1. Уважаемые пользователи форума Хакер, с сегодняшнего дня все непроверенные пользователи разместившие своё объявление или софт в темах форума будут удалены, хотим заметить что будут удаленны не пользователи форума а (услуга - софт) который разместил пользователь, теперь будет размещаться только проверенный софт или услуга. Просим вас соблюдать правила форума! всем удачи в нашем деле ;)

MIKROTIK

Тема в разделе "Железо", создана пользователем D1M0N, 4 июн 2017.

  1. Конфиги, проблемы, решения...

    размещаю текстом - файл не лепится к сообщению...
    было время искал нормальный конфиг файрвола на микротик 951
    вот собрал с частей
    брутфорс и скан портов в блеклист сажает и блочит
    активность вирусов также..
     
    #1 D1M0N, 4 июн 2017
    Последнее редактирование модератором: 4 июн 2017
  2. /ip firewall address-list
    add address=192.168.1.0/24 comment=LAN list=support
    add address=0.0.0.0/8 comment="Self-Identification [RFC 3330]" list=bogons
    add address=10.0.0.0/8 comment="Private[RFC 1918] - CLASS A # Check if you nee\
    d this subnet before enable it" list=bogons
    add address=127.0.0.0/16 comment="Loopback [RFC 3330]" list=bogons
    add address=169.254.0.0/16 comment="Link Local [RFC 3330]" list=bogons
    add address=172.16.0.0/12 comment="Private[RFC 1918] - CLASS B # Check if you \
    need this subnet before enable it" list=bogons
    add address=192.168.0.0/16 comment="Private[RFC 1918] - CLASS C # Check if you\
    \_need this subnet before enable it" list=bogons
    add address=192.0.2.0/24 comment="Reserved - IANA - TestNet1" list=bogons
    add address=192.88.99.0/24 comment="6to4 Relay Anycast [RFC 3068]" list=\
    bogons
    add address=198.18.0.0/15 comment="NIDB Testing" list=bogons
    add address=198.51.100.0/24 comment="Reserved - IANA - TestNet2" list=bogons
    add address=203.0.113.0/24 comment="Reserved - IANA - TestNet3" list=bogons
    add address=224.0.0.0/4 comment=\
    "MC, Class D, IANA # Check if you need this subnet before enable it" \
    list=bogons
    add address=192.168.10.0/24 comment=VPN list=support
    /ip firewall filter
    add action=fasttrack-connection chain=forward comment=Fasttrack \
    connection-state=established,related
    add action=accept chain=forward comment=Fasttrack connection-state=\
    established,related
    add action=drop chain=forward comment=Fasttrack connection-state=invalid
    add action=add-src-to-address-list address-list=Syn_Flooder \
    address-list-timeout=30m chain=input comment=\
    "Add Syn Flood IP to the list" connection-limit=30,32 protocol=tcp \
    tcp-flags=syn
    add action=drop chain=input comment="Drop to syn flood list" \
    src-address-list=Syn_Flooder
    add action=add-src-to-address-list address-list=DNS_Flood \
    address-list-timeout=1h chain=input comment="DNS flood add list" \
    dst-port=53 in-interface=ether1-gateway protocol=udp
    add action=drop chain=input comment="Drop DNS flood" src-address-list=\
    DNS_Flood
    add action=add-src-to-address-list address-list=Port_Scanner \
    address-list-timeout=2w chain=input comment="NMAP FIN Stealth scan" \
    protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg
    add action=add-src-to-address-list address-list=Port_Scanner \
    address-list-timeout=2w chain=input comment="SYN/FIN scan" protocol=tcp \
    tcp-flags=fin,syn
    add action=add-src-to-address-list address-list=Port_Scanner \
    address-list-timeout=2w chain=input comment="SYN/RST scan" protocol=tcp \
    tcp-flags=syn,rst
    add action=add-src-to-address-list address-list=Port_Scanner \
    address-list-timeout=2w chain=input comment="FIN/PSH/URG scan" protocol=\
    tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack
    add action=add-src-to-address-list address-list=Port_Scanner \
    address-list-timeout=2w chain=input comment="ALL/ALL scan" protocol=tcp \
    tcp-flags=fin,syn,rst,psh,ack,urg
    add action=add-src-to-address-list address-list=Port_Scanner \
    address-list-timeout=2w chain=input comment="NMAP NULL scan" protocol=tcp \
    tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
    add action=add-src-to-address-list address-list=Port_Scanner \
    address-list-timeout=1w chain=input comment="Port Scanner Detect" \
    protocol=tcp psd=21,3s,3,1
