Beberapa hari ini mikrotik di jaringan kami sering ada log merah yang tulisannya seperti berikut.
echo: system,error,critical login failure for user master from 67.225.209.238 via ssh
[admin@Sumo] >
echo: system,error,critical login failure for user apache from 67.225.209.238 via ssh
[admin@Sumo] >
echo: system,error,critical login failure for user root from 67.225.209.238 via ssh
[admin@Sumo] >
echo: system,error,critical login failure for user root from 67.225.209.238 via ssh
[admin@Sumo] >
echo: system,error,critical login failure for user root from 67.225.209.238 via ssh
[admin@Sumo] >
echo: system,error,critical login failure for user root from 67.225.209.238 via ssh
[admin@Sumo] >
echo: system,error,critical login failure for user root from 67.225.209.238 via ssh
[admin@Sumo] >
echo: system,error,critical login failure for user admin from 67.225.209.238 via ssh
[admin@Sumo] >
echo: system,error,critical login failure for user admin from 67.225.209.238 via ssh
[admin@Sumo] >
echo: system,error,critical login failure for user admin from 67.225.209.238 via ssh
[admin@Sumo] >
echo: system,error,critical login failure for user admin from 67.225.209.238 via ssh
kalau di cek IP adressnya ternyata dari luar negri. Namun setelah googling kesana kemari ternyata katanya log itu adalah log penyusup atau bisa di bilang ada yang coba hack mikrtoik kita. Dari forum mikrotik ternyata ada solusi ampuh untuk mengatasi hal ini. Berikut Rulenya yang bisa anda pasang di mikrotik anda untuk mengamankan mikrotik anda dari penyusup.
Ini adalah rule yang saya dapat dari forum mikrotik.
in /ip firewall filter
add chain=input protocol=tcp dst-port=21 src-address-list=ftp_blacklist action=drop \
comment="drop ftp brute forcers"
add chain=output action=accept protocol=tcp content="530 Login incorrect" dst-limit=1/1m,9,dst-address/1m
add chain=output action=add-dst-to-address-list protocol=tcp content="530 Login incorrect" \
address-list=ftp_blacklist address-list-timeout=3h
Setelah rule di atas tambahkan juga rule dibawah ini
in /ip firewall filter
add chain=input protocol=tcp dst-port=22 src-address-list=ssh_blacklist action=drop \
comment="drop ssh brute forcers" disabled=no
add chain=input protocol=tcp dst-port=22 connection-state=new \
src-address-list=ssh_stage3 action=add-src-to-address-list address-list=ssh_blacklist \
address-list-timeout=10d comment="" disabled=no
add chain=input protocol=tcp dst-port=22 connection-state=new \
src-address-list=ssh_stage2 action=add-src-to-address-list address-list=ssh_stage3 \
address-list-timeout=1m comment="" disabled=no
add chain=input protocol=tcp dst-port=22 connection-state=new src-address-list=ssh_stage1 \
action=add-src-to-address-list address-list=ssh_stage2 address-list-timeout=1m comment="" disabled=no
add chain=input protocol=tcp dst-port=22 connection-state=new action=add-src-to-address-list \
address-list=ssh_stage1 address-list-timeout=1m comment="" disabled=no
Setelah itu terakir tambahkan rule berikut.
add chain=forward protocol=tcp dst-port=22 src-address-list=ssh_blacklist action=drop \
comment="drop ssh brute downstream" disabled=no
Sumber
http://wiki.mikrotik.com/wiki/Bruteforce_login_prevention_%28FTP_%26_SSH%29
Semoga bermanfaat
terima kasih gan buat infonya.. berguna sekali.. ane coba terapin di mikrotik ane.. ini cara yang berbeda.. Bismillah semoga ampuh
ReplyDeletedownload mikrotik dimna mas.??
ReplyDeletemikrotik beli aja boss. routerboard mikrotik sekarang murah kok
Deletekalo pakai winbox caranya gimana mas?
ReplyDeleteitu juga pake winbox bossss
Deleteterima kasih gan, sangat berguna
ReplyDeleteterima kasih banyak gan info nya, ane coba praktekan di microtik ane langsung
ReplyDelete