achitsai wrote:
我實在很不想說····今天一天制高監控着Y大··...(恕刪)
難怪整天背脊發涼......
說也奇怪......我為什麼一直想到這張圖......舉頭望明月......
低頭溼褲襠......
個人積分:198分
文章編號:67852539
個人積分:198分
文章編號:67852629
個人積分:28533分
文章編號:67856669
測試的時間與暗流浮出檯面的時段是相差不多.假掰別裝囉.再裝就真的很假掰囉.車手要失業囉.
--
說明一下差異.沒上架的時候.前面提到過的呼叫.這部分已搞懂.若當192.168.1.5.
要透過80與443傳給1.1.1.1.裝置先單向傳給對方.最後再經由隱蔽導向而雙向傳輸.
這部分也差異就在內部裝置傳出去給對方時.若對方擅長網通.在這裡.對方還是會知道裝置IP.
同樣的.上架的時候.是直接導向由WAN端出去而後在雙向通.差別在這裡.這是上下架之差異.
意思是說差別在於下架的是內部裝置丟一個單向傳出封包給對方.再藉由WAN做雙向通封包傳輸.
上架是內部一律NAT隱蔽經WAN丟一個單向傳出封包給對方.再藉由WAN做雙向通封包傳輸.
所以差別在這裡.上架的比較隱蔽.不會讓精通網通稿詐騙的假掰集團知情甚至偵測抓您刷純快感.
中繼AP可以放心採用原廠預設值.唯一要改的就是RTS值設為256就行了.干擾可忽略不計.
差異就在於規則.所以主要規則有弄好.其餘啥的都會好.Forward上下架的差別就在這裡.
運用此規則的話.當然內部就能保持穩定快速.若上網遇到緩慢或是有出現的地方(廣告)不一樣.
這時候就是暗流火大啦.它北宋阿.我南宋.等於時全時段放送.也就是不爽而在外圍或網站堵堵.
這已經是常態了.我早習慣了.也就是說未來上網.您會遇到完全跟您網設無相關的.只要連出去.
出去的那一條有時候會很塞.或是慢的啦~的時候.隸屬正常現象.絕對跟ROS網設完全無關吸.
也就是說當暗流北宋低潮的時候.而我南宋禽潮的時候.這時就是時空不同所以完全跟網設沒關係.
出去當然會遇到很多不同的狀況.此上架的規則就是用於讓網設有更鞏固如秦朝萬里長城般的堅硬.
NeverGiveUp!! wrote:--
老祖宗改版經確認沒問題後.Forward照常上架.ROS規則照上述的這篇.
寶貝:)好噢!早點休息噢.
--
Post Malone - Psycho ft. Ty Dolla $ign寶貝:)開心最重要!
個人積分:15986分
文章編號:67856859
個人積分:28533分
文章編號:67857200
| add action=accept chain=input comment=udp limit=1/365d,0:packet protocol=udp |
NeverGiveUp!! wrote:
運用此規則的話.當然內部就能保持穩定快速.若上網遇到緩慢或是有出現的地方(廣告)不一樣.
這時候就是暗流火大啦.它北宋阿.我南宋.等於時全時段放送.也就是不爽而在外圍或網站堵堵.
這已經是常態了.我早習慣了.也就是說未來上網.您會遇到完全跟您網設無相關的.只要連出去.
出去的那一條有時候會很塞.或是慢的啦~的時候.隸屬正常現象.絕對跟ROS網設完全無關吸.
也就是說當暗流北宋低潮的時候.而我南宋禽潮的時候.這時就是時空不同所以完全跟網設沒關係.
出去當然會遇到很多不同的狀況.此上架的規則就是用於讓網設有更鞏固如秦朝萬里長城般的堅硬.
