To secure the router mikrotik from traffic virus and excess ping can be used scripts firewall following
First created address-list "ournetwork" which contains the radio IP address, IP LAN and WAN IP or other IP that can be trusted
In the following example is the radio IP address = 10.0.0.0/16, 192.168.2.0/24 = IP LAN and WAN IP = 203.89.24.0/21 and other reliable IP = 202.67.33.7
To create address-list can use a script like the following examples are adapted to live with your network configuration.
Create the following skrtip using notepad and then copy-paste into the console mikrotik
/ Ip firewall address-list
add list = ournetwork address = 203.89.24.0/21 comment = "Datautama Network" \
disabled = no
add list = ournetwork address = 10.0.0.0/16 comment = "IP Radio" disabled = no
add list = ournetwork address = 192.168.2.0/24 comment = "LAN Network" disabled = no
Furthermore, copy-paste the following script on mikrotik console
/ Ip firewall filter
add chain = forward connection-state = established action = accept comment = "allow \
established connections "disabled = no
add chain = forward connection-state = related action = accept comment = "allow \
related connections "disabled = no
add chain = virus protocol = udp dst-port = 135-139 action = drop comment = "Drop \
Messenger Worm "disabled = no
add chain = forward connection-state = invalid action = drop comment = "drop invalid \
connections "disabled = no
add chain = virus protocol = tcp dst-port = 135-139 action = drop comment = "Drop \
Blaster Worm "disabled = no
add chain = virus protocol = tcp dst-port = 1433-1434 action = drop comment = "Worm" \
disabled = no
add chain = virus protocol = tcp dst-port = 445 action = drop comment = "Drop Blaster \
Worm "disabled = no
add chain = virus protocol = udp dst-port = 445 action = drop comment = "Drop Blaster \
Worm "disabled = no
add chain = virus protocol = tcp dst-port = 593 action = drop comment ="________" \
disabled = no
add chain = virus protocol = tcp dst-port = 1024-1030 action = drop comment ="________" \
disabled = no
add chain = virus protocol = tcp dst-port = 1080 action = drop comment = "Drop MyDoom" \
disabled = no
add chain = virus protocol = tcp dst-port = 1214 action = drop comment ="________" \
disabled = no
add chain = virus protocol = tcp dst-port = 1363 action = drop comment = "NDM requester" \
disabled = no
add chain = virus protocol = tcp dst-port = 1364 action = drop comment = "NDM server" \
disabled = no
add chain = virus protocol = tcp dst-port = 1368 action = drop comment = "screen cast" \
disabled = no
add chain = virus protocol = tcp dst-port = 1373 action = drop comment = "hromgrafx" \
disabled = no
add chain = virus protocol = tcp dst-port = 1377 action = drop comment = "cichlid" \
disabled = no
add chain = virus protocol = tcp dst-port = 2745 action = drop comment = "Bagle Virus" \
disabled = no
add chain = virus protocol = tcp dst-port = 2283 action = drop comment = "Drop Dumaru.Y" \
disabled = no
add chain = virus protocol = tcp dst-port = 2535 action = drop comment = "Drop Beagle" \
disabled = no
add chain = virus protocol = tcp dst-port = 2745 action = drop comment = "Drop \
Beagle.CK "disabled = no
add chain = virus protocol = tcp dst-port = 3127 action = drop comment = "Drop MyDoom" \
disabled = no
add chain = virus protocol = tcp dst-port = 3410 action = drop comment = "Drop Backdoor \
OptixPro "disabled = no
add chain = virus protocol = tcp dst-port = 4444 action = drop comment = "Worm" \
disabled = no
add chain = virus protocol = udp dst-port = 4444 action = drop comment = "Worm" \
disabled = no
add chain = virus protocol = tcp dst-port = 5554 action = drop comment = "Drop Sasser" \
disabled = no
add chain = virus protocol = tcp dst-port = 8866 action = drop comment = "Drop Beagle.B" \
disabled = no
add chain = virus protocol = tcp dst-port = 9898 action = drop comment = "Drop \
Dabber.AB "disabled = no
add chain = virus protocol = tcp dst-port = 10000 action = drop comment = "Drop \
Dumaru.Y, preferably on the disabled because it is also often used for vpn or \
