Configuração basica de segurança no firewall do mikrotik

Ver o tópico anterior Ver o tópico seguinte Ir em baixo

Configuração basica de segurança no firewall do mikrotik

Mensagem  demattos em Seg 11 Fev - 12:20

Boa tarde, mais uma lista de regras que podem ser aplicadas ao firewall do seu mikrotik, mas faça com moderação teste antes de colocar em produção para não ter imprevistos.

segue um lista de regras

Código:
#Bloqueando scanners
#em: /ip firewall filter

add chain=input protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg action=add-src-to-address-list address-list=”port scanners” address-list-timeout=2w comment=”NMAP FIN Stealth scan”

add chain=input protocol=tcp psd=21,3s,3,1 action=add-src-to-address-list address-list=”port scanners” address-list-timeout=2w comment=”Port scanners to list ” disabled=no

add chain=input protocol=tcp tcp-flags=fin,syn action=add-src-to-address-list address-list=”port scanners” address-list-timeout=2w comment=”SYN/FIN scan”

add chain=input protocol=tcp tcp-flags=syn,rst action=add-src-to-address-list address-list=”port scanners” address-list-timeout=2w comment=”SYN/RST scan”

add chain=input protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack action=add-src-to-address-list address-list=”port scanners” address-list-timeout=2w comment=”FIN/PSH/URG scan”

add chain=input protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg action=add-src-to-address-list address-list=”port scanners” address-list-timeout=2w comment=”ALL/ALL scan”

add chain=input protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg action=add-src-to-address-list address-list=”port scanners” address-list-timeout=2w comment=”NMAP NULL scan”



#e bloqueando a lista:
add chain=input src-address-list=”port scanners” action=drop comment=”dropping port scanners” disabled=no




#Pacotes Invalidos

add chain=input connection-state=established comment=”Accept established connections”
add chain=input connection-state=related comment=”Accept related connections”
add chain=input connection-state=invalid action=drop comment=”Drop invalid connections”
add chain=input protocol=udp action=accept comment=”UDP” disabled=no
add chain=input protocol=icmp limit=50/5s,2 comment=”Allow limited pings”
add chain=input protocol=icmp action=drop comment=”Drop excess pings”
add chain=input protocol=tcp dst-port=22 comment=”SSH for secure shell”
add chain=input protocol=tcp dst-port=8291 comment=”winbox”

#Bloq Virus

add chain=virus protocol=tcp dst-port=135-139 action=drop comment=”Drop Blaster Worm”
add chain=virus protocol=udp dst-port=135-139 action=drop comment=”Drop Messenger Worm”
add chain=virus protocol=tcp dst-port=445 action=drop comment=”Drop Blaster Worm”
add chain=virus protocol=udp dst-port=445 action=drop comment=”Drop Blaster Worm”
add chain=virus protocol=tcp dst-port=593 action=drop comment=”________”
add chain=virus protocol=tcp dst-port=1024-1030 action=drop comment=”________”
add chain=virus protocol=tcp dst-port=1080 action=drop comment=”Drop MyDoom”
add chain=virus protocol=tcp dst-port=1214 action=drop comment=”________”
add chain=virus protocol=tcp dst-port=1363 action=drop comment=”ndm requester”
add chain=virus protocol=tcp dst-port=1364 action=drop comment=”ndm server”
add chain=virus protocol=tcp dst-port=1368 action=drop comment=”screen cast”
add chain=virus protocol=tcp dst-port=1373 action=drop comment=”hromgrafx”
add chain=virus protocol=tcp dst-port=1377 action=drop comment=”cichlid”
add chain=virus protocol=tcp dst-port=1433-1434 action=drop comment=”Worm”
add chain=virus protocol=tcp dst-port=2745 action=drop comment=”Bagle Virus”
add chain=virus protocol=tcp dst-port=2283 action=drop comment=”Drop Dumaru.Y”
add chain=virus protocol=tcp dst-port=2535 action=drop comment=”Drop Beagle”
add chain=virus protocol=tcp dst-port=2745 action=drop comment=”Drop Beagle.C-K”
add chain=virus protocol=tcp dst-port=3127-3128 action=drop comment=”Drop MyDoom”
add chain=virus protocol=tcp dst-port=3410 action=drop comment=”Drop Backdoor OptixPro”
add chain=virus protocol=tcp dst-port=4444 action=drop comment=”Worm”
add chain=virus protocol=udp dst-port=4444 action=drop comment=”Worm”
add chain=virus protocol=tcp dst-port=5554 action=drop comment=”Drop Sasser”
add chain=virus protocol=tcp dst-port=8866 action=drop comment=”Drop Beagle.B”
add chain=virus protocol=tcp dst-port=9898 action=drop comment=”Drop Dabber.A-B”
add chain=virus protocol=tcp dst-port=10000 action=drop comment=”Drop Dumaru.Y”
add chain=virus protocol=tcp dst-port=10080 action=drop comment=”Drop MyDoom.B”
add chain=virus protocol=tcp dst-port=12345 action=drop comment=”Drop NetBus”
add chain=virus protocol=tcp dst-port=17300 action=drop comment=”Drop Kuang2?
add chain=virus protocol=tcp dst-port=27374 action=drop comment=”Drop SubSeven”
add chain=virus protocol=tcp dst-port=65506 action=drop comment=”Drop PhatBot, Agobot, Gaobot”

