{"id":10057,"date":"2021-09-20T13:40:00","date_gmt":"2021-09-20T10:40:00","guid":{"rendered":"https:\/\/www.kaspersky.com.tr\/blog\/?p=10057"},"modified":"2021-09-20T13:40:00","modified_gmt":"2021-09-20T10:40:00","slug":"how-to-protect-mikrotik-from-meris-botnet","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.tr\/blog\/how-to-protect-mikrotik-from-meris-botnet\/10057\/","title":{"rendered":"MikroTik kullan\u0131c\u0131lar\u0131 i\u00e7in y\u00f6nlendirici korumas\u0131"},"content":{"rendered":"<p>M\u0113ris adl\u0131 yeni bir botnet kullanan son <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/new-m-ris-botnet-breaks-ddos-record-with-218-million-rps-attack\/\" target=\"_blank\" rel=\"noopener nofollow\">b\u00fcy\u00fck \u00f6l\u00e7ekli DDoS sald\u0131r\u0131lar\u0131<\/a>, saniyede yakla\u015f\u0131k 22 milyon istekle zirveye ula\u015ft\u0131. <a href=\"https:\/\/blog.qrator.net\/en\/meris-botnet-climbing-to-the-record_142\/\" target=\"_blank\" rel=\"noopener nofollow\">Qrator\u2019un ger\u00e7ekle\u015ftirdi\u011fi ara\u015ft\u0131rmaya<\/a> g\u00f6re botnet trafi\u011finin olduk\u00e7a b\u00fcy\u00fck bir k\u0131sm\u0131n\u0131 MikroTik\u2019in a\u011f cihazlar\u0131 olu\u015fturuyordu.<\/p>\n<p>Durumu analiz eden MikroTik uzmanlar\u0131, \u015firketin y\u00f6nlendiricilerinde yeni bir g\u00fcvenlik a\u00e7\u0131\u011f\u0131 bulamad\u0131lar; ancak eski a\u00e7\u0131klar\u0131n hala bir tehdit olu\u015fturma ihtimali s\u00f6z konusu. Bu nedenle, y\u00f6nlendiricinizin M\u0113ris botnet\u2019ine (veya bu konudaki ba\u015fka bir botnet\u2019e) dahil olmad\u0131\u011f\u0131ndan emin olmak i\u00e7in birka\u00e7 \u00f6neriye uyman\u0131z gerekiyor.<\/p>\n<h2>MikroTik cihazlar\u0131 neden botnet\u2019e kat\u0131l\u0131yor<\/h2>\n<p>Birka\u00e7 y\u0131l \u00f6nce, yap\u0131lan bir g\u00fcvenlik ara\u015ft\u0131rmas\u0131 sonucunda <a href=\"https:\/\/www.kaspersky.ru\/blog\/web-sas-2018-apt-announcement-2\/19874\/\" target=\"_blank\" rel=\"noopener\">MikroTik y\u00f6nlendiricilerinde bir g\u00fcvenlik a\u00e7\u0131\u011f\u0131<\/a> ke\u015ffedildi: MikroTik y\u00f6nlendiriciler i\u00e7in Winbox ad\u0131nda, bir\u00e7ok cihaz\u0131n g\u00fcvenli\u011finin ihlal edildi\u011fi bir yap\u0131land\u0131rma arac\u0131. Her ne kadar MikroTik g\u00fcvenlik a\u00e7\u0131\u011f\u0131n\u0131 2018\u2019de kapatm\u0131\u015f olsa da, g\u00f6r\u00fcnen o ki t\u00fcm kullan\u0131c\u0131lar y\u00f6nlendiricilerine g\u00fcncellemeyi y\u00fcklememi\u015f.<\/p>\n<p>Dahas\u0131 g\u00fcncellemeyi yapsalar bile herkes \u00fcreticinin g\u00fcncellemeye ek olarak parola de\u011fi\u015ftirme \u00f6nerilerine uymam\u0131\u015f. Bir kullan\u0131c\u0131 parolay\u0131 de\u011fi\u015ftirmediyse, \u00fcr\u00fcn yaz\u0131l\u0131m\u0131 g\u00fcncellenmi\u015f olsa bile sald\u0131rganlar\u0131n y\u00f6nlendiricide oturum a\u00e7mas\u0131na ve y\u00f6nlendiriciyi tekrar suistimal etmesine imkan veriyor.<\/p>\n<p><a href=\"https:\/\/blog.mikrotik.com\/security\/meris-botnet.html\" target=\"_blank\" rel=\"noopener nofollow\">MikroTik<\/a>\u2018e g\u00f6re \u015fu an M\u0113ris\u2019in bula\u015ft\u0131\u011f\u0131 y\u00f6nlendiriciler, 2018\u2019de g\u00fcvenli\u011fi ihlal edilenlerle ayn\u0131 cihazlar. \u015eirket, cihaz\u0131n g\u00fcvenli\u011finin ihlal edildi\u011fini g\u00f6steren i\u015faretleri yay\u0131nlad\u0131 ve konuyla ilgili \u00f6nerileri payla\u015ft\u0131.