Íàñòðîéêà brute force protection íà ðîóòåðå

http://wl500g.info/showpost.php?p=69964&postcount=63
http://wl500g.info/showthread.php?t=16753&highlight=ssh

Ðåøèë àêòèâèðîâàòü ýòó îïöèþ â âåá-ìîðäå wl500gP. Ïðîâåðÿþ: ââîæó íåñêîëüêî ðàç íåâåðíûé ïàðîëü ïî SSH, ïîòîì âåðíûé è íîðìàëüíî âõîæó.
×òî ÿ íå òàê ñäåëàë?
Ïðîøèâêà 1087.

Quote:

---

Originally Posted by MrGalaxy

Ðåøèë àêòèâèðîâàòü ýòó îïöèþ â âåá-ìîðäå wl500gP. Ïðîâåðÿþ: ââîæó íåñêîëüêî ðàç íåâåðíûé ïàðîëü ïî SSH, ïîòîì âåðíûé è íîðìàëüíî âõîæó.
×òî ÿ íå òàê ñäåëàë?
Ïðîøèâêà 1087.

---

Ïîäääåðæèâàþ, ñîâåðøåííî íåïîíÿòíî êàê ýòà îïöèÿ ðàáîòàåò è ðàáîòàåò ëè âîîáùå, 600 ñòàâèøü - çàëåçòü ïûòàþòñÿ è íåîäíîêðàòíî, 6000 ñòàâèøü òà æå èñòîðèÿ.
Ïîìîãàåò òîëüêî ôèëüòð íà ïûòàþùèéñÿ çàëåçòü URL â Firewall.
Õîòÿ ìîæåò áûòü ýòîò âîïðîñ íóæíî çàäàòü â òîïèêå î ïðîøèâêàõ îò ýíòóçèàñòîâ.

ïðîâåðèë --- âñå ðàáîòàåò.

Çàùèòà ðåàãèðóåò íà óñòàíîëåíèå ñîåäèíåíèÿ, à íå íà ââîä ïàðîëÿ. Áîëåå òîãî, äëÿ íåå íåâàæíî áûë ââåäåí êîððåêòíûé ïàðîëü èëè íåò. Ó ìåíÿ ñòîèò 1 ïîïûòêà çà 60 ñåê. Ëîãèíèìñÿ ïåðâûé ðàç, âûõîäèì, ñðàçó ïûòàåìñÿ ëîãèíèòüñÿ âòîðîé ðàç è íå ïîëó÷àåì çàïðîñ íà ââîä ïàðîëÿ. Áëîêèðîâàíèå îñóùåñòâëÿåòñÿ íà çàäàííîå âðåìÿ ïîñëå ïîñëåäíåé ïîïûòêè. Î÷åíü áîëüøîå âðåìÿ ñòàâèòü ñìûñëà íåò, ò.ê. åñòü øàíñ çàáëîêèðîâàòü ñàìîãî ñåáÿ.

ó÷òåííûå íà äàííûé ìîìåíò IP àäðåñà ìîæíî ïðîñìîòðåòü çäåñü:

Code:

---

cat /proc/net/ipt_recent/BRUTE

---

Quote:

---

Originally Posted by al37919

Çàùèòà ðåàãèðóåò íà óñòàíîëåíèå ñîåäèíåíèÿ, à íå íà ââîä ïàðîëÿ. Áîëåå òîãî, äëÿ íåå íåâàæíî áûë ââåäåí êîððåêòíûé ïàðîëü èëè íåò.

---

Äîïóñòèì òàê. Êàê âèäíî ïî ìîåìó ñêðèíó èç 1-ãî ïîñòà, ó ìåíÿ íàñòðîåíî íà 5 ïîïûòîê â òå÷åíèå 600 ñ. ß ñäåëàë áîëüøå è çàïðîñ ïàðîëÿ âñ¸-ðàâíî âîçíèêàë ó ìåíÿ.
Òàê ÷òî ó ìåíÿ íåïðàâèëüíî?

ÇÛ: Êóäà-òî èñ÷åç ñêðèí, áëèí, â êîñìîñ, ÷òî-ëè èñïàðèëñÿ...
Âîò ïîâòîðÿþ:

http://img5.imageshack.us/img5/4797/asus42.png

òàê ýòî ïîïûòêè âíóòðè îäíîãî ñîåäèíåíèÿ... à ôàåðâîëîì êîíòðîëèðóþòñÿ èìåííî ïîïûòêè óñòàíîâèòü ñîåäèíåíèå...

