Just another blogspot: UPDATE IP BLACKLIST SSH & PORT SCANNERS for RouterOS 5.26 [11-10-2014]

I got these shit on my machine.

# oct/11/2014 22:20:00 by RouterOS 5.26
/ip firewall address-list
add address=123.125.219.130 disabled=no list=ssh_blacklist
add address=122.225.103.97 disabled=no list=ssh_blacklist
add address=96.254.171.2 disabled=no list=ssh_blacklist
add address=122.225.109.205 disabled=no list=ssh_blacklist
add address=122.225.109.119 disabled=no list=ssh_blacklist
add address=61.174.51.209 disabled=no list=ssh_blacklist
add address=122.225.109.104 disabled=no list=ssh_blacklist
add address=218.2.0.132 disabled=no list=ssh_blacklist
add address=61.174.51.199 disabled=no list=ssh_blacklist
add address=122.225.109.219 disabled=no list=ssh_blacklist
add address=96.254.171.2 disabled=no list="port scanners"
add address=222.219.187.9 disabled=no list=ssh_blacklist
add address=61.133.211.118 disabled=no list=ssh_blacklist
add address=61.174.51.235 disabled=no list=ssh_blacklist
add address=61.174.50.216 disabled=no list=ssh_blacklist
add address=122.225.109.196 disabled=no list=ssh_blacklist
add address=61.174.50.178 disabled=no list=ssh_blacklist
add address=117.27.158.95 disabled=no list=ssh_blacklist
add address=61.174.51.214 disabled=no list=ssh_blacklist
add address=204.93.154.200 disabled=no list="port scanners"
add address=122.225.109.118 disabled=no list=ssh_blacklist
add address=218.2.0.125 disabled=no list=ssh_blacklist
add address=204.93.154.220 disabled=no list="port scanners"
add address=61.174.50.177 disabled=no list=ssh_blacklist
add address=122.225.109.123 disabled=no list=ssh_blacklist
add address=61.174.51.221 disabled=no list=ssh_blacklist
add address=108.166.162.131 disabled=no list="port scanners"
add address=61.174.51.207 disabled=no list=ssh_blacklist
add address=61.174.50.161 disabled=no list=ssh_blacklist
add address=122.225.109.213 disabled=no list=ssh_blacklist
add address=122.225.109.122 disabled=no list=ssh_blacklist
add address=122.225.109.199 disabled=no list=ssh_blacklist
add address=61.174.51.210 disabled=no list=ssh_blacklist
add address=61.174.51.203 disabled=no list=ssh_blacklist
add address=93.174.93.119 disabled=no list=ssh_blacklist
add address=218.2.0.123 disabled=no list=ssh_blacklist
add address=122.225.109.198 disabled=no list=ssh_blacklist
add address=119.167.223.87 disabled=no list=ssh_blacklist
add address=61.174.51.219 disabled=no list=ssh_blacklist
add address=117.27.158.89 disabled=no list=ssh_blacklist
add address=61.174.51.229 disabled=no list=ssh_blacklist
add address=218.2.0.121 disabled=no list=ssh_blacklist
add address=93.174.93.218 disabled=no list="port scanners"

don't forget put these filter at your firewall

# oct/11/2014 22:23:44 by RouterOS 5.26
/ip firewall filter
add action=drop chain=input comment=\
    "####### DROP BRUTEFORCE SSH & BANNED 10 DAYS AFTER REPEATATIVE"\
    disabled=no dst-port=22 protocol=tcp src-address-list=ssh_blacklist
add action=add-src-to-address-list address-list=ssh_blacklist \
    address-list-timeout=1w3d chain=input connection-state=new disabled=no \
    dst-port=22 protocol=tcp src-address-list=ssh_stage3
add action=add-src-to-address-list address-list=ssh_stage3 \
    address-list-timeout=1m chain=input connection-state=new disabled=no \
    dst-port=22 protocol=tcp src-address-list=ssh_stage2
add action=add-src-to-address-list address-list=ssh_stage2 \
    address-list-timeout=1m chain=input connection-state=new disabled=no \
    dst-port=22 protocol=tcp src-address-list=ssh_stage1
add action=add-src-to-address-list address-list=ssh_stage1 \
    address-list-timeout=1m chain=input connection-state=new disabled=no \
    dst-port=22 protocol=tcp
add action=add-src-to-address-list address-list="port scanners" \
    address-list-timeout=2w chain=input comment="##### DROP PorT SCANNER" \
    disabled=no protocol=tcp psd=21,3s,3,1
add action=add-src-to-address-list address-list="port scanners" \
    address-list-timeout=2w chain=input disabled=no protocol=tcp tcp-flags=\
    fin,!syn,!rst,!psh,!ack,!urg
add action=add-src-to-address-list address-list="port scanners" \
    address-list-timeout=2w chain=input disabled=no protocol=tcp tcp-flags=\
    fin,syn
add action=add-src-to-address-list address-list="port scanners" \
    address-list-timeout=2w chain=input disabled=no protocol=tcp tcp-flags=\
    syn,rst
add action=add-src-to-address-list address-list="port scanners" \
    address-list-timeout=2w chain=input disabled=no protocol=tcp tcp-flags=\
    fin,psh,urg,!syn,!rst,!ack
add action=add-src-to-address-list address-list="port scanners" \
    address-list-timeout=2w chain=input disabled=no protocol=tcp tcp-flags=\
    fin,syn,rst,psh,ack,urg
add action=add-src-to-address-list address-list="port scanners" \
    address-list-timeout=2w chain=input disabled=no protocol=tcp tcp-flags=\
    !fin,!syn,!rst,!psh,!ack,!urg
add action=drop chain=input disabled=no src-address-list="port scanners"

Just another blogspot

Saturday, 11 October 2014

UPDATE IP BLACKLIST SSH & PORT SCANNERS for RouterOS 5.26 [11-10-2014]

No comments:

Post a Comment