½üÆÚ£¬ÃûΪ“GlobeImposter ”µÄÀÕË÷²¡¶¾Ôٴα¬·¢£¬ÖйúÖÚ¶àÓû§“ÖÐÕД¡£97¹ú¼ÊÍøÂçÒÑÐû²¼ÏÂÒ»´ú·À»ðǽµÄÌá·À²½·¥£¬½¨Òé¿Í»§ÊµÊ±µ÷½â·À»ðǽ¼°Öնˣ¬Ìá·À²¡¶¾¡£ÎªÁË×ÊÖúÓû§³¹µ×¶Å¾ø¸Ã²¡¶¾£¬97¹ú¼ÊÊÖÒÕ·þÎñ¹¤³ÌʦΪ¿í´óÓû§½øÒ»²½Ìṩ¸üΪÏêϸµÄ´¦Öóͷ£¼Æ»®¡£

97¹ú¼Ê²úÆ·Õë¶Ô“GlobeImposter ”µÄÌá·À²½·¥

“GlobeImposter”ÀÕË÷²¡¶¾³ýʹÓÃÒÑÖªµÄWindowsµÄϵͳÎó²îÖ®Í⣬»¹Ê¹ÓÃWindowsÔ¶³Ì×ÀÃæ·þÎñÏà¹Ø¶Ë¿Ú¾ÙÐÐÈö²¥£¬97¹ú¼ÊÍøÂçÇ¿ÁÒ½¨ÒéÏà¹Øµ¥Î»ºÍСÎÒ˽¼ÒÓû§×öºÃÒÔϲ½·¥£º

£¨Ò»£©¹Ø±Õ135¡¢137¡¢139¡¢445µÈ¶Ë¿ÚµÄÍⲿÍøÂç»á¼ûȨÏÞ£¬ÔÚ·þÎñÆ÷ÉϹرղ»ÐëÒªµÄÉÏÊö·þÎñ¶Ë¿Ú£»

£¨¶þ£©ÔöÇ¿¶Ô135¡¢137¡¢139¡¢445µÈ¶Ë¿ÚµÄÄÚ²¿ÍøÂçÇøÓò»á¼ûÉó¼Æ£¬ÊµÊ±·¢Ã÷·ÇÊÚȨÐÐΪ»òDZÔڵĹ¥»÷ÐÐΪ£»

£¨Èý£©¹Ø±ÕWindowsÔ¶³Ì×ÀÃæ·þÎñµÄÍâÍø»á¼ûȨÏÞ£¨Ä¬È϶˿ÚΪTCP 3389£©£¬Í¬Ê±ÔÚ·þÎñÆ÷ÉϹرÕWindowsÔ¶³Ì×ÀÃæ·þÎñ¡£ÈçÈ·Ð迪ÆôÔ¶³Ì×ÀÃæ·þÎñ£¬½¨ÒéÐÞ¸ÄĬÈϵÄWindowsÔ¶³Ì×ÀÃæ·þÎñ¶Ë¿Ú£¬»òͨ¹ýWindows·À»ðǽ¡¢ÍøÂç×°±¸ÉèÖÃÔÊÐí»á¼û¸Ã·þÎñµÄÔ¶³ÌÖ÷»úµØÖ·£»

£¨ËÄ£©ÔöÇ¿·þÎñÆ÷µÄÃÜÂë¹ÜÀí£¬ÉèÖÃÇ¿¿ÚÁî²¢°´ÆÚÌæ»»ÃÜÂ룻

½ÓÄÉ97¹ú¼Ê²úÆ·×齨µÄÍøÂ磬¿ÉÒÔ¿ªÆôÏà¹Ø²úÆ·¹¦Ð§¾ÙÐÐÔ¤·À£¬ÒÔÌá·ÀºÍ½µµÍ¹¥»÷±¬·¢µÄÓ°Ïì¡£¿ÉÔÚÍøÂç½çÏߣ¨³ö¿ÚÍø¹Ø¡¢Â·ÓÉÆ÷»òÇå¾²×°±¸£©¡¢ÄÚ²¿ÍøÂçÇøÓò£¨½»Á÷»ú¼°ÎÞÏß×°±¸£©¡¢Ö÷»úÇå¾²£¨Ó¦ÓÃÈí¼þ£©µÄÓªÒµÓÅÏÈÅŲ¼Âß¼­½Ç¶È£¬°²ÅÅÇå¾²Õ½ÂÔ£¬ÏêϸÌá·À¼Æ»®ÈçÏ£º

