POPPUR爱换

标题: 烦死了,让那些热衷到处扫描端口的混蛋通通去死 [打印本页]
作者: biner    时间: 2008-2-26 13:04
标题: 烦死了,让那些热衷到处扫描端口的混蛋通通去死
啥也不说了,才开了不到30分钟,竟然就90次http访问。
Standard IP access list 1
    10 permit 192.168.1.0, wildcard bits 0.0.0.255 (520564 matches)
Standard IP access list 2(Http访问控制)
    10 permit 192.168.1.0, wildcard bits 0.0.0.255 (3 matches)
    20 deny   any (90 matches)
Extended IP access list 100
    10 deny ip host 255.255.255.255 any
    20 deny ip 127.0.0.0 0.255.255.255 any
    30 permit ip any any (521175 matches)
Extended IP access list 101(WAN口规则)
    10 permit udp host 210.72.145.44 eq ntp any eq ntp (235 matches)
    20 permit udp any any eq 4672 (10368 matches)
    30 permit tcp any any eq 4662 (502603 matches)
    40 deny ip 192.168.1.0 0.0.0.255 any
    50 permit icmp any any echo-reply
    60 permit icmp any any time-exceeded (57 matches)
    70 permit icmp any any unreachable (341 matches)
    80 deny ip 10.0.0.0 0.255.255.255 any
    90 deny ip 172.16.0.0 0.15.255.255 any
    100 deny ip 192.168.0.0 0.0.255.255 any
    110 deny ip 127.0.0.0 0.255.255.255 any
    120 deny ip host 255.255.255.255 any
    130 deny ip host 0.0.0.0 any
    140 deny ip any any log
Extended IP access list 102(telnet访问控制)
    10 permit ip 192.168.1.0 0.0.0.255 any
    20 deny ip any any

统计一下,如果路由器24小时不关,http访问和telnet的访问总数要有几千个,你说你烦不烦啊,进不来还要努力想进来,我内网里什么也没有,没有很黄很暴力的内容。
作者: andrewleuang    时间: 2008-2-26 13:18
很多时候这些人只是为了扫而扫的~~
作者: biner    时间: 2008-2-26 15:56
重启路由器了,IP地址也变了,唯一不变的就是不停的扫描。

Standard IP access list 1
    10 permit 192.168.1.0, wildcard bits 0.0.0.255 (750278 matches)
Standard IP access list 2
    10 permit 192.168.1.0, wildcard bits 0.0.0.255 (6 matches)
    20 deny   any (153 matches)
Extended IP access list 100
    10 deny ip host 255.255.255.255 any
    20 deny ip 127.0.0.0 0.255.255.255 any
    30 permit ip any any (751310 matches)
Extended IP access list 101
    10 permit udp host 210.72.145.44 eq ntp any eq ntp (381 matches)
    20 permit udp any any eq 4672 (21070 matches)
    30 permit tcp any any eq 4662 (701364 matches)
    40 deny ip 192.168.1.0 0.0.0.255 any
    50 permit icmp any any echo-reply
    60 permit icmp any any time-exceeded (70 matches)
    70 permit icmp any any unreachable (525 matches)
    80 deny ip 10.0.0.0 0.255.255.255 any
    90 deny ip 172.16.0.0 0.15.255.255 any
    100 deny ip 192.168.0.0 0.0.255.255 any
    110 deny ip 127.0.0.0 0.255.255.255 any
    120 deny ip host 255.255.255.255 any
    130 deny ip host 0.0.0.0 any
    140 deny ip any any log
Extended IP access list 102
    10 permit ip 192.168.1.0 0.0.0.255 any
    20 deny ip any any (1 match)
作者: johngoo    时间: 2008-2-26 16:46
适当的做一些策略限制:shifty:
作者: biner    时间: 2008-2-26 17:23
已经限制的差不多了,就是每次打开路由器的界面就能看到这些,你说规则根本不允许从外向内访问,他们还不厌其烦一次一次尝试。
作者: zliu    时间: 2008-2-27 23:36
对方中病毒了吧:lol:
作者: jakenchao    时间: 2008-2-28 10:01
传说中的肉鸡……
作者: biner    时间: 2008-3-3 14:43
:unsure: 替那些不停扫描的人累,凌晨升级了最新的IOS,继续扫描攻击吧,看看是你硬还是我强!



欢迎光临 POPPUR爱换 (https://we.poppur.com/) Powered by Discuz! X3.4