小梁电脑科技 发表于 2013-3-25 17:29:55

斩断扫描你的ROS 的黑手档

**** Hidden Message *****斩断扫描你的ROS 的黑手
相信大家谁都想不让别人试图登陆自己的ros,谁都想不让别人来攻击,下面就来看看这个很好的方法:
/ip firewall filter add chain=input protocol=tcp psd=21,3s,3,1 action=add-src-to-address-list address-list="port scanners" address-list-timeout=14d comment="Port scanners to list " disabled=no
/ip firewall filter add chain=input protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg action=add-src-to-address-list address-list="port scanners" address-list-timeout=14d comment="NMAP FIN Stealth scan"
/ip firewall filter add chain=input protocol=tcp tcp-flags=fin,syn action=add-src-to-address-list address-list="port scanners" address-list-timeout=14d comment="SYN/FIN scan"
/ip firewall filter add chain=input protocol=tcp tcp-flags=syn,rst action=add-src-to-address-list address-list="port scanners" address-list-timeout=14d comment="SYN/RST scan"
/ip firewall filter add chain=input protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack action=add-src-to-address-list address-list="port scanners" address-list-timeout=14d comment="FIN/PSH/URG scan"
/ip firewall filter add chain=input protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg action=add-src-to-address-list address-list="port scanners" address-list-timeout=14d comment="ALL/ALL scan"
/ip firewall filter add chain=input protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg action=add-src-to-address-list address-list="port scanners" address-list-timeout=14d comment="NMAP NULL scan"
/ip firewall filter add chain=input src-address-list="port scanners" action=drop comment="dropping port scanners" disabled=no
把上面那些脚本保存为**.rsc文件,上传到ros的ftp里,然后登陆,windox--net terminal:输入命令:inport **.rsc**.rsc文件就是你上传到ftp时候的文件名.
斩断扫描你的ROS 的黑手
哦,解决方法很简单啊,只需要在 firewall 的 filter 里面的 output 增加一条规则就 OK 了,在 general 里面的 protocol 选择 1 icmp ,然后在 action 里面 drop 就可以了!!

懒洋洋和灰太郎 发表于 2013-3-25 18:06:43

                ``

195670246 发表于 2013-6-15 13:29:41

看看吧。。。。
页: [1]
查看完整版本: 斩断扫描你的ROS 的黑手档