Íå âîïðîñ! Ñåé÷àñ çàïóñêàë putty è çàêðûâàë íåñêîëüêî ðàç. Âîò ôðàãìåíò ëîãà:

Code:

---

Feb 17 18:55:01 /opt/sbin/cron[8216]: (admin) CMD (run-parts /opt/etc/cron.1mins)
Feb 17 18:55:30 dropbear[8242]: Child connection from ::ffff:192.168.2.221:49407
Feb 17 18:55:33 dropbear[8242]: exit before auth: Exited normally
Feb 17 18:55:36 dropbear[8243]: Child connection from ::ffff:192.168.2.221:49408
Feb 17 18:55:38 dropbear[8243]: exit before auth: Exited normally
Feb 17 18:55:41 dropbear[8244]: Child connection from ::ffff:192.168.2.221:49409
Feb 17 18:55:43 dropbear[8244]: exit before auth: Exited normally
Feb 17 18:55:46 dropbear[8245]: Child connection from ::ffff:192.168.2.221:49410
Feb 17 18:55:48 dropbear[8245]: exit before auth: Exited normally
Feb 17 18:55:50 dropbear[8246]: Child connection from ::ffff:192.168.2.221:49411
Feb 17 18:55:53 dropbear[8246]: exit before auth: Exited normally
Feb 17 18:55:55 dropbear[8249]: Child connection from ::ffff:192.168.2.221:49412
Feb 17 18:55:58 dropbear[8249]: exit before auth: Exited normally
Feb 17 18:56:00 dropbear[8250]: Child connection from ::ffff:192.168.2.221:49413
Feb 17 18:56:01 /opt/sbin/cron[8252]: (admin) CMD (run-parts /opt/etc/cron.1mins)
Feb 17 18:56:05 dropbear[8250]: password auth succeeded for 'admin' from ::ffff:192.168.2.221:49413
Feb 17 18:56:09 dropbear[8250]: exit after auth (admin): Exited normally

---

Ðîóòåð äàæå íå ïîäóìàë ìåíÿ îòôóòáîëèòü.:rolleyes:

Ñêàæåòå: ÿ íå ïûòàëñÿ àâòîðèçîâàòüñÿ? Âîò, ïîæàëóéñòà::)

Code:

---

Feb 17 18:59:26 dropbear[8279]: Child connection from ::ffff:192.168.2.221:49431
Feb 17 18:59:28 dropbear[8279]: bad password attempt for 'admin' from ::ffff:192.168.2.221:49431
Feb 17 18:59:29 dropbear[8279]: exit before auth (user 'admin', 1 fails): Exited normally
Feb 17 18:59:31 dropbear[8280]: Child connection from ::ffff:192.168.2.221:49432
Feb 17 18:59:33 dropbear[8280]: bad password attempt for 'admin' from ::ffff:192.168.2.221:49432
Feb 17 18:59:34 dropbear[8280]: exit before auth (user 'admin', 1 fails): Exited normally
Feb 17 18:59:36 dropbear[8281]: Child connection from ::ffff:192.168.2.221:49433
Feb 17 18:59:38 dropbear[8281]: bad password attempt for 'admin' from ::ffff:192.168.2.221:49433
Feb 17 18:59:39 dropbear[8281]: exit before auth (user 'admin', 1 fails): Exited normally
Feb 17 18:59:41 dropbear[8282]: Child connection from ::ffff:192.168.2.221:49434
Feb 17 18:59:42 dropbear[8282]: bad password attempt for 'admin' from ::ffff:192.168.2.221:49434
Feb 17 18:59:44 dropbear[8282]: exit before auth (user 'admin', 1 fails): Exited normally
Feb 17 18:59:46 dropbear[8283]: Child connection from ::ffff:192.168.2.221:49435
Feb 17 18:59:48 dropbear[8283]: bad password attempt for 'admin' from ::ffff:192.168.2.221:49435
Feb 17 18:59:50 dropbear[8283]: exit before auth (user 'admin', 1 fails): Exited normally
Feb 17 18:59:52 dropbear[8284]: Child connection from ::ffff:192.168.2.221:49436
Feb 17 18:59:57 dropbear[8284]: password auth succeeded for 'admin' from ::ffff:192.168.2.221:49436
Feb 17 19:00:01 /opt/sbin/cron[8290]: (admin) CMD (run-parts /opt/etc/cron.5mins)
Feb 17 19:00:01 /opt/sbin/cron[8291]: (admin) CMD (run-parts /opt/etc/cron.1mins)
Feb 17 19:00:01 dropbear[8284]: exit after auth (admin): Exited normally

---

À åñëè ñ âíåøíåãî èíòåðôåéñà? ;-)

Ó ìåíÿ âñå ðàáîòàåò, òîëüêî ÷òî ïðîâåðèë:

Code:

---

ftp# ssh unlim.homeip.net
root@unlim.homeip.net's password:
Permission denied, please try again.
root@unlim.homeip.net's password:

ftp# ssh unlim.homeip.net
root@unlim.homeip.net's password:
Permission denied, please try again.
root@unlim.homeip.net's password:

ftp# ssh unlim.homeip.net
root@unlim.homeip.net's password:
Permission denied, please try again.
root@unlim.homeip.net's password:
Permission denied, please try again.
root@unlim.homeip.net's password:

ftp# ssh unlim.homeip.net
ssh: connect to host unlim.homeip.net port 22: Operation timed out

---

RT-N16,r1211,brute ssh 3/60.

ssh äîëæåí áûòü âêëþ÷åí ÷åðåç web èíòåðôåéñ.