<\/p>\n<h2>MikroTik y\u00f6nlendiricinizin bir botnet\u2019e dahil olup olmad\u0131\u011f\u0131n\u0131 nas\u0131l anlars\u0131n\u0131z?<\/h2>\n<p>Bir y\u00f6nlendirici bir botnet\u2019e kat\u0131ld\u0131\u011f\u0131nda, siber su\u00e7lular cihaz\u0131n \u00fcr\u00fcn yaz\u0131l\u0131m\u0131ndaki bir dizi ayarda de\u011fi\u015fiklik yaparlar. Bu nedenle MikroTik\u2019in ilk \u00f6nerisi, cihaz\u0131n konfig\u00fcrasyonuna bakmak ve a\u015fa\u011f\u0131dakileri kontrol etmektir:<\/p>\n<ul>\n<li>Komut dizisini (script) fetch () y\u00f6ntemiyle y\u00fcr\u00fcten bir kural varsa (Sistem \u2192 Zamanlay\u0131c\u0131 men\u00fcs\u00fcnden) bu kural\u0131 silin,<\/li>\n<li>Bir SOCKS proxy sunucusu etkinle\u015ftirildiyse, IP \u2192 SOCKS men\u00fcs\u00fcnden ula\u015fabilece\u011fiz ayar ile sunucuyu kullanm\u0131yorsan\u0131z devre d\u0131\u015f\u0131 b\u0131rak\u0131n,<\/li>\n<li>Lvpn adl\u0131 bir L2TP istemcisi (veya size yabanc\u0131 gelen ba\u015fka bir L2TP istemcisi) varsa, bu istemcileri de silin,<\/li>\n<li>5678 numaral\u0131 ba\u011flant\u0131 noktas\u0131 \u00fczerinden uzaktan eri\u015fime izin veren bir g\u00fcvenlik duvar\u0131 kural\u0131 varsa bu kural\u0131 silin.<\/li>\n<\/ul>\n<h2>MikroTik y\u00f6nlendiricinizi koruman\u0131za y\u00f6nelik \u00f6neriler<\/h2>\n<p>D\u00fczenli g\u00fcncellemeler, ba\u015far\u0131l\u0131 bir savunma stratejisinin olduk\u00e7a \u00f6nemli bir par\u00e7as\u0131d\u0131r. Bir MikroTik a\u011f\u0131n\u0131n g\u00fcvenli\u011fini sa\u011flama konusunda yap\u0131lacaklar\u0131n b\u00fcy\u00fck bir k\u0131sm\u0131 a\u011f g\u00fcvenli\u011fi konusundaki en iyi uygulamalar\u0131n takip edilmesidir.<\/p>\n<ul>\n<li>Y\u00f6nlendiricinizin mevcut en son \u00fcr\u00fcn yaz\u0131l\u0131m\u0131n\u0131 kulland\u0131\u011f\u0131ndan emin olun ve g\u00fcncellemelerini d\u00fczenli olarak yap\u0131n,<\/li>\n<li>Zorunlu olmad\u0131\u011f\u0131n\u0131z s\u00fcrece cihaza uzaktan eri\u015fimi devre d\u0131\u015f\u0131 b\u0131rak\u0131n,<\/li>\n<li>Ger\u00e7ekten ihtiyac\u0131n\u0131z varsa uzaktan eri\u015fimi bir VPN kanal\u0131 arac\u0131l\u0131\u011f\u0131yla yap\u0131land\u0131r\u0131n. \u00d6rne\u011fin IPsec protokol\u00fcn\u00fc kullan\u0131n,<\/li>\n<li>Y\u00f6nlendiricinin y\u00f6netimi i\u00e7in uzun ve g\u00fc\u00e7l\u00fc bir parolas\u0131 kullan\u0131n. Mevcut parolan\u0131z g\u00fc\u00e7l\u00fc olsa bile, her ihtimale kar\u015f\u0131 parolan\u0131z\u0131 hemen de\u011fi\u015ftirin.<\/li>\n<\/ul>\n<p>Genel olarak, yerel alan a\u011f\u0131n\u0131z\u0131n g\u00fcvenli olmad\u0131\u011f\u0131 varsay\u0131m\u0131 alt\u0131nda hareket edin, yani bir bilgisayara k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m bula\u015fmas\u0131 halinde, \u00e7evre cihazlardan y\u00f6nlendiriciye sald\u0131rabilir ve kaba kuvvet sald\u0131r\u0131s\u0131yla parolaya ula\u015farak eri\u015fim sa\u011flayabilir. Bu nedenle internete ba\u011fl\u0131 t\u00fcm bilgisayarlarda,\u00a0<a href=\"https:\/\/www.kaspersky.com.tr\/small-business-security\/small-office-security?icid=tr_kdailyplacehold_acq_ona_smm__onl_b2b_kasperskydaily_banner____ksos___\" target=\"_blank\" rel=\"noopener\">g\u00fcvenilir g\u00fcvenlik \u00e7\u00f6z\u00fcmleri<\/a> kullanman\u0131z\u0131 \u015fiddetle tavsiye ediyoruz.<\/p>\n<input type=\"hidden\" class=\"category_for_banner\" value=\"ksos\">\n","protected":false},"excerpt":{"rendered":"<p>MikroTik y\u00f6nlendiricilerini M\u0113ris botnet&#8217;inden korumak veya botnet&#8217;in bula\u015ft\u0131\u011f\u0131 bir y\u00f6nlendiriciyi temizlemek i\u00e7in kullan\u0131c\u0131lar RouterOS&#8217;u g\u00fcncellemeleri ve ayarlar\u0131 kontrol etmeleri gerekiyor.