Tuesday, September 9, 2008

Brute password dari IP Asing via FTP

Brute password dari IP Asing via FTP.

Nih kayak gini nih:

echo: system,error,critical login failure for user test from 75.126.175.155 via ftp
echo: system,error,critical login failure for user admin from 75.126.175.155 via ftp
echo: system,error,critical login failure for user admin from 75.126.175.155 via ftp
[cose@rtr.toniecose.net] >

echo: system,error,critical login failure for user root from 75.126.175.155 via ftp
echo: system,error,critical login failure for user test from 75.126.175.155 via ftp
[cose@rtr.toniecose.net] >
echo: system,error,critical login failure for user admin from 75.126.175.155 via ftp
echo: system,error,critical login failure for user admin from 75.126.175.155 via ftp
echo: system,error,critical login failure for user root from 75.126.175.155 via ftp
echo: system,error,critical login failure for user test from 75.126.175.155 via ftp
[cose@rtr.toniecose.net] >

Solusi yg paling mudah yaitu :

* Pertama cek dengan Whois Tool siapa pemilik Ip tersebut dan berapa range IP nya, ternyata range Ip dia 75.126.0.0/16
* Masuk Ke bagian Firewall Mikrotik

/ip firewall address-list
add list=ftp_blacklist address=75.126.0.0/16

* kemudian Masuk ke Bagian Filter /ip firewall filter
* Buat Chain Seperti berikut

add chain=input protocol=tcp dst-port=21 src-address-list=ftp_blacklist action=drop \
comment=”drop ftp brute password”

add chain=output action=accept protocol=tcp content=”530 Login incorrect” dst-limit=1/1m,9,dst-address/1m

add chain=output action=add-dst-to-address-list protocol=tcp content=”530 Login incorrect” \
address-list=ftp_blacklist address-list-timeout=3h

* Artinya Selama 1 menit maka hanya diijinkan melakukan 10 kali kesalahan login


Semoga bermanfaat bagi yg lainnya..

Salam.

Diposting oleh di

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)