stage3 address-list-timeout=1m comment="" disabled=no
add chain=input action=add-src-to-address-list connection-state=new \
dst-port=22 protocol=tcp src-address-list=ssh_stage1 \
address-list=ssh_stage2 address-list-timeout=1m comment="" disabled=no
add chain=input action=add-src-to-address-list connection-state=new \
dst-port=22 protocol=tcp address-list=ssh_stage1 address-list-timeout=1m \
comment="" disabled=no

**luock** · 26-02-2008, 12:17

Agradeço a ajuda ai.

Problema resolvido!

Tentativa de login via SSH remota

Ferramentas de Tópicos

Tentativa de login via SSH remota

:D