#colocar la no inicio para verificar primeiro se e virus

add chain=forward action=jump jump-target=virus comment=”jump to the virus chain”





#prevenir ssh brute force
#/ip firewall filter

add chain=input protocol=tcp dst-port=22 src-address-list=ssh_blacklist action=drop comment=”drop ssh brute forcers” disabled=no

add chain=input protocol=tcp dst-port=22 connection-state=new src-address-list=ssh_stage3 action=add-src-to-address-list address-list=ssh_blacklist address-list-timeout=10d comment=”” disabled=no

add chain=input protocol=tcp dst-port=22 connection-state=new src-address-list=ssh_stage2 action=add-src-to-address-list address-list=ssh_stage3 address-list-timeout=1m comment=”” disabled=no

add chain=input protocol=tcp dst-port=22 connection-state=new src-address-list=ssh_stage1 action=add-src-to-address-list address-list=ssh_stage2 address-list-timeout=1m comment=”” disabled=no

add chain=input protocol=tcp dst-port=22 connection-state=new action=add-src-to-address-list address-list=ssh_stage1 address-list-timeout=1m comment=”” disabled=no
Bom uso


abraço a todos

_________________
Rodrigo Rodrigues de Mattos
Téc. em Eletronica
Usuario Linux e mikrotik
avatar
demattos
MODERADOR
MODERADOR

Mensagens : 674
Pontos : 103476
Reputação : 1609
Data de inscrição : 02/02/2012
Idade : 40
Localização : criciuma / SC

Ver perfil do usuário http://www.criciumanet.com.br

Voltar ao Topo Ir em baixo

Re: Configuração basica de segurança no firewall do mikrotik

Mensagem  Marcio Marques em Seg 11 Fev - 12:54

100 % demattos !

_________________
Analista de Sistemas e Consultoria para Provedores de Internet
avatar
Marcio Marques
ADMINISTRADOR FUNDADOR
ADMINISTRADOR FUNDADOR

Mensagens : 1226
Pontos : 104727
Reputação : 3215
Data de inscrição : 02/02/2012
Idade : 46
Localização : Belo Horizonte

Ver perfil do usuário http://marquescsh.blogspot.com

Voltar ao Topo Ir em baixo

Ver o tópico anterior Ver o tópico seguinte Voltar ao Topo

- Tópicos similares

 
Permissão deste fórum:
Você não pode responder aos tópicos neste fórum