QUEUE

PCQ

AUDITORIAS

FACTURACION

INVENTARIO

13
July
2012

Bloquear ataque SSH y FTP

Este script bloquea una ip al noveno intento fallido de conexion, donde al décimo intento, esta ip entra en una lista donde se bloqueará por 3 horas (puedes modificar las horas a tu gusto)

/ip firewall filter
add chain=input protocol=tcp dst-port=21 src-address-list=ftp_blacklist action=drop comment="Bloquear Ataques FTP"
add chain=output action=accept protocol=tcp content="530 Login incorrect" dst-limit=1/1m,9,dst-address/1m
add chain=output action=add-dst-to-address-list protocol=tcp content="530 Login incorrect" address-list=ftp_blacklist address-list-timeout=3h

Este otro script bloquea la ip que intente cuatro intentos fallidos de conexion en un minuto. Esta dirección ingresará a una lista donde se bloqueará cualquier ataque ssh proveniente de esa ip por 10 dias (puedes modificar los días a tu gusto)

/ip firewall filter
add chain=input action=drop protocol=tcp src-address-list=ssh_blacklist dst-port=22 comment="Proteccion VSC contra ataques via SSH" 
add chain=input action=add-src-to-address-list connection-state=new protocol=tcp src-address-list=ssh_stage3 address-list=ssh_blacklist address-list-timeout=1w3d dst-port=22 
add chain=input action=add-src-to-address-list connection-state=new protocol=tcp src-address-list=ssh_stage2 address-list=ssh_stage3 address-list-timeout=1m dst-port=22 
add chain=input action=add-src-to-address-list connection-state=new protocol=tcp src-address-list=ssh_stage1 address-list=ssh_stage2 address-list-timeout=1m dst-port=22 
add chain=input action=add-src-to-address-list connection-state=new protocol=tcp address-list=ssh_stage1 address-list-timeout=1m dst-port=22 

Categories: Scripts

Comments (0)

Leave a comment

You are commenting as guest.