    add action=drop chain=input comment="Drop to port scan list" \
    src-address-list=Port_Scanner
    add action=jump chain=input comment="Jump for icmp input flow" jump-target=\
    ICMP protocol=icmp
    add action=drop chain=input comment="Block all access to the winbox - except t\
    o support list # DO NOT ENABLE THIS RULE BEFORE ADD YOUR SUBNET IN THE SUP\
    PORT ADDRESS LIST" dst-port=8291 protocol=tcp src-address-list=!support
    add action=jump chain=forward comment="Jump for icmp forward flow" \
    jump-target=ICMP protocol=icmp
    add action=drop chain=forward comment="Drop to bogon list" dst-address-list=\
    bogons
    add action=add-src-to-address-list address-list=spammers \
    address-list-timeout=3h chain=forward comment=\
    "Add Spammers to the list for 3 hours" connection-limit=30,32 dst-port=\
    25,587 limit=30/1m,0:packet protocol=tcp
    add action=drop chain=forward comment="Avoid spammers action" dst-port=25,587 \
    protocol=tcp src-address-list=spammers
    add action=add-src-to-address-list address-list=spammers \
    address-list-timeout=1w3d chain=forward comment=\
    "\"Detect and add-list SMTP virus or spammers\"" connection-limit=30,32 \
    dst-port=25 limit=50,5:packet protocol=tcp
    add action=drop chain=forward comment="\"BLOCK SPAMMERS OR INFECTED USERS\"" \
    dst-port=25 protocol=tcp src-address-list=spammers
    add action=add-src-to-address-list address-list=ssh_stage1 \
    address-list-timeout=1m chain=input connection-state=new dst-port=22 \
    protocol=tcp
    add action=add-src-to-address-list address-list=ssh_stage2 \
    address-list-timeout=1m chain=input connection-state=new dst-port=22 \
    protocol=tcp src-address-list=ssh_stage1
    add action=add-src-to-address-list address-list=ssh_stage3 \
    address-list-timeout=1m chain=input connection-state=new dst-port=22 \
    protocol=tcp src-address-list=ssh_stage2
    add action=add-src-to-address-list address-list=ssh_blacklist \
    address-list-timeout=1w3d chain=input connection-state=new dst-port=22 \
    protocol=tcp src-address-list=ssh_stage3
    add action=drop chain=input comment="drop ssh brute forcers" dst-port=22 \
    protocol=tcp src-address-list=ssh_blacklist
    add action=drop chain=forward comment="drop ssh brute downstream" dst-port=22 \
    protocol=tcp src-address-list=ssh_blacklist
    add chain=output content="530 Login incorrect" dst-limit=\
    1/1m,9,dst-address/1m protocol=tcp
    add action=accept chain=input comment="Accept DNS - UDP" port=53 protocol=udp
    add chain=input comment="Accept DNS - TCP" port=53 protocol=tcp
    add chain=input comment="Accept to established connections" connection-state=\
    established protocol=tcp
    add chain=input comment="Accept to related connections" connection-state=\
    related protocol=tcp
    add chain=input comment="Full access to SUPPORT address list" \
    src-address-list=support
    add action=accept chain=input comment="allow NTP" dst-port=123 protocol=udp
    add action=accept chain=input comment="allow l2tp" dst-port=1701 protocol=udp
    add action=accept chain=input comment="allow pptp" dst-port=1723 protocol=tcp
    add action=accept chain=input comment="allow sstp" dst-port=443 protocol=tcp
    add action=drop chain=input comment="Drop anything else! # DO NOT ENABLE THIS \
    RULE BEFORE YOU MAKE SURE ABOUT ALL ACCEPT RULES YOU NEED"
    add chain=ICMP comment="Echo request - Avoiding Ping Flood" icmp-options=8:0 \
    limit=1,5:packet protocol=icmp
    add chain=ICMP comment="Echo reply" icmp-options=0:0 protocol=icmp
    add chain=ICMP comment="Time Exceeded" icmp-options=11:0 protocol=icmp
    add chain=ICMP comment="Destination unreachable" icmp-options=3:0-1 protocol=\
    icmp
    add chain=ICMP comment=PMTUD icmp-options=3:4 protocol=icmp
    add action=drop chain=ICMP comment="Drop to the other ICMPs" protocol=icmp
    add action=jump chain=output comment="Jump for icmp output" jump-target=ICMP \
    protocol=icmp
    add chain=forward comment="allow established connections" connection-state=\
    established
    add chain=forward comment="allow related connections" connection-state=\
    related
    add action=drop chain=forward comment="drop invalid connections" \
    connection-state=invalid
     