×¢ÖØ£ºÈôͨ¹ýÍøÂç×°±¸×è¶Ï445¼°ÆäËû¹ØÁª¶Ë¿Ú£¨Èç: 135¡¢137¡¢139¡¢3389¶Ë¿Ú)µÄÍⲿÍøÂç»á¼ûȨÏÞ£¬»áÓ°Ïìµ½“WindowsÎļþ¹²Ïí¹¦Ð§”¡¢“ADÓò¡¢LDAP¶Ô½Ó³¡¾°”¡¢“ÔÆ×ÀÃæ²úÆ·“µÈµÄʹÓ㬽¨Òéƾ֤¿Í»§ÏÖʵӪҵÇéÐÎÑ¡Ôñ·â¶ÂµÄ¶Ë¿Ú£¬Õë¶ÔÔÆ·þÎñÆ÷»òÓªÒµ·þÎñÆ÷£¬·Åͨ139ºÍ445¶Ë¿Ú¡£

• ³ö¿ÚÍø¹Ø²úÆ·

ÍøÂç½çÏß³ö¿Ú°²ÅÅ97¹ú¼ÊNPE/NBR/EGÍø¹Ø²úÆ·£¬Ö÷Òª½ÓÄÉեȡ135¡¢137¡¢139¡¢445¡¢3389·þÎñ¶Ë¿ÚÌá·ÀΣº¦¡£ÐèҪעÖØÍø¹Ø²úÆ·¾­³£»á°²ÅÅÐí¶àµÄÓ³ÉäÓªÒµ£¬ÇëÎñ±ØÈ·ÈÏӪҵʹÓõĶ˿ÚÊÇ·ñÓÐÔÚ´ËեȡÐÐÁУ¬×èÖ¹Ó°ÏìÕý³£ÓªÒµÊ¹Óã¬Ïêϸ·½·¨ÈçÏÂ:

Ruijie#configure terminal

Ruijie(config)#ip access-list 2999£¨Acl num<1-3000>£¬×¢Öز»Òª¸úÆäËûACL³åÍ»ÁË£©

Ruijie(config-ext-nacl)#10 deny tcp any any eq 135

Ruijie(config-ext-nacl)#20 deny tcp any any eq 137

Ruijie(config-ext-nacl)#30 deny tcp any any eq 139

Ruijie(config-ext-nacl)#40 deny tcp any any eq 445

Ruijie(config-ext-nacl)#50 deny tcp any any eq 3389

Ruijie(config-ext-nacl)#60 deny udp any any eq 135

Ruijie(config-ext-nacl)#70 deny udp any any eq 137

Ruijie(config-ext-nacl)#80 deny udp any any eq 139

Ruijie(config-ext-nacl)#90 deny udp any any eq 445

Ruijie(config-ext-nacl)#120 permit ip any any   (Σº¦µã£º×îºó±ØÐèÉèÖÃÔÊÐíËùÓУ¬²»È»»áµ¼Ö¶ÏÍø)

Ruijie(config-ext-nacl)#exit

Ruijie(config)#ip session filter 2999 (×¢ÖØ˳Ðò£¬±ØÐèÏÈÉèÖÃACL 2999ÔÙÉèÖÃip session filter)

• ·ÓɲúÆ·

ÍøÂç½çÏß³ö¿Ú°²ÅÅ97¹ú¼ÊRSR·ÓÉÆ÷²úÆ·£¬Ö÷Òª½ÓÄÉեȡ135¡¢137¡¢139¡¢445¡¢3389·þÎñ¶Ë¿ÚÒÔÌá·ÀΣº¦¡£×¢ÖØÈ·ÈÏÊÇ·ñÓÐÆäËûÕý³£ÓªÒµÉæ¼°¸Ã¶Ë¿Ú£¬×èÖ¹Ó°ÏìÕý³£ÓªÒµÊ¹Óá£
RSR1002e/RSR2004e/RSR2014EF/RSR3044/RSR30-X/RSR50E40/RSR77 /RSR77XϵÁвúÆ·ÍƼöʹÓÃsession filter·½·¨£¬ÉèÖ÷½·¨ÈçÏ£º

