[Q] ¹ÌÅ©·Îƽ Log¿¡ ¸ð¸£´Â Á¢±ÙÀÌ Àִµ¥ ÀÌ·±°Ç ¾î¶»°Ô ÇØ¾ß µÇ³ª¿ä?

NightHawk   
   Á¶È¸ 8479   Ãßõ 0    


 이번에 L2TP VPN을 열었는데... 이후 매일 1번씩 아래와 같은 로그가 보입니다.

 ipsec error 라니...

===========================================================================

Jun/03/2017 10:39:54   ipsec, error   216.218.206.70 failed to get valid proposal.

Jun/03/2017 10:39:54   ipsec, error   216.218.206.70 failed to pre-process ph1 packet (side: 1, status 1).

Jun/03/2017 10:39:54   ipsec, error   216.218.206.70 phase1 negotiation failed.

===========================================================================


 이런거는 방화벽 룰로 처리 가능한가요?

 전부 ip 보면 216.218.206.xxx 인데... 이 subnet 전체를 막으면 될까요?

 여기 뭔지 아시는 분 있나요?


Á¤Èñ¼· 2017-06
l2tp ipsec ¿­¸é ¹«Á¶°Ç °ø°Ý ¿É´Ï´Ù
±âº» Æ÷Æ®¿¡ Æ÷Æ®½ºÄµ µ¹¸®°í »çÀüÇü °ø°Ý Çϴ°ųª ¸¶Âù°¡Áö°í¿ä.
¸îȸÀÌ»ó ÀÎÁõ ½ÇÆÐÇÏ¸é ºí·° ÇÏ´Â ·ê Ãß°¡ ÇÏ½Ã¸é µÇ±ä ÇÕ´Ï´Ù.
     
NightHawk 2017-06
Àü¿¡ ¾î¶² ±ÛÀÇ ¸®Çÿ¡ ÀÖ´Â timeoutÀ¸·Î Çϴ°ÍÀº Ãß°¡ÇÏ°í Å×½ºÆ®±îÁö ³¡³Â´Âµ¥...
ÀÎÁõ ½ÇÆÐÇÒ¶§ address list Ãß°¡ÇÏ´Â ¹æ¹ýÀº ¾ÆÁ÷ ¸ð¸£°Ú´Âµ¥ Ȥ½Ã ¾Æ½Ã¸é Å°¿öµå¶óµµ Á» ¾Ë·ÁÁֽǼö ÀÖÀ»±î¿ä?
±èȲÁß 2017-06
IP Location United States Fremont Hurricane Electric Inc.
ASN AS6939 HURRICANE - Hurricane Electric, Inc., US (registered Jun 28, 1996)
Resolve Host scan-08n.shadowserver.org
Whois Server whois.arin.net

NetRange:      216.218.128.0 - 216.218.255.255

°Ë»öÀº ÈÄÀÌÁî ¼­¹ö¿¡¼­ Çß°í¿ä.
º¸½Ã´Â ´ë·Î ¹Ì±¹ÀÔ´Ï´Ù.

´ë¿ª´ë°¡ ÅëÀ¸·Î ÀâÇô ÀÖÀ¸´Ï
Ŭ·¡½º·Î ¸·¾Æ¹ö¸®¼Å¾ß ÇÒµí...^^
     
NightHawk 2017-06
address list ¿¡ ³Ö°í  block ½ÃÅ°°í log ³²°å½À´Ï´Ù-
Hurricane Electric »çÀÌÆ® °¡º¸´Ï Àü¼¼°è ³×Æ®¿öÅ© Æ®·¹ÇÈ À̵¿ °°Àº °Íµµ ÀÖ°í... ¿ÀÅ亿 °°Àº°ÍÀÌ Á¢¼Ó Çϳª ½Í±ä Çϳ׿ä-
´À³¦ 2017-06
add action=drop chain=input comment="drop ssh brute forcers" dst-port=22 protocol=tcp src-address-list=ssh_blacklist
add action=add-src-to-address-list address-list=ssh_blacklist address-list-timeout=1w3d chain=input \
    connection-state=new dst-port=22 protocol=tcp src-address-list=ssh_stage3
add action=add-src-to-address-list address-list=ssh_stage3 address-list-timeout=1m chain=input \
    connection-state=new dst-port=22 protocol=tcp src-address-list=ssh_stage2
add action=add-src-to-address-list address-list=ssh_stage2 address-list-timeout=1m chain=input \
    connection-state=new dst-port=22 protocol=tcp src-address-list=ssh_stage1
add action=add-src-to-address-list address-list=ssh_stage1 address-list-timeout=1m chain=input \
    connection-state=new dst-port=22 protocol=tcp

