{"id":722,"date":"2017-04-05T08:33:37","date_gmt":"2017-04-05T05:33:37","guid":{"rendered":"https:\/\/helia.ee\/koolitus\/?page_id=722"},"modified":"2017-04-05T08:33:37","modified_gmt":"2017-04-05T05:33:37","slug":"mikrotik-ddos-runnakute-blokeerimine-ja-logimiste-keelamine","status":"publish","type":"page","link":"https:\/\/helia.ee\/koolitus\/?page_id=722","title":{"rendered":"Mikrotik &#8211; DDoS r\u00fcnnakute blokeerimine ja Logimiste keelamine"},"content":{"rendered":"<h3>DDos Attack<\/h3>\n<pre>These rule\u2019s are a little reactive to DoS and port scanning attempts, port scanning is dropped but a DoS attack is \u2018tarpitted\u2019 in that all connection\u2019s are slowed down to increase the resource usage on the attackers device<\/pre>\n<pre>add chain=input protocol=tcp psd=21,3s,3,1 action=drop comment=\"detect and drop port scan connections\" disabled=no \r\nadd chain=input protocol=tcp connection-limit=3,32 src-address-list=black_list action=tarpit \\ comment=\"suppress DoS attack\" disabled=no \r\nadd chain=input protocol=tcp connection-limit=10,32 action= add-src-to-address-list \\ address-list=black_list  address-list-timeout=1d comment=\"detect DoS attack\" disabled=no \r\n\r\n<\/pre>\n<h3 class=\"firstHeading\" lang=\"en\"><span dir=\"auto\">Bruteforce login prevention<br \/>\n<\/span><\/h3>\n<p>To stop SSH\/FTP attacks on your router, follow this advice.<\/p>\n<p>This configuration allows only 10 FTP login incorrect answers per minute<\/p>\n<p>in <b>\/ip firewall filter<\/b><\/p>\n<pre>add chain=input protocol=tcp dst-port=21 src-address-list=ftp_blacklist action=drop \\ comment=\"drop ftp brute forcers\"<\/pre>\n<pre>add chain=output action=accept protocol=tcp content=\"530 Login incorrect\" dst-limit=1\/1m,9,dst-address\/1m\r\nadd chain=output action=add-dst-to-address-list protocol=tcp content=\"530 Login incorrect\" \\ address-list=ftp_blacklist address-list-timeout=3h\r\n\r\n<\/pre>\n<p>This will prevent a SSH brute forcer to be banned for 10 days after repetitive attempts. Change the timeouts as necessary.<br \/>\nin <b>\/ip firewall filter<\/b><\/p>\n<pre>add chain=input protocol=tcp dst-port=22 src-address-list=ssh_blacklist action=drop \\\r\ncomment=\"drop ssh brute forcers\" disabled=no\r\n\r\nadd chain=input protocol=tcp dst-port=22 connection-state=new \\\r\nsrc-address-list=ssh_stage3 action=add-src-to-address-list address-list=ssh_blacklist \\\r\naddress-list-timeout=10d comment=\"\" disabled=no\r\n\r\nadd chain=input protocol=tcp dst-port=22 connection-state=new \\\r\nsrc-address-list=ssh_stage2 action=add-src-to-address-list address-list=ssh_stage3 \\\r\naddress-list-timeout=1m comment=\"\" disabled=no\r\n\r\nadd chain=input protocol=tcp dst-port=22 connection-state=new src-address-list=ssh_stage1 \\\r\naction=add-src-to-address-list address-list=ssh_stage2 address-list-timeout=1m comment=\"\" disabled=no\r\n\r\nadd chain=input protocol=tcp dst-port=22 connection-state=new action=add-src-to-address-list \\\r\naddress-list=ssh_stage1 address-list-timeout=1m comment=\"\" disabled=no\r\n<\/pre>\n<p>If you want to block downstream access as well, you need to block the with the forward chain:<\/p>\n<pre>add chain=forward protocol=tcp dst-port=22 src-address-list=ssh_blacklist action=drop \\\r\ncomment=\"drop ssh brute downstream\" disabled=no\r\n<\/pre>\n<p>To view the contents of your Blacklist, go to &#8220;\/ip firewall address-list&#8221; and type &#8220;print&#8221; to see the contents.<\/p>\n<pre><\/pre>\n<div id=\"crayon-58e481592fc19382596430-1\" class=\"crayon-line\"><span class=\"crayon-o\">\/<\/span><span class=\"crayon-e\">ip <\/span><span class=\"crayon-e\">firewall <\/span><span class=\"crayon-e\">filter<\/span><\/div>\n<div id=\"crayon-58e481592fc19382596430-2\" class=\"crayon-line crayon-striped-line\"><span class=\"crayon-e\">add <\/span><span class=\"crayon-v\">action<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-e\">log <\/span><span class=\"crayon-v\">chain<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-e\">input <\/span><span class=\"crayon-v\">comment<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;Drop FTP Brute Force&#8221;<\/span> <span class=\"crayon-v\">disabled<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-e\">no <\/span><span class=\"crayon-v\">dst<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">port<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-cn\">21<\/span> <span class=\"crayon-v\">log<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">prefix<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-e\">FTP_DROP <\/span><span class=\"crayon-v\">protocol<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-e\">tcp <\/span><span class=\"crayon-v\">src<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">address<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">list<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-e\">ftp_blacklist<\/span><\/div>\n<div id=\"crayon-58e481592fc19382596430-3\" class=\"crayon-line\"><span class=\"crayon-e\">add <\/span><span class=\"crayon-v\">action<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-e\">drop <\/span><span class=\"crayon-v\">chain<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-e\">input <\/span><span class=\"crayon-v\">comment<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;Drop FTP Brute Force&#8221;<\/span> <span class=\"crayon-v\">disabled<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-e\">no <\/span><span class=\"crayon-v\">dst<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">port<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-cn\">21<\/span> <span class=\"crayon-v\">protocol<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-e\">tcp <\/span><span class=\"crayon-v\">src<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">address<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">list<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-e\">ftp_blacklist<\/span><\/div>\n<div id=\"crayon-58e481592fc19382596430-4\" class=\"crayon-line crayon-striped-line\"><span class=\"crayon-e\">add <\/span><span class=\"crayon-v\">action<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-e\">accept <\/span><span class=\"crayon-v\">chain<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-e\">output <\/span><span class=\"crayon-v\">comment<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;Drop FTP Brute Force &#8211; Allow &#8216;Incorrect Login&#8217; reply&#8221;<\/span> <span class=\"crayon-v\">content<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;530 Login incorrect&#8221;<\/span> <span class=\"crayon-v\">disabled<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-e\">no <\/span><span class=\"crayon-v\">dst<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">limit<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-cn\">1<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-cn\">1m<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-cn\">9<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-v\">dst<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">address<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-cn\">1m<\/span> <span class=\"crayon-v\">protocol<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-e\">tcp<\/span><\/div>\n<div id=\"crayon-58e481592fc19382596430-5\" class=\"crayon-line\"><span class=\"crayon-e\">add <\/span><span class=\"crayon-v\">action<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-v\">add<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">dst<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-st\">to<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">address<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-e\">list <\/span><span class=\"crayon-v\">address<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">list<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-e\">ftp_blacklist <\/span><span class=\"crayon-v\">address<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">list<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">timeout<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-cn\">3h<\/span> <span class=\"crayon-v\">chain<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-e\">output <\/span><span class=\"crayon-v\">comment<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;Drop FTP Brute Force &#8211; Failed login IP to List: Drop&#8221;<\/span> <span class=\"crayon-v\">content<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;530 Login incorrect&#8221;<\/span> <span class=\"crayon-v\">disabled<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-e\">no <\/span><span class=\"crayon-v\">protocol<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-e\">tcp<\/span><\/div>\n<div id=\"crayon-58e481592fc19382596430-6\" class=\"crayon-line crayon-striped-line\"><span class=\"crayon-e\">add <\/span><span class=\"crayon-v\">action<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-e\">log <\/span><span class=\"crayon-v\">chain<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-e\">input <\/span><span class=\"crayon-v\">comment<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;Drop SSH Brute Force&#8221;<\/span> <span class=\"crayon-v\">disabled<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-e\">no <\/span><span class=\"crayon-v\">dst<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">port<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-cn\">22<\/span> <span class=\"crayon-v\">log<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">prefix<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-e\">SSH_DROP <\/span><span class=\"crayon-v\">protocol<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-e\">tcp <\/span><span class=\"crayon-v\">src<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">address<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">list<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-e\">ssh_blacklist<\/span><\/div>\n<div id=\"crayon-58e481592fc19382596430-7\" class=\"crayon-line\"><span class=\"crayon-e\">add <\/span><span class=\"crayon-v\">action<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-e\">drop <\/span><span class=\"crayon-v\">chain<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-e\">input <\/span><span class=\"crayon-v\">comment<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;Drop SSH Brute Force&#8221;<\/span> <span class=\"crayon-v\">disabled<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-e\">no <\/span><span class=\"crayon-v\">dst<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">port<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-cn\">22<\/span> <span class=\"crayon-v\">protocol<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-e\">tcp <\/span><span class=\"crayon-v\">src<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">address<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">list<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-e\">ssh_blacklist<\/span><\/div>\n<div id=\"crayon-58e481592fc19382596430-8\" class=\"crayon-line crayon-striped-line\"><span class=\"crayon-e\">add <\/span><span class=\"crayon-v\">action<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-v\">add<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">src<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-st\">to<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">address<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-e\">list <\/span><span class=\"crayon-v\">address<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">list<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-e\">ssh_blacklist <\/span><span class=\"crayon-v\">address<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">list<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">timeout<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-cn\">1w3d<\/span> <span class=\"crayon-v\">chain<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-e\">input <\/span><span class=\"crayon-v\">comment<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;Drop SSH Brute Force &#8211; Failed login IP to List: Drop&#8221;<\/span> <span class=\"crayon-v\">connection<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">state<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-r\">new<\/span> <span class=\"crayon-v\">disabled<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-e\">no <\/span><span class=\"crayon-v\">dst<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">port<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-cn\">22<\/span> <span class=\"crayon-v\">protocol<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-e\">tcp <\/span><span class=\"crayon-v\">src<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">address<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">list<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-e\">ssh_stage3<\/span><\/div>\n<div id=\"crayon-58e481592fc19382596430-9\" class=\"crayon-line\"><span class=\"crayon-e\">add <\/span><span class=\"crayon-v\">action<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-v\">add<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">src<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-st\">to<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">address<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-e\">list <\/span><span