header4.jpg

Archive

Posts Tagged ‘blok virus mikrotik’

Tips Cegah Virus Dengan Mikrotik

January 9th, 2010 boled 3 comments

Untuk melindungi network user, kita harus memeriksa semua traffic yang melewati router dan blok yang tidak diinginkan.Untuk traffic ICMP, TCP, UDP kita akan membuat chain dimana akan melakukan DROP untuk paket-paket yang tidak diinginkan.

/ip firewall filter
add chain=forward connection-state=established comment=”allow established connections”
add chain=forward connection-state=related comment=”allow related connections”
add chain=forward connection-state=invalid action=drop comment=”drop invalid connections”

firewal1

Untuk mencegah Jaringan LAN dari virus :)   input dan forward nya bisa disesuaikan dengan kebutuhan

add action=jump chain=forward comment=”PREVENT VIRUS COME FROM LOCAL NETWORK” \
disabled=no in-interface=ether-local jump-target=viruses
add action=jump chain=forward comment=\
“PREVENT VIRUS COME FROM PUBLIC INTERNET NETWORK” disabled=no \
in-interface=ether-public jump-target=viruses
add action=jump chain=input comment=”PREVENT VIRUS COME FROM LAN” disabled=no \
in-interface=ether-local jump-target=viruses
add action=jump chain=input comment=”PREVENT VIRUS COME FROM PUBLIC INTERNET” \
disabled=no in-interface=ether-public jump-target=viruses
add action=jump chain=viruses comment=”Jump to handle virus from TCP port” \
disabled=no jump-target=tcp-viruses protocol=tcp
add action=jump chain=viruses comment=”Jump to handle virus from UDP port” \
disabled=no jump-target=udp-viruses protocol=udp
add action=return chain=viruses comment=”Back to previous rules” disabled=no



Script Hemat untuk blok Netbios di windows sumber muasal Confliker disini :

/ip fi fi
add action=drop chain=forward comment="Conficker Filter" disabled=no dst-port=135-139,445 protocol=tcp
add action=drop chain=forward disabled=no protocol=tcp src-port=135-139,445
add action=drop chain=forward disabled=no dst-port=135-139,445 protocol=udp
add action=drop chain=forward disabled=no protocol=udp src-port=135-139,445
add action=add-dst-to-address-list address-list=conficker address-list-timeout=0s chain=forward disabled=no dst-port=135-139,445 protocol=tcp
add action=add-dst-to-address-list address-list=conficker address-list-timeout=0s chain=forward disabled=no protocol=tcp src-port=135-139,445
add action=add-dst-to-address-list address-list=conficker address-list-timeout=0s chain=forward disabled=no dst-port=135-139,445 protocol=udp
add action=add-dst-to-address-list address-list=conficker address-list-timeout=0s chain=forward disabled=no protocol=udp src-port=135-139,445
add action=drop chain=forward disabled=no src-address-list=conficker

tambahan :

21   chain=virus action=drop protocol=1tcp dst-port=135K-139K
22   chain=virus action=drop protocol=6icmp dst-port=135K-139K
23   chain=virus action=drop protocol=tcp dst-port=445K
24   chain=virus action=drop protocol=ICMP dst-port=445K
25   chain=virus action=drop protocol=tcp dst-port=593K
26   chain=virus action=drop protocol=tcp dst-port=1024K-1030K
27   chain=virus action=drop protocol=tcp dst-port=1080K
28   chain=virus action=drop protocol=1tcp dst-port=1214K
29   chain=virus action=drop protocol=1tcp dst-port=1364K
25   chain=virus action=drop protocol=1tcp dst-port=593K
26   chain=virus action=drop protocol=1tcp dst-port=1024K-1030K
27   chain=virus action=drop protocol=1tcp dst-port=1080K
28   chain=virus action=drop protocol=1tcp dst-port=1214K
29   chain=virus action=drop protocol=1tcp dst-port=1364K
30   chain=virus action=drop protocol=6icmp dst-port=1364K
31   chain=virus action=drop protocol=1tcp dst-port=1368k
32   chain=virus action=drop protocol=1tcp dst-port=1373k
33   chain=virus action=drop protocol=1tcp dst-port=1377k
34   chain=virus action=drop protocol=1tcp dst-port=1433k-1434k
35   chain=virus action=drop protocol=1tcp dst-port=2745k
36   chain=virus action=drop protocol=1tcp dst-port=2283k
37   chain=virus action=drop protocol=1tcp dst-port=2535k
38   chain=virus action=drop protocol=1tcp dst-port=2745k
39   chain=virus action=drop protocol=1tcp dst-port=3127-3128k
40   chain=virus action=drop protocol=1tcp dst-port=3410k
41   chain=virus action=drop protocol=1tcp dst-port=4444k
42   chain=virus action=drop protocol=icmp dst-port=4444k
43   chain=virus action=drop protocol=1tcp dst-port=5554k
44   chain=virus action=drop protocol=1tcp dst-port=8866k
45   chain=virus action=drop protocol=1tcp dst-port=9898k
46   chain=virus action=drop protocol=1tcp dst-port=10000k
47   chain=virus action=drop protocol=1udp dst-port=10000k
48   chain=virus action=drop protocol=1tcp dst-port=12345k
49   chain=virus action=drop protocol=1tcp dst-port=17306k
50   chain=virus action=drop protocol=1tcp dst-port=27374k
51   chain=virus action=drop protocol=1tcp dst-port=65500k

Diatas kita telah dapatkan daftar rule untuk memfilter paket-paket dari protocol dan posrt yang merupakan berasal dari Virus ataupun Trojan. Daftar diatas belum komplit, kita bisa mendapatkan rule-rule tambahan dari berbagai sumber, tapi setidaknya rule diatas dapat menjadi awal.

Agar paket dari chain forward dapat menuju ke chain virus kita dapat menererapkan action=jump, seperti rule dibawah ini :
add chain=forward action=jump jump-target=virus comment=”jump to the virus chain”

Bila paket yang ter-jump ke chain virus tidak ter-filter, maka paket tersebut akan dikembalikan ke chain forward.
Kita dapat dengan mudah menambahkan rule yang membolehkan udp dan ping dan drop yang lainnnya (jika tidak ada service pada network user yang perlu diakses dari network luar) :
add chain=forward protocol=icmp comment=”allow ping”
add chain=forward protocol=udp comment=”allow udp”
add chain=forward action=drop comment=”drop everything else”

Sumber : http://www.forummikrotik.com

Categories: Komputer, Mikrotik, Networking, Tips dan Trik Tags: ,
Uses wordpress plugins developed by www.wpdevelop.com wp_footer();