È«¾Ö½¨ÉèACE±íÏ²¢ÔÚÈ«¾ÖģʽŲÓøÃACLʹÆäÉúЧ¡£

Ruijie#configure terminal

Ruijie(config)#ip access-list extend deny_onion

Ruijie(config-ext-nacl)#10 deny tcp any any eq 135

Ruijie(config-ext-nacl)#20 deny tcp any any eq 137

Ruijie(config-ext-nacl)#30 deny tcp any any eq 139

Ruijie(config-ext-nacl)#40 deny tcp any any eq 445

Ruijie(config-ext-nacl)#50 deny tcp any any eq 3389

Ruijie(config-ext-nacl)#60 deny udp any any eq 135

Ruijie(config-ext-nacl)#70 deny udp any any eq 137

Ruijie(config-ext-nacl)#80 deny udp any any eq 139

Ruijie(config-ext-nacl)#90 deny udp any any eq 445

Ruijie(config-ext-nacl)#120 permit ip any any   (Σº¦µã£º×îºó±ØÐèÉèÖÃÔÊÐíËùÓУ¬²»È»»áµ¼Ö¶ÏÍø)

Ruijie(config-ext-nacl)#exit

Ruijie(config)#ip fpm session filter deny_onion

Õë¶ÔRSR20,RSR50,RSR50eϵÁв»Ö§³Ösession filter¹¦Ð§µÄ·ÓÉÆ÷×°±¸£¬ÍƼöʹÓÃACLÉèÖã¬ÉèÖ÷½·¨ÈçÏÂ:

Ruijie#configure terminal

Ruijie(config)#ip access-list extend deny_onion

Ruijie(config-ext-nacl)#10 deny tcp any any eq 135

Ruijie(config-ext-nacl)#20 deny tcp any any eq 137

Ruijie(config-ext-nacl)#30 deny tcp any any eq 139

Ruijie(config-ext-nacl)#40 deny tcp any any eq 445

Ruijie(config-ext-nacl)#50 deny tcp any any eq 3389

Ruijie(config-ext-nacl)#60 deny udp any any eq 135

Ruijie(config-ext-nacl)#70 deny udp any any eq 137

Ruijie(config-ext-nacl)#80 deny udp any any eq 139

Ruijie(config-ext-nacl)#90 deny udp any any eq 445

Ruijie(config-ext-nacl)#120 permit ip any any   (Σº¦µã£º×îºó±ØÐèÉèÖÃÔÊÐíËùÓУ¬²»È»»áµ¼Ö¶ÏÍø)

Ruijie(config-ext-nacl)#exit

Ruijie(config)#interface gigabitEthernet 0/1  //ƾ֤²î±ð¶Ë¿Ú¾ÙÐе÷½â

Ruijie(config-if-gigabitEthernet)#ip access-group deny_onion in

ÈôÊÇ֮ǰÒѾ­ÓÐÉèÖÃÕâÁ½ÖÖ¹¦Ð§£¬Ö»ÐèÒª°ÑÕâ´Î¹ýÂ˶˿ڵÄACE¼ÓÈë֮ǰµÄACL¼´¿É¡£

• Çå¾²²úÆ·

ÍøÂç½çÏßÇå¾²ÇøÓò°²ÅÅ97¹ú¼Ê97¹ú¼Ê·À»ðǽ²úÆ·£¬¿ÉÒÔͨ¹ý×è¶ÏÎó²î¶Ë¿Ú»òÉý¼¶¹æÔò¿âµÄ·½·¨´¦Öóͷ££º

1£©Çå¾²²úÆ·Ê×ÏȽÓÄÉեȡTCP135¡¢TCP/UDP137¡¢TCP139¡¢TCP445¡¢TCP3389·þÎñ¶Ë¿Ú¡£Èç°²Åųö¿ÚµÄ·À»ðǽװ±¸¾­³£»á°²ÅÅÐí¶àµÄÓ³ÉäÓªÒµ£¬ÇëÎñ±ØÈ·ÈÏӪҵʹÓõĶ˿ÚÊÇ·ñÓÐÔÚ´ËեȡÐÐÁУ¬×èÖ¹Ó°ÏìÕý³£ÓªÒµÊ¹Óá£
ÒÔÈ«ÐÂÏÂÒ»´ú·À»ðǽΪÀý£¬ÉèÖð취ÈçÏ£º

