MikroTik Àåºñ¿¡¼­ ÀÚµ¿ ¾÷µ¥ÀÌÆ® µÇ´Â IP reputation List »ç¿ëÇϱâ

¹Ú°Ç   
   Á¶È¸ 9414   Ãßõ 3    

공인 IP에 연결된 장비에는 다양한 공격시도가 들어오곤 합니다.

http://joshaven.com에서는 MikroTik 장비용으로 IP reputation 정보를 address list로 만들어 종종 업데이트 해주곤 하는데, 이를 이용하여 방화벽에서 걸러주면 공인 IP에 노출된 MikroTik장비 혹은 MikroTik 장비의 하단에 노출된 장비로의 부정 접근 시도를 완벽하지는 않지만 어느정도 줄여줄 수 있습니다.


http://joshaven.com 에서 제공하는 리스트에는 몇 가지가 있습니다. 필요하다 싶은 것만 선택해서 사용하시면 됩니다.(2011급 이상 장비에서 사용을 권장합니다.)


1. OpenBL(FTP, SSH, TELNET, SMTP, POP3, IMAP, Submission, IMAPS, POP3S, HTTP, HTTPS에 대한 bruteforce 대입시도 호스트 리스트)

http://www.openbl.org/lists/base_30days.txt.gz

아래 스크립트를 입력합니다. 스케쥴러에 의하여 3일마다 업데이트 됩니다.(차단 혹은 기타 조치를 위해서는 방화벽에서 'blacklist' 라는 이름의 address list를 차단 혹은 기타 조취를 취해주면 됩니다. 이하 모든 스크립트로는 address list 만 업데이트 됩니다.)

#이하 스크립트


# Script which will download the OpenBL list as a text file
/system script add name="DownloadOpenBL" source={
/tool fetch url="http://joshaven.com/openbl.rsc" mode=http;
:log info "Downloaded openbl.rsc from Joshaven.com";
}

# Script which will Remove old OpenBL records and add new one
/system script add name="ReplaceOpenBL" source={
/ip firewall address-list remove [find where comment="OpenBL"]
/import file-name=openbl.rsc;
:log info "Removed old OpenBL records and imported new list";
}

# Schedule the download and application of the openbl list
/system scheduler add comment="Download openbl list" \
  interval=3d name="DownloadOpenBL_List" on-event=DownloadOpenBL \
  start-date=jan/01/1970 start-time=23:56:15
/system scheduler add comment="Apply openbl List" \
  interval=3d name="InstallOpenBL_List" on-event=ReplaceOpenBL \
  start-date=jan/01/1970 start-time=00:01:15


2. SpamHaus(스팸 진원지 리스트, IP 블록으로 지정됨)

http://www.spamhaus.org/drop/drop.lasso


# Script which will download the drop list as a text file
/system script add name="DownloadSpamhaus" source={
/tool fetch url="http://joshaven.com/spamhaus.rsc" mode=http;
:log info "Downloaded spamhaus.rsc from Joshaven.com";
}

# Script which will Remove old Spamhaus list and add new one
/system script add name="ReplaceSpamhaus" source={
/ip firewall address-list remove [find where comment="SpamHaus"]
/import file-name=spamhaus.rsc;
:log info "Removed old Spamhaus records and imported new list";
}

# Schedule the download and application of the spamhaus list
/system scheduler add comment="Download spamnaus list" interval=3d \
  name="DownloadSpamhausList" on-event=DownloadSpamhaus \
  start-date=jan/01/1970 start-time=01:27:35
/system scheduler add comment="Apply spamnaus List" interval=3d \
  name="InstallSpamhausList" on-event=ReplaceSpamhaus \
  start-date=jan/01/1970 start-time=01:32:35

3. dshield(최근 3일간의 Top 20 공격 진원지의 C 클래스 리스트)

http://feeds.dshield.org/block.txt


# Script which will download the drop list as a text file
/system script add name="Download_dshield" source={
/tool fetch url="http://joshaven.com/dshield.rsc" mode=http;
:log info "Downloaded dshield.rsc from Joshaven.com";
}

# Script which will Remove old dshield list and add new one
/system script add name="Replace_dshield" source={
/ip firewall address-list remove [find where comment="DShield"]
/import file-name=dshield.rsc;
:log info "Removed old dshield records and imported new list";
}

# Schedule the download and application of the dshield list
/system scheduler add comment="Download dshield list" interval=3d \
  name="DownloadDShieldList" on-event=Download_dshield \
  start-date=jan/01/1970 start-time=01:37:35
/system scheduler add comment="Apply dshield List" interval=3d \
  name="InstallDShieldList" on-event=Replace_dshield \
  start-date=jan/01/1970 start-time=01:42:35

4. malc0de(최근 30일간의 malware 배포지 리스트)

http://malc0de.com/bl/IP_Blacklist.txt


# Script which will download the malc0de list as a text file
/system script add name="Download_malc0de" source={
/tool fetch url="http://joshaven.com/malc0de.rsc" mode=http;
:log info "Downloaded malc0de.rsc from Joshaven.com";
}

# Script which will Remove old malc0de list and add new one
/system script add name="Replace_malc0de" source={
/ip firewall address-list remove [find where comment="malc0de"]
/import file-name=malc0de.rsc;
:log info "Removed old malc0de records and imported new list";
}

# Schedule the download and application of the malc0de list
/system scheduler add comment="Download malc0de list" interval=3d \
  name="Downloadmalc0deList" on-event=Download_malc0de \
  start-date=jan/01/1970 start-time=01:37:35
/system scheduler add comment="Apply malc0de List" interval=3d \
  name="Installmalc0deList" on-event=Replace_malc0de \
  start-date=jan/01/1970 start-time=01:42:35


½É±º 2016-11
°¨»çÇÕ´Ï´Ù~
°øÀÎ ´ë¿ª¿¡ ´ëÇÑ Æ÷Æ®½ºÄµ¿¡ ´ëÇؼ­ ¼öÀÛ¾÷À¸·Î Â÷´ÜÀ» °É¾ú´Âµ¥ ÀÌ·¸°Ô ÁÁÀº ¹æ¹ýÀÌ ÀÖ¾ú±º¿ä~


Á¦¸ñPage 84/105
2019-12   6379   ¯¯¸Ç123
2020-09   4468   °í¼¼»ï
2021-03   4672   ³ª°¡À̽á
2021-08   3657   °¡À»ÇÞ»ì71
2021-11   4761   Xecus
2022-07   7026   keiminem
2022-12   10610   po2481
07-18   6054   ³×¿¡¿¨Æ®Æ®¡¦
2016-12   7484   °ø¹é±â
2017-08   10459   ³¶¸¸°í³ÉÀÌ
2018-04   12472   ¹öµð
2019-09   4202   ȸ»ó2
2019-10   5632   µ¥µå¸¶¿ì½º
2021-06   2996   Çظð¶ó
2021-08   8238   sudosu
2021-09   3944   Å°¸®¿¡
2021-11   3525   ½ºÅ¸Ä¡½º
2022-07   5731   Ÿ¶ôÇѾǸ¶
07-19   6749   ¾È³çÇØ¿ä
2018-04   11077   ¹öÇÁ¿£Áö´Ï¡¦