Seguridad en Mikrotik, Anti-Ataques, Filtros y bloqueos

Publicado por D3M0N, 19 de Enero de 2015, 01:13:01 AM

Tema anterior - Siguiente tema

0 Miembros y 1 Visitante están viendo este tema.

Imprimir
Ir Abajo Páginas1
Acciones del Usuario

D3M0N

19 de Enero de 2015, 01:13:01 AM Ultima modificación: 19 de Enero de 2015, 01:19:12 AM por D3M0N

Este es un pequeño Script con filtros de seguridad, bloqueos de protocolos en particular, etc. Cada linea con su comentario de operación.

Código: php
/ip firewall filteradd action=drop chain=forward comment="Block Bogon IP addresses" disabled=no \src-address=0.0.0.0/8add action=drop chain=forward disabled=no dst-address=0.0.0.0/8add action=drop chain=forward disabled=no src-address=127.0.0.0/8add action=drop chain=forward disabled=no dst-address=127.0.0.0/8add action=drop chain=forward disabled=no src-address=224.0.0.0/3add action=drop chain=forward disabled=no dst-address=224.0.0.0/3add action=jump chain=forward comment="Make jumps to new chains" disabled=no \jump-target=tcp protocol=tcpadd action=jump chain=forward disabled=no jump-target=udp protocol=udpadd action=jump chain=forward disabled=no jump-target=icmp protocol=icmpadd action=drop chain=tcp comment="deny TFTP" disabled=no dst-port=69 protocol=\tcpadd action=drop chain=tcp comment="deny RPC portmapper" disabled=no dst-port=\111 protocol=tcpadd action=drop chain=tcp comment="deny RPC portmapper" disabled=no dst-port=\135 protocol=tcpadd action=drop chain=tcp comment="deny NBT" disabled=no dst-port=137-139 \protocol=tcpadd action=drop chain=tcp comment="deny cifs" disabled=no dst-port=445 \protocol=tcpadd action=drop chain=tcp comment="deny NFS" disabled=no dst-port=2049 \protocol=tcpadd action=drop chain=tcp comment="deny NetBus" disabled=no dst-port=\12345-12346 protocol=tcpadd action=drop chain=tcp comment="deny NetBus" disabled=no dst-port=20034 \protocol=tcpadd action=drop chain=tcp comment="deny BackOriffice" disabled=no dst-port=\3133 protocol=tcpadd action=drop chain=tcp disabled=no dst-port=67-68 protocol=tcpadd action=drop chain=udp comment="deny TFTP" disabled=no dst-port=69 protocol=\udpadd action=drop chain=udp comment="deny PRC portmapper" disabled=no dst-port=\111 protocol=udpadd action=drop chain=udp comment="deny PRC portmapper" disabled=no dst-port=\135 protocol=udpadd action=drop chain=udp comment="deny NBT" disabled=no dst-port=137-139 \protocol=udpadd action=drop chain=udp comment="deny NFS" disabled=no dst-port=2049 \protocol=udpadd action=drop chain=udp comment="deny BackOriffice" disabled=no dst-port=3133 \protocol=udpadd action=accept chain=icmp comment="echo reply" disabled=no icmp-options=0:0 \protocol=icmpadd action=accept chain=icmp comment="net unreachable" disabled=no \icmp-options=3:0 protocol=icmpadd action=accept chain=icmp comment="host unreachable" disabled=no \icmp-options=3:1 protocol=icmpadd action=accept chain=icmp comment="allow source quench" disabled=no \icmp-options=4:0 protocol=icmpadd action=accept chain=icmp comment="allow echo request" disabled=no \icmp-options=8:0 protocol=icmpadd action=accept chain=icmp comment="allow time exceed" disabled=no \icmp-options=11:0 protocol=icmpadd action=accept chain=icmp comment="allow parameter bad" disabled=no \icmp-options=12:0 protocol=icmpadd action=drop chain=icmp comment="deny all other types" disabled=noadd action=drop chain=input comment="drop ftp brute forcers" disabled=no \dst-port=21 protocol=tcp src-address-list=ftp_blacklistadd action=accept chain=output content="530 Login incorrect" disabled=no \dst-limit=1/1m,9,dst-address/1m protocol=tcpadd action=add-dst-to-address-list address-list=ftp_blacklist \address-list-timeout=3h chain=output content="530 Login incorrect" \disabled=no protocol=tcpadd action=drop chain=input comment="drop ssh brute forcers" disabled=no \dst-port=22 protocol=tcp src-address-list=ssh_blacklistadd action=add-src-to-address-list address-list=ssh_blacklist \address-list-timeout=1w3d chain=input connection-state=new disabled=no \dst-port=22 protocol=tcp src-address-list=ssh_stage3add action=add-src-to-address-list address-list=ssh_stage3 \address-list-timeout=1m chain=input connection-state=new disabled=no \dst-port=22 protocol=tcp src-address-list=ssh_stage2add action=add-src-to-address-list address-list=ssh_stage2 \address-list-timeout=1m chain=input connection-state=new disabled=no \dst-port=22 protocol=tcp src-address-list=ssh_stage1add