Àú´Â À§¿¡ ó·³ 3¹ø° ½Ãµµ Çϸé black list Â÷´Ü
     
NightHawk 2017-06
À§ÀÇ ¸®Çÿ¡ ¸»ÇÑ ¾î¶²±ÛÀÇ Å¸ÀӾƿô ¹æ¹ýÀÌ À§ÀÇ ¹æ¹ý°ú µ¿ÀÏÇÕ´Ï´Ù. (´ëÃæ ¼³Á¤Àº ¾Æ·¡¿Í °°ÀÌ Çß½À´Ï´Ù)
- óÀ½ Á¢¼Ó½Ã, ù¹ø° address list ÀúÀå (ŸÀӾƿô 1m)
- 1ºÐ À̳» µÎ¹ø° Á¢¼ÓÀÌ ¿À¸é, ù¹ø° list ÀÖÀ»½Ã 2¹ø° ÀúÀå (ŸÀӾƿô 3m)
- 3ºÐÀÌ³Ä ¼¼¹ø° Á¢¼ÓÀÌ ¿À¸é, blacklist ÀúÀå ÀÌÈÄ Â÷´Ü...

ÀÌ°Ô... ªÀº ½Ã°£¿¡ ¿¬¼ÓÀûÀÎ Á¢¼ÓÀÌ ¿À´Â °æ¿ì¸¸ °¡´ÉÇÏ´Ï, ÇÏ·ç Çѹø¸¸ ¿À´Â Á¢¼Ó ½Ãµµ¿¡´Â ¼Ò¿ëÀÌ ¾ø´õ¶ó±¸¿ä-

±×·¡¼­, Â÷´ÜÀº ¾ÈÇÏ´õ¶óµµ ÃßÈÄ °ü¸®¸¦ À§ÇØ, ½ÇÆнà address list¿¡ ³Ö´Â ±×·± ¹æ¹ýÀ» ã¾Æº¸°í ÀÖ¾î¿ä.
raw ÇÊÅÍ¿¡ ipsec¹º°¡ Àִ°͵µ °°¾Æ¼­... ¾ÆÁ÷ ´õ °Ë»ö ÁßÀÔ´Ï´Ù-

¿ì¼± mikrotik wiki¿¡ ÀÖ´Â port scan ·êµµ °â»ç°â»ç Ãß°¡Çß½À´Ï´Ù-


Á¦¸ñPage 79/105
2017-06   8480   NightHawk
2017-06   6229   °­ÇÏ°ÔÇÏÀÚ
2017-06   6920   ´É±Û¼ö¼ö
2017-06   6907   ¹Î¼·79
2017-05   18726   TLaJ3KtYGr
2017-05   7498   NGC
2017-05   10128   ½º¸°
2017-05   6711   ½º¸°
2017-05   7907   NGC
2017-05   7549   ·¹ºñ¿À»ç
2017-05   7758   Á§Æ¼ºê
2017-05   7290   µµÀûÀÇÈ­»ì
2017-05   8916   °³°õ
2017-05   8909   ¿·¿Õ
2017-05   8412   ¿©¸®
2017-04   11455   plqa01
2017-04   9643   »ç¶ûÇѽºÇ¬
2017-04   7926   cyberG
2017-04   11679   TeslaLAB
2017-04   8403   trine