Archive for the ‘ Mikrotik ’ Category

Drop SSH Brute Force di Mikrotik

Skrip pesanan ‘Aldy’, untuk mendeteksi usaha bruteforce ssh di port 22, silakan disesuaikan bila port yang akan dideteksi bukan di port default nya.

Alur skrip :

  1. stage1 mendaftarkan ip sumber ke dalam address-list selama 1 menit.
  2. apabila dalam 1 menit di stage1 ada usaha login berikut nya lagi, masukan di address-list stage2 dan :
  3. usaha login ssh yang ketiga kali maka source address ybs akan dimasukan blacklist ip dengan rentang dropĀ  selama 1 minggu + 3 hari.

selamat mencoba, DWYOR!

 

 

Tuts khusus, di request om narno yang cakep…!

Kalo udah bisa, jangan lupa ip address pc admin nya jangan masukan di list blocked…

Pengaturan beda bandwith untuk mikrotik, contoh nya seperti dibawah ini (sesuaikan dengan kondisi jaringan anda) :

1. Persiapan NICE.RSC

/system scheduler
add comment=update-nice interval=1w name=update-nice-rsc on-event=”:if ([:len \
[/file find name=nice.rsc]] > 0) do={ /file remove nice.rsc }; /tool fetch\
\_address=ixp.mikrotik.co.id src-path=/download/nice.rsc mode=http; /impor\
t nice.rsc” policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=\
jan/01/1970 start-time=06:00:00

2. Persiapan Mangle

/ip firewall mangle
add action=mark-connection chain=forward dst-address-list=nice \
new-connection-mark=conn-IIX-04 src-address=192.168.12.0/24
add action=mark-connection chain=forward dst-address-list=!nice \
new-connection-mark=conn-INT-04 src-address=192.168.12.0/24
add action=mark-packet chain=forward connection-mark=conn-IIX-04 \
new-packet-mark=IIX-04
add action=mark-packet chain=forward connection-mark=conn-INT-04 \
new-packet-mark=INT-04

3. Persiapan Queue

/queue tree
add burst-limit=21M burst-threshold=1M burst-time=1m30s comment=”Main BW” \
max-limit=14M name=Total-Download parent=bridge1_dmz queue=default
add burst-limit=21M burst-threshold=1M burst-time=1m30s max-limit=14M name=\
Download-IIX parent=Total-Download queue=default
add burst-limit=21M burst-threshold=1M burst-time=1m30s max-limit=14M name=\
Download-INT parent=Total-Download queue=default

add name=lokal-041 \
packet-mark=IIX-04 parent=Download-IIX queue=default
add burst-limit=4M burst-threshold=512k burst-time=20s \
max-limit=2M name=lokal-042 \
packet-mark=INT-04 parent=Download-INT queue=default