action=add-src-to-address-list address-list=ssh_stage1 \address-list-timeout=1m chain=input connection-state=new disabled=no \dst-port=22 protocol=tcpadd action=drop chain=forward comment="drop ssh brute downstream" disabled=no \dst-port=22 protocol=tcp src-address-list=ssh_blacklistadd action=add-src-to-address-list address-list="port scanners" \address-list-timeout=2w chain=input comment="Port scanners to list " \disabled=no protocol=tcp psd=21,3s,3,1add action=add-src-to-address-list address-list="port scanners" \address-list-timeout=2w chain=input comment="NMAP FIN Stealth scan" \disabled=no protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urgadd action=add-src-to-address-list address-list="port scanners" \address-list-timeout=2w chain=input comment="SYN/FIN scan" disabled=no \protocol=tcp tcp-flags=fin,synadd action=add-src-to-address-list address-list="port scanners" \address-list-timeout=2w chain=input comment="SYN/RST scan" disabled=no \protocol=tcp tcp-flags=syn,rstadd action=add-src-to-address-list address-list="port scanners" \address-list-timeout=2w chain=input comment="FIN/PSH/URG scan" disabled=no \protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ackadd action=add-src-to-address-list address-list="port scanners" \address-list-timeout=2w chain=input comment="ALL/ALL scan" disabled=no \protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urgadd action=add-src-to-address-list address-list="port scanners" \address-list-timeout=2w chain=input disabled=no protocol=tcp tcp-flags=\!fin,!syn,!rst,!psh,!ack,!urgadd action=drop chain=input comment="dropping port scanners" disabled=no \src-address-list="port scanners"add action=drop chain=forward comment="dropping port scanners" disabled=no \src-address-list="port scanners"add action=accept chain=forward disabled=no protocol=tcp src-port=80add action=accept chain=forward disabled=no dst-port=80 protocol=tcpadd action=accept chain=forward disabled=no protocol=tcp src-port=443add action=accept chain=forward disabled=no dst-port=443 protocol=tcpadd action=accept chain=forward disabled=no protocol=udp src-port=53add action=accept chain=forward disabled=no dst-port=53 protocol=udpadd action=accept chain=forward disabled=no protocol=tcp src-port=53add action=accept chain=forward disabled=no dst-port=53 protocol=tcpadd action=accept chain=forward disabled=no protocol=tcp src-port=1433add action=accept chain=forward disabled=no dst-port=1433 protocol=tcpadd action=accept chain=forward disabled=no protocol=tcp src-port=21add action=accept chain=forward disabled=no dst-port=21 protocol=tcpadd action=accept chain=forward disabled=no protocol=udp src-port=67add action=accept chain=forward disabled=no dst-port=67 protocol=udpadd action=accept chain=forward disabled=no protocol=udp src-port=68add action=accept chain=forward disabled=no dst-port=68 protocol=udpadd action=accept chain=forward comment="Autorizacion de uso del puerto 25" \disabled=no protocol=tcp src-address-list="Excepcion correo" src-port=25add action=accept chain=forward comment="Autorizacion de uso del puerto 25" \disabled=no dst-port=25 protocol=tcp src-address-list="Excepcion correo"add action=accept chain=forward comment="Autorizacion de uso del puerto 110" \disabled=no protocol=tcp src-address-list="Excepcion correo" src-port=110add action=accept chain=forward comment="Autorizacion de uso del puerto 110" \disabled=no dst-port=110 protocol=tcp src-address-list="Excepcion correo"add action=drop chain=forward comment="Bloquea spammer o usuarios infectados." \disabled=no protocol=tcp src-address-list=spammer src-port=25add action=drop chain=forward comment="Bloquea spammer o usuarios infectados." \disabled=no dst-port=25 protocol=tcp src-address-list=spammeradd action=drop chain=forward comment="Bloquea spammer o usuarios infectados." \disabled=no protocol=tcp src-address-list=spammer src-port=110add action=drop chain=forward comment="Bloquea spammer o usuarios infectados." \disabled=no dst-port=110 protocol=tcp src-address-list=spammeradd action=drop chain=forward disabled=yes protocol=tcpadd action=add-src-to-address-list address-list=spammer address-list-timeout=2h \chain=forward comment=spammer connection-limit=5,32 disabled=no dst-port=25 \limit=10,5 protocol=tcpadd action=drop chain=forward disabled=no dst-port=25 protocol=tcp \src-address-list=spammer
Imprimir
Ir Arriba Páginas1
Acciones del Usuario