| /ip firewall address-list add address=192.168.88.2-192.168.88.254 list=LAN /ip firewall nat add action=redirect chain=dstnat comment=DNS dst-port=53 protocol=tcp \ to-ports=53 add action=redirect chain=dstnat dst-port=53 protocol=udp to-ports=53 add action=masquerade chain=srcnat comment="IP Masquerading" \ src-address-list=LAN /ip firewall filter add action=reject chain=forward dst-port=53,443 log=yes protocol=udp \ reject-with=icmp-network-unreachable src-address-list=LAN log-prefix=\ Reject LAN -> UDP(53,443) add action=accept chain=input comment=\ "Accept established and related packets" connection-state=\ established,related connection-nat-state=!srcnat add action=accept chain=input comment=udp limit=1/365d,0:packet protocol=udp add action=accept chain=input comment="From our LAN" in-interface=bridge \ connection-state=established,related,new connection-nat-state=!dstnat \ src-address-list=LAN add action=accept chain=input comment="Allow limited pings" icmp-options=\ !8:0-255 limit=50/5s,2:packet protocol=icmp add action=reject chain=input comment="Reject login brute forcers 1" dst-port=\ 21,22,23,8291 log=yes protocol=tcp reject-with=icmp-network-unreachable \ src-address-list=login_blacklist add action=add-src-to-address-list address-list=login_blacklist \ address-list-timeout=4d chain=input comment="Reject login brute forcers 2" \ connection-state=new dst-port=21,22,23,8291 protocol=tcp add action=add-src-to-address-list address-list="port scanners" \ address-list-timeout=2w chain=input comment=\ "Reject port scanners\A1GPort scanners to list" log=yes protocol=tcp psd=\ 21,3s,3,1 add action=add-src-to-address-list address-list="port scanners" \ address-list-timeout=2w chain=input comment="NMAP FIN Stealth scan" log=\ yes protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg add action=add-src-to-address-list address-list="port scanners" \ address-list-timeout=2w chain=input comment="SYN/FIN scan" log=yes \ protocol=tcp tcp-flags=fin,syn add action=add-src-to-address-list address-list="port scanners" \ address-list-timeout=2w chain=input comment="SYN/RST scan" log=yes \ protocol=tcp tcp-flags=syn,rst add action=add-src-to-address-list address-list="port scanners" \ address-list-timeout=2w chain=input comment="FIN/PSH/URG scan" log=yes \ protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack add action=add-src-to-address-list address-list="port scanners" \ address-list-timeout=2w chain=input comment="ALL/ALL scan" log=yes \ protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg add action=add-src-to-address-list address-list="port scanners" \ address-list-timeout=2w chain=input comment="NMAP NULL scan" log=yes \ protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg add action=reject chain=input comment="dropping port scanners" log=yes \ reject-with=icmp-network-unreachable src-address-list="port scanners" add action=log chain=input comment="Log everything else" log-prefix=\ "REJECT INPUT" add action=reject chain=input comment="Reject everything else" reject-with=\ icmp-network-unreachable /system scheduler add comment="Check and set NTP servers" interval=6h name=SetNtpServers \ on-event="# SetNtpServers - Check and set NTP servers from NTP pool\\ # v1.2 Tested and Developed on ROS v5.7\\ #\\ # Change the following line as needed as progName should match script na\\ me \\ :local progName \\"SetNtpServers\";\ \ # Array of NTP pools to use (check www.pool.ntp.org) one or a maximum of\ \_two, a primary & secondary\ # Modify the following line and array variable based on your locale (def\ ault is north america).\ :local arrNtpSystems (\"taiwan.pool.ntp.org\", \"asia.pool.ntp.org\");\ # Alternatively the US related pool below can be used. \ #:local arrNtpSystems (\"taiwan.pool.ntp.org\", \"asia.pool.ntp.org\");\ #\ # No modification is necessary beyond this line.\ :put \"\$progName: Running...\";\ :log info \"\$progName: Running...\";\ :set arrNtpSystems [ :toarray \$arrNtpSystems ];\ :if (( [ :len \$arrNtpSystems ] < 1 ) or ( [ :len \$arrNtpSystems ] > 2 \ )) do={ \ :put \"\$progName: ERROR NTP Systems array (\\\$arrNtpSystems) must \ be either one or two DNS names.