Quote:

---

Originally Posted by Unlimited

À åñëè ñ âíåøíåãî èíòåðôåéñà? ;-)

---

Ì-ì-ì.. Ýòî êàê? ß âõîä èçâíå â ïðèíöèïå çàïðåòèë.
Ìíå íóæíî äîáèòüñÿ, ÷òîáû ýòî â ëîêàëüíîé ñåòè ðàáîòàëî! À òî êòî-òî óæå ïàðó ðàç ïûòàëñÿ êî ìíå ïðîíèêíóòü.

Quote:

---

Originally Posted by theMIROn

ssh äîëæåí áûòü âêëþ÷åí ÷åðåç web èíòåðôåéñ.

---

Âêëþ÷¸í ÷åðåç âåá.

ðàáîòàåò ñ îáîèõ WAN èíòåðôåéñîâ è ppp0(èíåò) è eth0 (ïðîâàéäåðñêàÿ ëîêàëü)...
À çà÷åì òåáå íóæíî ÷òîá èç òâîåé LAN ðàáîòàëî?

Quote:

---

Originally Posted by Unlimited

À çà÷åì òåáå íóæíî ÷òîá èç òâîåé LAN ðàáîòàëî?

---

ß, âðîäå, îáúÿñíèë...
Ñèòóàöèÿ æèçíåííàÿ, à ïîòîì äåëî íå â òîì, äëÿ ÷åãî ýòî ìíå íàäî, à ðàáîòàåò ëè â ïðèíöèïå èëè ýòî ó ìåíÿ ðóêè-êðþêè.

Quote:

---

Originally Posted by MrGalaxy

ß, âðîäå, îáúÿñíèë...
Ñèòóàöèÿ æèçíåííàÿ, à ïîòîì äåëî íå â òîì, äëÿ ÷åãî ýòî ìíå íàäî, à ðàáîòàåò ëè â ïðèíöèïå èëè ýòî ó ìåíÿ ðóêè-êðþêè.

---

èç ëîêàëêè çàùèòû íåò. ìîæíî ñäåëàòü âðó÷íóþ ïîñðåäñòâîì iptables è, åñëè âêëþ÷åíà çàùèòà â web èíåòåðôåéñå, òàáëèöû BRUTE

Quote:

---

Originally Posted by theMIROn

èç ëîêàëêè çàùèòû íåò. ìîæíî ñäåëàòü âðó÷íóþ ïîñðåäñòâîì iptables è, åñëè âêëþ÷åíà çàùèòà â web èíåòåðôåéñå, òàáëèöû BRUTE

---

Ñïàñèáî çà èíôîðìàöèþ. Ãäå ïî÷èòàòü ïðî òàáëèöó BRUTE? Ñïðàøèâàë Ãóãë, íî îí ìîë÷èò, êàê ïàðòèçàí.:D
À åù¸ áûëî áû ëó÷øå ãîòîâîå ïðàâèëî è êóäà åãî çàïèñàòü.:)

È ïîæåëàíèå ðàçðàáîò÷èêàì âêëþ÷èòü çàùèòó îò òàêèõ àòàê â ïîñëåäóþùèå âåðñèè ïðîøèâêè.

Quote:

---

Originally Posted by MrGalaxy

Ñïàñèáî çà èíôîðìàöèþ. Ãäå ïî÷èòàòü ïðî òàáëèöó BRUTE? Ñïðàøèâàë Ãóãë, íî îí ìîë÷èò, êàê ïàðòèçàí.:D
À åù¸ áûëî áû ëó÷øå ãîòîâîå ïðàâèëî è êóäà åãî çàïèñàòü.:)

È ïîæåëàíèå ðàçðàáîò÷èêàì âêëþ÷èòü çàùèòó îò òàêèõ àòàê â ïîñëåäóþùèå âåðñèè ïðîøèâêè.

---

Ïðè ÷åì òóò ãóãë? Ãëÿäèòå â ñàìîì ðîóòåðå

Code:

---

$ iptables-save
-A INPUT -i br0 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 --tcp-flags FIN,SYN,RST,ACK SYN -j BRUTE
-A INPUT -p tcp -m tcp --dport 21 --tcp-flags FIN,SYN,RST,ACK SYN -j BRUTE

---

ïîýòîìó ñîåäèíåíèÿ èç ëîêëêè (br0) íå ïîäïàäàþò ïîä çàùèòó