Since my tech buddies and I usually run SSH on non-standard ports I decided to throw together a few lines in the router ACL to snag all the bots and wanna be’s tapping port 22 for an easy target.
Write a line that looks like this to grab any IP that sends a packet to 22 , and have it dynamically add that IP to an address list.
;Port 22 hack trap
chain=pass action=add-src-to-address-list in-interface=ether1 dst-port=22 protocol=tcp address-list=Hacked address-list-timeout=0s
Then just stick a line like his right above that rule, that matches packets with anything on that address list
;Drop port 22 hack attempts
chain=pass action=drop src-address-list=Hacked
This is also fun to do on port 8080 for the bots and such looking for open proxies, just snag the IP with the same rule above then send their crap to the bitbucket.
And that concludes this class of Creative ACLing 101
Why yes…yes I am bored at work today
September 15th, 2007 at 10:52 am
how’s work today roffle