\";\ :log info \"\$progName: ERROR NTP Systems array (\\\$arrNtpSystems) \ must be either one or two DNS names.\";\ } else={\ :local arrRosNtpSetting (\"primary-ntp\", \"secondary-ntp\");\ :local i 0;\ :foreach strNtpSystem in (\$arrNtpSystems) do={\ :local ipAddrNtpSystem [ :resolve \$strNtpSystem ];\ :local strRosNtpSetting [ :pick \$arrRosNtpSetting \$i ];\ :local strCurrentNtpIp [ /system ntp client get \$strRosNtpSetti\ ng ];\ :put \"\$progName: NTP server DNS name \$strNtpSystem resolves t\ o \$ipAddrNtpSystem.\";\ :log info \"\$progName: NTP server DNS name \$strNtpSystem resol\ ves to \$ipAddrNtpSystem.\";\ :put \"\$progName: Current \$strRosNtpSetting setting is \$strCu\ rrentNtpIp.\";\ :log info \"\$progName: Current \$strRosNtpSetting setting is \$\ strCurrentNtpIp.\";\ :if ( [ :toip \$ipAddrNtpSystem ] != [ :toip \$strCurrentNtpIp ]\ \_) do={\ :put \"\$progName: Changing \$strRosNtpSetting setting to \$\ ipAddrNtpSystem.\";\ :log info \"\$progName: Changing \$strRosNtpSetting setting \ to \$ipAddrNtpSystem.\";\ :local strCommand [ :parse \"/system ntp client set \$strRos\ NtpSetting=\\\"\$ipAddrNtpSystem\\\"\" ];\ \$strCommand;\ } else={\ :put \"\$progName: No changes were made for the \$strRosNtpS\ etting NTP setting.\";\ :log info \"\$progName: No changes were made for the \$strRo\ sNtpSetting NTP setting.\";\ }\ :set i (\$i + 1);\ }\ }\ :put \"\$progName: Done.\";\ :log info \"\$progName: Done.\";" policy=\ ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \ start-time=startup add comment=Download_Ads_List interval=24h name=DownloadAdsList \ on-event="/system script run Blocklister_download_Ads" policy=\ ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \ start-time=startup add interval=25h name=DownloadSpywareList on-event=\ "/system script run Blocklister_download_Spyware" policy=\ ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \ start-time=startup add interval=26h name=DownloadMalwaredomainlistList on-event=\ "/system script run Blocklister_download_Malwaredomainlist" policy=\ ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \ start-time=startup add interval=27h name=DownloadHijackedList on-event=\ "/system script run \ Blocklister_download_Hijacked" policy=\ ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \ start-time=startup /system script add name=Blocklister_download_Ads owner=admin policy=\ ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="/\\ tool fetch url=\\"https://blocklister.gefoo.org/ads\" dst-path=\"ads.rsc\";\ \_/import file-name=\"ads.rsc\";" add name=Blocklister_download_Spyware owner=admin policy=\ ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="/\\ tool fetch url=\\"https://blocklister.gefoo.org/spyware\" dst-path=\"spywar\ e.rsc\"; /import file-name=\"spyware.rsc\";" add name=Blocklister_download_Malwaredomainlist owner=admin policy=\ ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="/\\ tool fetch url=\\"https://blocklister.gefoo.org/malwaredomainlist\" dst-pat\ h=\"malwaredomainlist.rsc\"; /import file-name=\"malwaredomainlist.rsc\";" add name=Blocklister_download_Hijacked owner=admin policy=\ ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="/\\ tool fetch url=\\"https://blocklister.gefoo.org/hijacked\" dst-path=\"hijac\ ked.rsc\"; /import file-name=\"hijacked.rsc\";" /ip firewall raw add action=drop chain=prerouting dst-address-list=ads_list log=yes add action=drop chain=prerouting comment="Drop Spyware" dst-address-list=\ spyware_list log=yes add action=drop chain=prerouting dst-address-list=hijacked_list log=yes add action=drop chain=prerouting dst-address-list=malwaredomainlist_list \ log=yes add action=drop chain=prerouting src-address-list=port scanners log=yes add action=drop chain=prerouting src-address-list=login_blacklist log=yes add action=drop chain=prerouting comment="Block Teredo IPv6-tunnel" dst-port=\ 3544,3545 protocol=udp src-port=1024-65535 |
寶貝:)留言囉!UDP成功棍確實能解決外部的緩慢.老祖宗鋼鐵堅硬版完成了.
我這版核心主力已算近改版接近於完好.若拿去家用組耐力PK賽.第一不敢當.頂多前十名敢當.
--
Bad Wolves - Zombie (Official Video)寶貝:)開心最重要!
個人積分:28533分
文章編號:67860018
暗流只有失敗棍.壞事幹多注定失敗是應該的.就要刻意兜一圈.才能更確認問題.22海會變多是正常的.22不僅針對中繼還能搞Tor阻斷.