<\/p>\n","protected":false},"author":2581,"featured_media":10058,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1726,1284,1194,1727,1351],"tags":[2472,764,174,1929],"class_list":{"0":"post-10057","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-enterprise","8":"category-tips","9":"category-business","10":"category-smb","11":"category-threats","12":"tag-mikrotik","13":"tag-tavsiye","14":"tag-wi-fi","15":"tag-yonlendiriciler"},"hreflang":[{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/how-to-protect-mikrotik-from-meris-botnet\/10057\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/how-to-protect-mikrotik-from-meris-botnet\/23303\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/how-to-protect-mikrotik-from-meris-botnet\/18790\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/how-to-protect-mikrotik-from-meris-botnet\/25369\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/how-to-protect-mikrotik-from-meris-botnet\/23450\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/how-to-protect-mikrotik-from-meris-botnet\/22863\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/how-to-protect-mikrotik-from-meris-botnet\/26015\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/how-to-protect-mikrotik-from-meris-botnet\/25566\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/how-to-protect-mikrotik-from-meris-botnet\/31488\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/how-to-protect-mikrotik-from-meris-botnet\/41972\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/how-to-protect-mikrotik-from-meris-botnet\/17634\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/how-to-protect-mikrotik-from-meris-botnet\/18130\/"},{"hreflang":"pl","url":"https:\/\/plblog.kaspersky.com\/how-to-protect-mikrotik-from-meris-botnet\/15324\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/how-to-protect-mikrotik-from-meris-botnet\/27379\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/how-to-protect-mikrotik-from-meris-botnet\/31611\/"},{"hreflang":"nl","url":"https:\/\/www.kaspersky.nl\/blog\/how-to-protect-mikrotik-from-meris-botnet\/27589\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/how-to-protect-mikrotik-from-meris-botnet\/24345\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/how-to-protect-mikrotik-from-meris-botnet\/29689\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/how-to-protect-mikrotik-from-meris-botnet\/29483\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com.tr\/blog\/tag\/yonlendiriciler\/","name":"y\u00f6nlendiriciler"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/10057","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/users\/2581"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/comments?post=10057"}],"version-history":[{"count":1,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/10057\/revisions"}],"predecessor-version":[{"id":10059,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/10057\/revisions\/10059"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media\/10058"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media?parent=10057"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/categories?post=10057"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/tags?post=10057"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}