2£©UTMÌØÕ÷¿âÊÚȨÔÚÓÐÓÃÆÚÄÚµÄÓû§£¬¿É¿ªÆôÈëÇÖ·ÀÓù»ò·À²¡¶¾¹¦Ð§¾ÙÐÐÉî¶È·ÀÓù£º

• RG-WALL 1600ϵÁÐÈ«ÐÂÏÂÒ»´ú·À»ðǽ²úÆ·£¨ÐͺţºRG-WALL 1600-S3100/S3200/S3600/S3700/M5100/M6600/X8500/9300/X9850£©,½«ÈëÇÖ·ÀÓùÌØÕ÷¿â¸üе½14.00570°æ±¾£¬ ²¡¶¾ÌØÕ÷¿â¸üе½ 66.00963 °æ±¾Ö®ºó£¬Í¬Ê±¿ªÆôÈëÇÖ·ÀÓùºÍ²¡¶¾·À»¤¹¦Ð§¼´¿ÉÓÐÓÃ×èµ²ÀÕË÷²¡¶¾£¨ÈëÇÖ·ÀÓùºÍ²¡¶¾·À»¤¹¦Ð§µÄÏêϸÉèÖÃÒªÁ죬¿É²Î¿¼²úÆ·µÄʵÑéÒ»±¾Í¨£©£»

• RG-WALL 1600-EϵÁÐÈ«ÐÂÄ£¿é»¯·À»ðǽ²úÆ·£¨ÐͺţºRG-WALL 1600-E200/E300/E400/E600/E800£©£¬½«ÈëÇÖ·ÀÓùÌØÕ÷¿â£¨ipsÌØÕ÷¿â£©¹æÔò¿â/¿ìËÙ¼ì²â²¡¶¾¿â°æ±¾¸üе½ 2019-03-11 °æ±¾¼°Ö®ºó£¬Í¬Ê±¿ªÆôÈëÇÖ·ÀÓù¡¢²¡¶¾·À»¤¹¦Ð§¼´¿ÉÓÐÓÃ×èµ²ÀÕË÷²¡¶¾£¨ÈëÇÖ·ÀÓù¹¦Ð§µÄÏêϸÉèÖÃÒªÁ죬¿É²Î¿¼²úÆ·µÄʵÑéÒ»±¾Í¨£©£»

• ½»Á÷²úÆ·

Èô¿Í»§³ö¿Ú½çÏß×°±¸ÎÞ·¨ÉèÖøôÀ룬¿É˼Á¿ÔÚ½»Á÷²úÆ·ÓëÍâÍø³ö¿Ú»¥Áª¶Ë¿Ú¼°ÆäËü±£´æѬȾ²¡¶¾Î£º¦µÄÈë¶Ë¿ÚÉÏ°²ÅÅACL¡£µ«Çë×¢ÖØÈ·ÈÏÊÇ·ñÓÐÆäËûÕý³£Ó¦ÓÃÉæ¼°¸Ã¶Ë¿Ú£¬×èÖ¹Ó°ÏìÕý³£ÓªÒµÊ¹Ó㬷½·¨ÈçÏ£º

½¨ÉèACE±íÏî

Ruijie#configure terminal

Ruijie(config)#ip access-list extend deny_onion

Ruijie(config-ext-nacl)#10 deny tcp any any eq 135

Ruijie(config-ext-nacl)#20 deny tcp any any eq 137

Ruijie(config-ext-nacl)#30 deny tcp any any eq 139

Ruijie(config-ext-nacl)#40 deny tcp any any eq 445

Ruijie(config-ext-nacl)#50 deny tcp any any eq 3389

Ruijie(config-ext-nacl)#60 deny udp any any eq 135

Ruijie(config-ext-nacl)#70 deny udp any any eq 137

Ruijie(config-ext-nacl)#80 deny udp any any eq 139

Ruijie(config-ext-nacl)#90 deny udp any any eq 445

Ruijie(config-ext-nacl)#150 permit ip any any   (Σº¦µã£º×îºó±ØÐèÉèÖÃÔÊÐíËùÓУ¬²»È»»áµ¼Ö¶ÏÍø)

