Summit Gateway WiKi

User Tools

Site Tools

Trace: mikrotik_security
wiki:mikrotik_security

infra-security.pdf

portknock.pdf

  • /user set [find name=aminul] password=scl1234
  • /ip service
  • set telnet disabled=yes
  • set ftp disabled=yes
  • set ssh disabled=yes
  • /ip firewall service-port
  • set ftp disabled=yes
  • set tftp disabled=yes
  • set irc disabled=yes
  • set h323 disabled=yes
  • set udplite disabled=yes
  • set dccp disabled=yes
  • set sctp disabled=yes
  • /ip firewall filter
  • add action=accept chain=forward dst-port=3129 protocol=tcp
  • add action=drop chain=input dst-port=67-68 protocol=udp
  • add action=drop chain=input comment=“drop ssh brute forcers” dst-port=22 protocol=tcp src-address-list=ssh_blacklist
  • add action=drop chain=forward comment=“drop ssh brute forcers” dst-port=22 protocol=tcp src-address-list=ssh_blacklist
  • add action=add-src-to-address-list address-list=ssh_blacklist address-list-timeout=1w3d chain=input connection-state=new dst-port=22 protocol=tcp \
  • src-address-list=ssh_stage3
  • add action=add-src-to-address-list address-list=ssh_stage3 address-list-timeout=1m chain=input connection-state=new dst-port=22 protocol=tcp \
  • src-address-list=ssh_stage2
  • add action=add-src-to-address-list address-list=ssh_stage2 address-list-timeout=1m chain=input connection-state=new dst-port=22 protocol=tcp \
  • src-address-list=ssh_stage1
  • add action=add-src-to-address-list address-list=ssh_stage1 address-list-timeout=1m chain=input connection-state=new dst-port=22 protocol=tcp
  • add action=drop chain=input dst-port=22 protocol=tcp
  • add action=drop chain=input dst-port=23 protocol=tcp
  • add action=drop chain=input dst-port=21 protocol=tcp
  • add action=drop chain=input protocol=tcp src-port=135-139
  • add action=drop chain=input protocol=udp src-port=135-139
  • add action=drop chain=input protocol=udp src-port=445
  • add action=drop chain=input protocol=tcp src-port=2002,4156,1978,27444,10100,10064,6346,1433,1434,1720,1721,11211
  • add action=drop chain=input protocol=udp src-port=2002,4156,1978,27444,10100,10064,6346,1433,1434,1720,1721,11211
  • add action=drop chain=input protocol=tcp src-port=445
  • add action=drop chain=input protocol=tcp src-port=1718
  • add action=drop chain=input protocol=udp src-port=1718
  • add action=drop chain=input protocol=tcp src-port=1719
  • add action=drop chain=input protocol=udp src-port=1719
  • add action=drop chain=forward dst-port=1718-1720 protocol=udp
  • add action=drop chain=forward dst-port=1718-1720 protocol=tcp
  • add action=drop chain=forward dst-port=11720 protocol=tcp
  • add action=drop chain=forward dst-port=11720 protocol=udp
  • add action=drop chain=forward dst-port=4156 protocol=udp
  • add action=drop chain=forward dst-port=1978 protocol=udp
  • add action=drop chain=forward dst-port=1978 protocol=tcp
  • add action=drop chain=forward dst-port=559 protocol=tcp
  • add action=drop chain=forward dst-port=10100 protocol=udp

wiki/mikrotik_security.txt · Last modified: 2023/04/11 08:02 by summit