이번에 L2TP VPN을 열었는데... 이후 매일 1번씩 아래와 같은 로그가 보입니다.
ipsec error 라니...
===========================================================================
Jun/03/2017 10:39:54 ipsec, error 216.218.206.70 failed to get valid proposal.
Jun/03/2017 10:39:54 ipsec, error 216.218.206.70 failed to pre-process ph1 packet (side: 1, status 1).
Jun/03/2017 10:39:54 ipsec, error 216.218.206.70 phase1 negotiation failed.
===========================================================================
이런거는 방화벽 룰로 처리 가능한가요?
전부 ip 보면 216.218.206.xxx 인데... 이 subnet 전체를 막으면 될까요?
여기 뭔지 아시는 분 있나요?
±âº» Æ÷Æ®¿¡ Æ÷Æ®½ºÄµ µ¹¸®°í »çÀüÇü °ø°Ý Çϴ°ųª ¸¶Âù°¡Áö°í¿ä.
¸îȸÀÌ»ó ÀÎÁõ ½ÇÆÐÇÏ¸é ºí·° ÇÏ´Â ·ê Ãß°¡ ÇÏ½Ã¸é µÇ±ä ÇÕ´Ï´Ù.
ÀÎÁõ ½ÇÆÐÇÒ¶§ address list Ãß°¡ÇÏ´Â ¹æ¹ýÀº ¾ÆÁ÷ ¸ð¸£°Ú´Âµ¥ Ȥ½Ã ¾Æ½Ã¸é Å°¿öµå¶óµµ Á» ¾Ë·ÁÁֽǼö ÀÖÀ»±î¿ä?
ASN AS6939 HURRICANE - Hurricane Electric, Inc., US (registered Jun 28, 1996)
Resolve Host scan-08n.shadowserver.org
Whois Server whois.arin.net
NetRange: 216.218.128.0 - 216.218.255.255
°Ë»öÀº ÈÄÀÌÁî ¼¹ö¿¡¼ Çß°í¿ä.
º¸½Ã´Â ´ë·Î ¹Ì±¹ÀÔ´Ï´Ù.
´ë¿ª´ë°¡ ÅëÀ¸·Î ÀâÇô ÀÖÀ¸´Ï
Ŭ·¡½º·Î ¸·¾Æ¹ö¸®¼Å¾ß ÇÒµí...^^
Hurricane Electric »çÀÌÆ® °¡º¸´Ï Àü¼¼°è ³×Æ®¿öÅ© Æ®·¹ÇÈ À̵¿ °°Àº °Íµµ ÀÖ°í... ¿ÀÅ亿 °°Àº°ÍÀÌ Á¢¼Ó Çϳª ½Í±ä Çϳ׿ä-
add action=add-src-to-address-list address-list=ssh_blacklist address-list-timeout=1w3d chain=input \
connection-state=new dst-port=22 protocol=tcp src-address-list=ssh_stage3
add action=add-src-to-address-list address-list=ssh_stage3 address-list-timeout=1m chain=input \
connection-state=new dst-port=22 protocol=tcp src-address-list=ssh_stage2
add action=add-src-to-address-list address-list=ssh_stage2 address-list-timeout=1m chain=input \
connection-state=new dst-port=22 protocol=tcp src-address-list=ssh_stage1
add action=add-src-to-address-list address-list=ssh_stage1 address-list-timeout=1m chain=input \
connection-state=new dst-port=22 protocol=tcp
Àú´Â À§¿¡ ó·³ 3¹ø° ½Ãµµ Çϸé black list Â÷´Ü
- óÀ½ Á¢¼Ó½Ã, ù¹ø° address list ÀúÀå (ŸÀӾƿô 1m)
- 1ºÐ À̳» µÎ¹ø° Á¢¼ÓÀÌ ¿À¸é, ù¹ø° list ÀÖÀ»½Ã 2¹ø° ÀúÀå (ŸÀӾƿô 3m)
- 3ºÐÀÌ³Ä ¼¼¹ø° Á¢¼ÓÀÌ ¿À¸é, blacklist ÀúÀå ÀÌÈÄ Â÷´Ü...
ÀÌ°Ô... ªÀº ½Ã°£¿¡ ¿¬¼ÓÀûÀÎ Á¢¼ÓÀÌ ¿À´Â °æ¿ì¸¸ °¡´ÉÇÏ´Ï, ÇÏ·ç Çѹø¸¸ ¿À´Â Á¢¼Ó ½Ãµµ¿¡´Â ¼Ò¿ëÀÌ ¾ø´õ¶ó±¸¿ä-
±×·¡¼, Â÷´ÜÀº ¾ÈÇÏ´õ¶óµµ ÃßÈÄ °ü¸®¸¦ À§ÇØ, ½ÇÆнà address list¿¡ ³Ö´Â ±×·± ¹æ¹ýÀ» ã¾Æº¸°í ÀÖ¾î¿ä.
raw ÇÊÅÍ¿¡ ipsec¹º°¡ Àִ°͵µ °°¾Æ¼... ¾ÆÁ÷ ´õ °Ë»ö ÁßÀÔ´Ï´Ù-
¿ì¼± mikrotik wiki¿¡ ÀÖ´Â port scan ·êµµ °â»ç°â»ç Ãß°¡Çß½À´Ï´Ù-