webmin "disabled = yes
add chain = virus protocol = tcp dst-port = 10080 action = drop comment = "Drop \
MyDoom.B "disabled = no
add chain = virus protocol = tcp dst-port = 12345 action = drop comment = "Drop NetBus" \
disabled = no
add chain = virus protocol = tcp dst-port = 17300 action = drop comment = "Drop Kuang2" \
disabled = no
add chain = virus protocol = tcp dst-port = 27374 action = drop comment = "Drop \
SubSeven "disabled = no
add chain = virus protocol = tcp dst-port = 65506 action = drop comment = "Drop PhatBot, \
Agobot, Gaobot "disabled = no
add chain = forward action = jump jump-target = virus comment = "jump to the virus \
chain "disabled = no
add chain = input connection-state = established action = accept comment = "Accept \
established connections "disabled = no
add chain = input connection-state = related action = accept comment = "Accept related \
connections "disabled = no
add chain = input connection-state = invalid action = drop comment = "Drop invalid \
connections "disabled = no
add chain = input protocol = udp action = accept comment = "UDP" disabled = no
add chain = input protocol = icmp limit = 50/5s, 2 action = accept comment = "Allow \
limited Pings "disabled = no
add chain = input protocol = icmp action = drop comment = "Drop excess Pings" \
disabled = no
add chain = input protocol = tcp dst-port = 21 src-address-list = ournetwork \
action = accept comment = "FTP" disabled = no
add chain = input protocol = tcp dst-port = 22 src-address-list = ournetwork \
action = accept comment = "SSH for secure shell" disabled = no
add chain = input protocol = tcp dst-port = 23 src-address-list = ournetwork \
action = accept comment = "Telnet" disabled = no
add chain = input protocol = tcp dst-port = 80 src-address-list = ournetwork \
action = accept comment = "Web" disabled = no
add chain = input protocol = tcp dst-port = 8291 src-address-list = ournetwork \
action = accept comment = "Winbox" disabled = no
add chain = input protocol = tcp dst-port = 1723 action = accept comment = "pptp-server" \
disabled = no
add chain = input src-address-list = ournetwork action = accept comment = "From \
Datautama network "disabled = no
add chain = input action = log log-prefix = "DROP INPUT" comment = "Log everything \
else "disabled = no
add chain = input action = drop comment = "Drop everything else" disabled = no
The effect of the script above is:
mikrotik router is only accessible FTP , SSH , Web and Winbox from the IP address defined in the list "ournetwork" so can not be accessed from any place.
Ports are often used in the block so that viral traffic virus can not pass up, but keep in mind if there are users who have difficulty accessing a specific service must be checked at the chain = "virus" is needed if the port is blocked by the user's firewall .
Packet is limited to avoid excess ping ping.
Also to consider is: should create a new user and password with full group and then disable the admin user, this is to minimize the risk of your mikrotik hack people.
Good luck
Entri Populer
-
Facebook found and fixed a bug that compromised the contact information of 6M users The exposure of e-mail addresses and phone number appear...
-
THE ARTICLE BELOW IS FROM MUSICIANSWAGES.COM AND AT TALENTS FOR ASIA ARE IN TOTAL AGREEMENT WITH THE WRITER by DAVID J. HAHN Two years ag...
-
Review: Kindle Paperwhite keeps Amazon at top of the pile for e-readers There's a little light bleeding at screen bottom, but overall f...
-
PLAYING FOR CHANGE In a time where there is so much hate in the world with wars and violence everywhere , Playing for Change is a much w... -
Viral video shows a Canadian astronaut singing David Bowie's "Space Oddity" from space Posted Sunday, video has more than 1 mi...
-
People engage in juvenile behavior online, even if they're adults Internet and digital media have produced "Peter Pan effect,"...
-
Report: Samsung Galaxy S4 will roll out in February at Mobile World Congress in Spain Phone will have a 5-inch screen, more powerful hardwa...
{ 0 komentar... read them below or add one }
Post a Comment