Защита RDP от перебора паролей при помощи оборудования Mikrotik
Статья позволяет защитить RDP, если можно изменить уже определённый сканерами порт. В случае когда порт менять нельзя, есть небольшой рабочий рецепт. Подобное в интернете встречал, но тут присутствует допил и тонкая настройка.
Настройка через терминал:
Настройка через терминал:
/ip firewall filter add action=add-src-to-address-list address-list=rdp_blacklist \ address-list-timeout=4000m chain=forward comment=rdp_to_blacklist \ connection-state=new dst-port=3389 protocol=tcp src-address-list=\ rdp_stage12 add action=add-src-to-address-list address-list=rdp_stage12 \ address-list-timeout=2m chain=forward connection-state=new dst-port=3389 \ protocol=tcp src-address-list=rdp_stage11 add action=add-src-to-address-list address-list=rdp_stage11 \ address-list-timeout=2m chain=forward connection-state=new dst-port=3389 \ protocol=tcp src-address-list=rdp_stage10 add action=add-src-to-address-list address-list=rdp_stage10 \ address-list-timeout=2m chain=forward connection-state=new dst-port=3389 \ protocol=tcp src-address-list=rdp_stage9 add action=add-src-to-address-list address-list=rdp_stage9 \ address-list-timeout=2m chain=forward connection-state=new dst-port=3389 \ protocol=tcp src-address-list=rdp_stage8 add action=add-src-to-address-list address-list=rdp_stage8 \ address-list-timeout=2m chain=forward connection-state=new dst-port=3389 \ protocol=tcp src-address-list=rdp_stage4 add action=add-src-to-address-list address-list=rdp_stage7 \ address-list-timeout=2m chain=forward connection-state=new dst-port=3389 \ protocol=tcp src-address-list=rdp_stage6 add action=add-src-to-address-list address-list=rdp_stage6 \ address-list-timeout=2m chain=forward connection-state=new dst-port=3389 \ protocol=tcp src-address-list=rdp_stage5 add action=add-src-to-address-list address-list=rdp_stage5 \ address-list-timeout=2m chain=forward connection-state=new dst-port=\ 3389 protocol=tcp src-address-list=rdp_stage4 add action=add-src-to-address-list address-list=rdp_stage4 \ address-list-timeout=2m chain=forward connection-state=new dst-port=\ 3389 protocol=tcp src-address-list=rdp_stage3 add action=add-src-to-address-list address-list=rdp_stage3 \ address-list-timeout=2m chain=forward connection-state=new dst-port=3389 \ protocol=tcp src-address-list=rdp_stage2 add action=add-src-to-address-list address-list=rdp_stage2 \ address-list-timeout=2m chain=forward connection-state=new dst-port=3389 \ protocol=tcp src-address-list=rdp_stage1 add action=add-src-to-address-list address-list=rdp_stage1 \ address-list-timeout=2m chain=forward connection-state=new dst-port=3389 \ protocol=tcp /ip firewall raw add action=drop chain=prerouting in-interface=ether1 src-address-list=rdp_blacklist