  3. add action=drop chain=virus comment="Drop Blaster Worm" dst-port=135-139 \
    protocol=tcp
    add action=drop chain=virus comment="Drop Messenger Worm" dst-port=135-139 \
    protocol=udp
    add action=drop chain=virus comment="Drop Blaster Worm" dst-port=445 \
    protocol=tcp
    add action=drop chain=virus comment="Drop Blaster Worm" dst-port=445 \
    protocol=udp
    add action=drop chain=virus comment=________ dst-port=593 protocol=tcp
    add action=drop chain=virus comment=________ dst-port=1024-1030 protocol=tcp
    add action=drop chain=virus comment="Drop MyDoom" dst-port=1080 protocol=tcp
    add action=drop chain=virus comment=________ dst-port=1214 protocol=tcp
    add action=drop chain=virus comment="ndm requester" dst-port=1363 protocol=\
    tcp
    add action=drop chain=virus comment="ndm server" dst-port=1364 protocol=tcp
    add action=drop chain=virus comment="screen cast" dst-port=1368 protocol=tcp
    add action=drop chain=virus comment=hromgrafx dst-port=1373 protocol=tcp
    add action=drop chain=virus comment=cichlid dst-port=1377 protocol=tcp
    add action=drop chain=virus comment=Worm dst-port=1433-1434 protocol=tcp
    add action=drop chain=virus comment="Bagle Virus" dst-port=2745 protocol=tcp
    add action=drop chain=virus comment="Drop Dumaru.Y" dst-port=2283 protocol=\
    tcp
    add action=drop chain=virus comment="Drop Beagle" dst-port=2535 protocol=tcp
    add action=drop chain=virus comment="Drop Beagle.C-K" dst-port=2745 protocol=\
    tcp
    add action=drop chain=virus comment="Drop MyDoom" dst-port=3127-3128 \
    protocol=tcp
    add action=drop chain=virus comment="Drop Backdoor OptixPro" dst-port=3410 \
    protocol=tcp
    add action=drop chain=virus comment=Worm dst-port=4444 protocol=tcp
    add action=drop chain=virus comment=Worm dst-port=4444 protocol=udp
    add action=drop chain=virus comment="Drop Sasser" dst-port=5554 protocol=tcp
    add action=drop chain=virus comment="Drop Beagle.B" dst-port=8866 protocol=\
    tcp
    add action=drop chain=virus comment="Drop Dabber.A-B" dst-port=9898 protocol=\
    tcp
    add action=drop chain=virus comment="Drop Dumaru.Y" dst-port=10000 protocol=\
    tcp
    add action=drop chain=virus comment="Drop MyDoom.B" dst-port=10080 protocol=\
    tcp
    add action=drop chain=virus comment="Drop NetBus" dst-port=12345 protocol=tcp
    add action=drop chain=virus comment="Drop Kuang2" dst-port=17300 protocol=tcp
    add action=drop chain=virus comment="Drop SubSeven" dst-port=27374 protocol=\
    tcp
    add action=drop chain=virus comment="Drop PhatBot, Agobot, Gaobot" dst-port=\
    65506 protocol=tcp
    add action=jump chain=forward comment="jump to the virus chain" jump-target=\
    virus
    add chain=forward comment="Allow HTTP" dst-port=80 protocol=tcp
    add chain=forward comment="Allow SMTP" dst-port=25 protocol=tcp
    add chain=forward comment="allow TCP" protocol=tcp
    add chain=forward comment="allow ping" protocol=icmp
    add chain=forward comment="allow udp" protocol=udp
    add action=drop chain=forward comment="drop everything else"
    /ip firewall mangle
    add action=change-ttl chain=prerouting new-ttl=increment:1 passthrough=yes
    /ip firewall nat
    add action=masquerade chain=srcnat comment="default configuration" \
    out-interface=ether1-gateway to-addresses=0.0.0.0
    add action=masquerade chain=srcnat comment="masq. vpn traffic" src-address=\
    192.168.89.0/24
     
  4. Посоветуйте , чем восстановить пароль на RB951Ui-2Hnd c firmware v6.40.3 из MikroTik.backup ,старая версия MikroTik Password Recovery Tool Windows уже не работает ?