Ruijie(config-ext-nacl)#exit

ÍƼöÑ¡ÔñÔÚÎïÀí½Ó¿ÚÉÏÓ¦ÓøÃACL£¬ÎÞÐèÔÚSVI½Ó¿ÚÉÏÉèÖá£ÀýÈ磺

Ruijie(config)#interface gigabitEthernet 0/1  //ƾ֤²î±ð¶Ë¿Ú¾ÙÐе÷½â

Ruijie(config-if-gigabitEthernet)#ip access-group deny_onion in

• ÎÞÏß²úÆ·

ÈôÊÇÍøÂçÖа²ÅÅ97¹ú¼ÊÎÞÏß×°±¸£¬Ö÷Òª½ÓÄÉեȡ135¡¢137¡¢139¡¢445¡¢3389·þÎñ¶Ë¿ÚÒÔÌá·ÀΣº¦£¬×¢ÖØÈ·ÈÏÊÇ·ñÓÐÆäËûÕý³£ÓªÒµÉæ¼°¸Ã¶Ë¿Ú£¬×èÖ¹Ó°ÏìÕý³£ÓªÒµÊ¹Óá£

1£©ÈôÊÇACÔÚ¾ÖÓòÍøÇéÐΣ¬½¨ÒéÔÚ³ö¿Ú×°±¸×öÏìÓ¦·À»¤Õ½ÂÔ£¬ÎÞÐèµ÷½âACÉèÖá£

2£©ÈôÊÇAC×÷Ϊ»¥ÁªÍø³ö¿Ú£¬ÔòÐèÔÚACÉÏ°²ÅÅACL·À»¤Õ½ÂÔ£¬ÏêϸÉèÖÃÒªÁìÈçÏÂ:

×¢ÖØ£ºÉèÖÃÇ°ÇëÏÈÈ·ÈÏÊÇ·ñÓÐÆäËûÕý³£Ó¦ÓÃÐèʹÓÃÒÔ϶˿Ú£¬×èÖ¹Ó°ÏìÕý³£ÓªÒµÊ¹Óá£

Ruijie#configure terminal

Ruijie(config)#ip access-list extend deny_onion

Ruijie(config-ext-nacl)#10 deny tcp any any eq 135

Ruijie(config-ext-nacl)#20 deny tcp any any eq 137

Ruijie(config-ext-nacl)#30 deny tcp any any eq 139

Ruijie(config-ext-nacl)#40 deny tcp any any eq 445

Ruijie(config-ext-nacl)#50 deny tcp any any eq 3389

Ruijie(config-ext-nacl)#60 deny udp any any eq 135

Ruijie(config-ext-nacl)#70 deny udp any any eq 137

Ruijie(config-ext-nacl)#80 deny udp any any eq 139

Ruijie(config-ext-nacl)#90 deny udp any any eq 445

Ruijie(config-ext-nacl)#120 permit ip any any   (Σº¦µã£º×îºó±ØÐèÉèÖÃÔÊÐíËùÓУ¬²»È»»áµ¼Ö¶ÏÍø)

Ruijie(config-ext-nacl)#exit

°²Åų¡¾°£º

1£©ÈôÊÇÄÚÍøÎÞÏßÖÕ¶ËÒѾ­·ºÆðÎÊÌ⣬ÔÚÎÞÏßµÄwlansecÏÂŲÓöÔÓ¦µÄÎÞÏßACL£¬·À»¤ÄÚÍø

Ruijie(config)#wlansec 1   £¨×¢ÖØ£ºÃ¿¸öÓû§µÄwlansec϶¼ÐèҪŲÓã©

Ruijie(config-wlansec)#ip access-group deny_onion in (×¢ÖØ˳Ðò£¬±ØÐèÉèÖúÃACL deny_onionÔÙÉèÖÃip access-group deny_onion in)

Ruijie(config-wlansec)#exit

Ruijie(config)#exit

Ruijie#write

2£©ÈôÊÇÄ¿½ñÄÚÍøÎÞÏßʹÓÃÕý³££¬Ö»ÐèÒª·À»¤ÍâÍøµÄ¹¥»÷±¨ÎÄ£¬¿ÉÔÚACÉÏÁªÎïÀí½Ó¿ÚŲÓÃ

Ruijie(config)# interface gigabitEthernet 0/1   £¨ÐèÒªÔÚACÉÏÁªµÄÎïÀí½Ó¿ÚŲÓã©

Ruijie (config-if-GigabitEthernet 0/1)#ip access-group deny_onion in (×¢ÖØ˳Ðò£¬±ØÐèÉèÖúÃACL deny_onionÔÙÉèÖÃip access-group deny_onion in)

Ruijie (config-if-GigabitEthernet 0/1)# exit

Ruijie(config)#exit

Ruijie#write

ÈçÐè½øÒ»²½×Éѯ»òÊÖÒÕÖ§³Ö£¬¿ÉÒÔÁªÏµÍ³Ò»¿Í·þµç»°£º4008111000¡£