Cara ini berfungsi untuk menghentikan proses scan dan akan langsung di blokir, serta menambahkan log agar tim IT dapat mengetahui ip yang sedang melakukan scan port.
Untuk Mendeteksi/Menandai serangan yang lewat.
LANGKAH 1 - Firewall -> Filter Rules -> Add (+)
[GENERAL]
Chain = forward
Protocol = Tcp
[EXTRA]
PSD
Weight Threshold = 21
Delay Threshold = 00:00:03
Low Port Weight = 3
High Port Weight = 1
[ACTION]
Action = add src to address list
log = enable (ceklist)
Address List = User Port Scan
Timeout = 12:00:00
Buat Juga Untuk UDP
Untuk mendeteksi/menandai serangan yang masuk.
LANGKAH 2 - Firewall -> Filter Rules -> Add (+)
[GENERAL]
Chain = input
Protocol = Tcp
[EXTRA]
PSD
Weight Threshold = 21
Delay Threshold = 00:00:03
Low Port Weight = 3
High Port Weight = 1
[ACTION]
Action = add src to address list
log = enable (ceklist)
Address List = User Port Scan
Timeout = 12:00:00
Buat Juga Untuk UDP
Membuat Rules yang melakukan port scanning akan di blokir
LANGKAH 3 - Firewall -> Filter Rules -> Add (+)
[GENERAL]
Chain = forward
Src. Address List = User Port Scan
[ACTION]
Action = drop
LANGKAH 4 - Firewall -> Filter Rules -> Add (+)
[GENERAL]
Chain = input
Src. Address List = User Port Scan
[ACTION]
Action = drop <enter>
Posting Komentar