class=\"crayon-v\">address<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">list<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-e\">ssh_stage3 <\/span><span class=\"crayon-v\">address<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">list<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">timeout<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-cn\">1m<\/span> <span class=\"crayon-v\">chain<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-e\">input <\/span><span class=\"crayon-v\">comment<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;Drop SSH Brute Force &#8211; Failed login IP to List: Stage 3&#8221;<\/span> <span class=\"crayon-v\">connection<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">state<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-r\">new<\/span> <span class=\"crayon-v\">disabled<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-e\">no <\/span><span class=\"crayon-v\">dst<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">port<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-cn\">22<\/span> <span class=\"crayon-v\">protocol<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-e\">tcp <\/span><span class=\"crayon-v\">src<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">address<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">list<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-e\">ssh_stage2<\/span><\/div>\n<div id=\"crayon-58e481592fc19382596430-10\" class=\"crayon-line crayon-striped-line\"><span class=\"crayon-e\">add <\/span><span class=\"crayon-v\">action<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-v\">add<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">src<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-st\">to<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">address<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-e\">list <\/span><span class=\"crayon-v\">address<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">list<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-e\">ssh_stage2 <\/span><span class=\"crayon-v\">address<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">list<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">timeout<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-cn\">1m<\/span> <span class=\"crayon-v\">chain<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-e\">input <\/span><span class=\"crayon-v\">comment<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;Drop SSH Brute Force &#8211; Failed login IP to List: Stage 2&#8221;<\/span> <span class=\"crayon-v\">connection<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">state<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-r\">new<\/span> <span class=\"crayon-v\">disabled<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-e\">no <\/span><span class=\"crayon-v\">dst<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">port<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-cn\">22<\/span> <span class=\"crayon-v\">protocol<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-e\">tcp <\/span><span class=\"crayon-v\">src<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">address<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">list<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-e\">ssh_stage1<\/span><\/div>\n<div id=\"crayon-58e481592fc19382596430-11\" class=\"crayon-line\"><span class=\"crayon-e\">add <\/span><span class=\"crayon-v\">action<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-v\">add<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">src<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-st\">to<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">address<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-e\">list <\/span><span class=\"crayon-v\">address<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">list<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-e\">ssh_stage1 <\/span><span class=\"crayon-v\">address<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">list<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">timeout<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-cn\">1m<\/span> <span class=\"crayon-v\">chain<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-e\">input <\/span><span class=\"crayon-v\">comment<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;Drop SSH Brute Force &#8211; Failed login IP to List: Stage 1&#8221;<\/span> <span class=\"crayon-v\">connection<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">state<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-r\">new<\/span> <span class=\"crayon-v\">disabled<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-e\">no <\/span><span class=\"crayon-v\">dst<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">port<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-cn\">22<\/span> <span class=\"crayon-v\">protocol<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-v\">tcp<\/span><\/div>\n<pre>\r\n\r\n<\/pre>\n<h1 id=\"firstHeading\" class=\"firstHeading\" lang=\"en\"><\/h1>\n","protected":false},"excerpt":{"rendered":"<p>DDos Attack These rule\u2019s are a little reactive to DoS and port scanning attempts, port scanning is dropped but a DoS attack is \u2018tarpitted\u2019 in that all connection\u2019s are slowed down to increase the resource usage on the attackers device add chain=input protocol=tcp psd=21,3s,3,1 action=drop comment=&#8221;detect and drop port scan connections&#8221; disabled=no add chain=input protocol=tcp [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":612,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"class_list":["post-722","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/helia.ee\/koolitus\/index.php?rest_route=\/wp\/v2\/pages\/722","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/helia.ee\/koolitus\/index.php?rest_route=\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/helia.ee\/koolitus\/index.php?rest_route=\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/helia.ee\/koolitus\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/helia.ee\/koolitus\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=722"}],"version-history":[{"count":1,"href":"https:\/\/helia.ee\/koolitus\/index.php?rest_route=\/wp\/v2\/pages\/722\/revisions"}],"predecessor-version":[{"id":723,"href":"https:\/\/helia.ee\/koolitus\/index.php?rest_route=\/wp\/v2\/pages\/722\/revisions\/723"}],"up":[{"embeddable":true,"href":"https:\/\/helia.ee\/koolitus\/index.php?rest_route=\/wp\/v2\/pages\/612"}],"wp:attachment":[{"href":"https:\/\/helia.ee\/koolitus\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=722"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}