所以專門搞這的.過去若刻意提到這部分的都算暗流.這是會讓01鄉民在連01突然斷連的緣故.
這緣故可以用再把妹用就很好用.以暗流來說.要知道並不困難.這點能被利用.來當把妹的工具.
比方說暗流公器私用或幹壞事.知道某會員長得很正或知道FB或其他啥的然後就先假裝掰假裝熟.
熟段時間就等治水加用乾淨的瀨.博取信任後就故意開始搞Tor阻斷.這時用乾淨的瀨等待求救.
當果真被它堵到的時候.就能有機會假裝掰.跳出來夠雄救霉.最後一定是要搞到出來見面幫忙看.
這樣才能順理成章完成它的人造偽自然.讓對方錯覺誤為.好帥噢.藉由這假象來分散思考的理性.
若用這手段騙人或類似這樣的手段.我能說總有天對方發現真相或已察.隨時都可丟棄這段假情感.
這規則就是專剋暗流假掰手段而設.包括路由被搞亂跳.我想有很大的機率是跟惡性競爭有些關聯.
所以過去有些規則.可以卸下來.因為上述規則已通通包辦.其實還可再精簡一點就是把掃埠拿掉.
只要把Forward定義搞定後.多餘掃埠規則也可去掉.只要規則定義夠清楚.就能避開暗流.
上篇的規則其實已經妥善了.經ROS的Torch確認封包去向.確實已完全達到我的嚴謹原則.
上篇提到的若這拿去家用組耐力PK賽.最終ROS仍是完好如初.內部電腦只需要系統照常更新.
保持良好的習慣.基本就能夠自保.ROS運作擺一年都沒問題.除非有重大更新.就一定要更新.
意思是說拿去耐力PK賽.站在中間立場的ROS一定仍然堅硬.而比較有問題受微影響就是內部.
若內部很久沒更新.或是刻意用以植入伊木馬或惡意的裝置.但不會被影響仍是處理傳輸的ROS.
簡言之是ISP或內部電腦沒去維護或妥善則會影響外.負責封包傳遞的ROS路由是不會被影響.
所以ROS在我的定位就是中間立場.就是立場很中間.故所以更希望它能更堅硬般的能自我保護.
暗流就是把腦筋動在負責傳遞資料的ROS.若已第三方的角度來看.能針對的目標已是更加明顯.
就是要以第三方身分來去搞才有機會掌握內部的裝置.除了ISP之外其餘就只能透過第三方身分.
MikroTik的RouterOS已成為我終生信賴網設的夥伴.功課的進度就留下半年再趕.
ROS的目的不在於擁有它後就是無敵.若這樣想就錯了.ROS的目的在於確保它的本分能做好.
不能說我今天用了某某某APP窩在ROS保護傘底下能夠更安全.未必是.APP若被作者利用.
它也是能透過APP權限讀取或擷取資訊.但唯一不能就是改寫或擅動.這就是ROS存在的目的.
若今天ISP假設要公器私用.經過ROS.基本上只能擷取或存取資訊.ROS僅能降低被越權.
若用在跟自己權益有關的像是銀行或保險甚至股票些相關的.唯一能越權限的就是受與委託服務者.
其餘第三方暗流或詐騙集團唯一能針對方針就是從ROS或成功取得到受與委託服務者的權限鎖匙.
ROS僅能做於在傳輸上盡本分.不易被第三方洞悉而有所利之.這是我對ROS定位存在的定義.
NeverGiveUp!! wrote:--
緩慢的部分有解.就把UDP假開放那條被丟棄的成功棍找回來.合體插入就行了.
寶貝:)上第成功棍無誤.UDP縮寫就是.U上.D第.覽P.所以是有典故的.
--
Nirvana - All Apologies (MTV Unplugged)
Nirvana - Rape Me (SNL 1993)
Nirvana - Heart-Shaped Box (MTV Live and Loud)
Pennyroyal Tea (Live And Loud Rehearsal/Seattle/1993)寶貝:)開心最重要!
個人積分:20929分
文章編號:67860260
個人積分:20929分
文章編號:67860303
個人積分:15986分
文章編號:67861939
個人積分:1606分
文章編號:67861986
關閉廣告