Wednesday, 27 June 2012

Mengatasi serangan NetCut, Mac Cloning, Conficker dan Spam menggunakan Mikrotik RouterOS

Ok, langsung saja.. Kali ini saya akan memberikan tips and trik racikan konfigurasi firewall mikrotik routerOS untuk menangani beberapa masalah yang sering terjadi pada jaringan Hotspot seperti RT RW net. Beberapa serangan yang sering digunakan para attacker/ hacker untuk bisa mendapatkan koneksi internet secara gratis ataupun serangan virus, spam & DDOS yang dapat merusak lalu lintas data akan sangat membuat para admin jaringan merasa lelah untuk menanganinya… hahaha…
Oke, untuk mempersingkat waktu, langsung saja gunakan perintah-perintah berikut di terminal mikrotik kamu! :)
/ip firewall filter add action=accept chain=input comment=”default configuration (anti netcut, defaultnya accept)” disabled=no protocol=icmp


anti confliker
/ ip firewall filter
add chain=forward protocol=udp src-port=135-139 action=drop comment=”;;Block W32.Kido – Conficker” disabled=no
add chain=forward protocol=udp dst-port=135-139 action=drop comment=”" disabled=no
add chain=forward protocol=udp src-port=445 action=drop comment=”" disabled=no
add chain=forward protocol=udp dst-port=445 action=drop comment=”" disabled=no
add chain=forward protocol=tcp src-port=135-139 action=drop comment=”" disabled=no
add chain=forward protocol=tcp dst-port=135-139 action=drop comment=”" disabled=no
add chain=forward protocol=tcp src-port=445 action=drop comment=”" disabled=no
add chain=forward protocol=tcp dst-port=445 action=drop comment=”" disabled=no
add chain=forward protocol=tcp dst-port=4691 action=drop comment=”" disabled=no
add chain=forward protocol=tcp dst-port=5933 action=drop comment=”" disabled=no
add chain=forward protocol=udp dst-port=5355 action=drop comment=”Block LLMNR” disabled=no
add chain=forward protocol=udp dst-port=4647 action=drop comment=”" disabled=no
add action=drop chain=forward comment=”SMTP Deny” disabled=no protocol=tcp src-port=25
add action=drop chain=forward comment=”" disabled=no dst-port=25 protocol=tcp

BLOX SPAM
/ip firewall filter add chain=forward dst-port=135-139 protocol=tcp action=drop
/ip firewall filter add chain=forward dst-port=135-139 protocol=udp action=drop
/ip firewall filter add chain=forward dst-port=445 protocol=tcp action=drop
/ip firewall filter add chain=forward dst-port=445 protocol=udp action=drop
/ip firewall filter add chain=forward dst-port=593 protocol=tcp action=drop
/ip firewall filter add chain=forward dst-port=4444 protocol=tcp action=drop
/ip firewall filter add chain=forward dst-port=5554 protocol=tcp action=drop
/ip firewall filter add chain=forward dst-port=9996 protocol=tcp action=drop
/ip firewall filter add chain=forward dst-port=995-999 protocol=udp action=drop
/ip firewall filter add chain=forward dst-port=53 protocol=tcp action=drop
/ip firewall filter add chain=forward dst-port=55 protocol=tcp action=drop

ANTI NETCUT
/ip firewall filter
add action=accept chain=input comment=”ANTI NETCUT” disabled=no dst-port=\ 0-65535 protocol=tcp src-address=61.213.183.1-61.213.183.254
add action=accept chain=input comment=”ANTI NETCUT” disabled=no dst-port=\ 0-65535 protocol=tcp src-address=67.195.134.1-67.195.134.254
add action=accept chain=input comment=”ANTI NETCUT” disabled=no dst-port=\ 0-65535 protocol=tcp src-address=68.142.233.1-68.142.233.254
add action=accept chain=input comment=”ANTI NETCUT” disabled=no dst-port=\ 0-65535 protocol=tcp src-address=68.180.217.1-68.180.217.254
add action=accept chain=input comment=”ANTI NETCUT” disabled=no dst-port=\ 0-65535 protocol=tcp src-address=203.84.204.1-203.84.204.254
add action=accept chain=input comment=”ANTI NETCUT” disabled=no dst-port=\ 0-65535 protocol=tcp src-address=69.63.176.1-69.63.176.254
add action=accept chain=input comment=”ANTI NETCUT” disabled=no dst-port=\ 0-65535 protocol=tcp src-address=69.63.181.1-69.63.181.254
add action=accept chain=input comment=”ANTI NETCUT” disabled=no dst-port=\ 0-65535 protocol=tcp src-address=63.245.209.1-63.245.209.254
add action=accept chain=input comment=”ANTI NETCUT” disabled=no dst-port=\ 0-65535 protocol=tcp src-address=63.245.213.1-63.245.213.254
add action=accept chain=input comment=”ANTI NETCUT” disabled=no dst-port=\ 0-65535 protocol=tcp src-address=173.203.196.1-173.203.196.254

ANTI PORT SCAN
/ip firewall filter
add chain=input protocol=tcp psd=21,3s,3,1 action=add-src-to-address-list address-list=”port scanners” address-list-timeout=2w comment=”Port scanners to list ” disabled=no
add chain=input protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg action=add-src-to-address-list address-list=”port scanners” address-list-timeout=2w comment=”NMAP FIN Stealth scan”
add chain=input protocol=tcp tcp-flags=fin,syn action=add-src-to-address-list address-list=”port scanners” address-list-timeout=2w comment=”SYN/FIN scan”
add chain=input protocol=tcp tcp-flags=syn,rst action=add-src-to-address-list address-list=”port scanners” address-list-timeout=2w comment=”SYN/RST scan”
add chain=input protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack action=add-src-to-address-list address-list=”port scanners” address-list-timeout=2w comment=”FIN/PSH/URG scan”
add chain=input protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg action=add-src-to-address-list address-list=”port scanners” address-list-timeout=2w comment=”ALL/ALL scan”
add chain=input protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg action=add-src-to-address-list address-list=”port scanners” address-list-timeout=2w comment=”NMAP NULL scan”
add chain=input src-address-list=”port scanners” action=drop comment=”dropping port scanners” disabled=no
===========================================

TAMBAHAN
Ingat, urutan dibawah harus tepat…tidak boleh tertukar-tukar…
/ ip firewall filter
add chain=input in-interface=ether1 protocol=tcp dst-port=21 src-address-list=ftp_blacklist action=drop
# accept 10 incorrect logins per minute
/ ip firewall filter
add chain=output action=accept protocol=tcp content=”530 Login incorrect” dst-limit=1/1m,9,dst-address/1m
#add to blacklist
/ ip firewall filter
add chain=output action=add-dst-to-address-list protocol=tcp content=”530 Login incorrect” address-list=ftp_blacklist address-list-timeout=3h
==================================================
Skrip – skrip tersebut adalah skrip yang saya kumpulkan dari http://www.forummikrotik.com
Silahkan di coba dan dikembangkan sendiri ya.. sesuai desain jaringan temen-temen.. keep study! Moga bermanfaat.. CMIIW..  :D

No comments:

Post a Comment