Catatan Belajar

welcome

Beruntung sekali seorang anak muda meninggal dgn brjuta-juta pahala, Malang kali seorang manusia yg meninggal dgn secuil pahala, Berilah hamba kaya akan ridhoMu ya Allah.

Wednesday, June 30, 2010

Rule Firewall Mikrotik blok Conficker

rule conficker by xxvr

1. besarkan memory cache
/ip dns set cache-size=20480


2. Buat schedule untuk auto flush dns cache
:local a [ /ip dns get cache-used ];
:if ($a>=2048) do { /ip dns cache flush };


3. IP yang scr-conficker
/ip firewall address
add address=64.70.19.33 list=conficker
add address=66.90.81.140 list=conficker
add address=72.167.51.186 list=conficker
add address=74.208.46.216 list=conficker
add address=74.208.64.145 list=conficker
add address=83.68.16.6 list=conficker
add address=97.74.200.45 list=conficker
add address=143.215.143.11 list=conficker
add address=149.20.56.32 list=conficker
add address=199.2.137.252 list=conficker
add address=205.188.161.4 list=conficker
add address=221.7.91.31 list=conficker



4. firewall untuk mencari conficker yang bersarang pada pc Client
/ip firewall filter
add chain=forward action=add-src-to-address-list dst-address-list=conficker address-list=src-conficker address-list-timeout=3d comment="ADD to address-list src-conficker"



5. time out conficker pada add list
/ip firewall filter print

chain=forward action=add-src-to-address-list dst-address-list=conficker address-list=src-conficker address-list-timeout=3d
chain=forward action=jump jump-target=tcp protocol=tcp
chain=forward action=jump jump-target=udp protocol=udp
chain=forward action=jump jump-target=icmp protocol=icmp





/ip firewall filter
add chain=forward in-interface=Wan out-interface=Lan dst-address=192.168.1.30/24 action=accept comment="Allow semua akses internet to client" disabled=no
add chain=input in-interface=Wan protocol=tcp dst-port=8291 action=accept comment="Allow Remote winbox dari Publik" disabled=no
add chain=input in-interface=Wan protocol=udp src-port=53 action=accept comment="Allow DNS Traffic" disabled=no
add chain=input in-interface=Wan protocol=icmp action=accept comment="Allow Ping Traceroute Traffic" disabled=no
add chain=input in-interface=Wan connection-state=new action=add-src-to-address-list address-list=spam address-list-timeout=30m comment="Log Ip Yang Di Tolak" disabled=no
add chain=input in-interface=Wan action=drop comment="Drop Semua Akses yang tidak di ijinkan" disabled=no




6. untuk remove duplicate rule conficker.

:if ( [:pick $line 0 1] != "\n" ) do={
:local entry [:pick $line 0 ($lineEnd ) ]
:if ( [:len $entry ] > 0 ) do={
:local listip [:resolve "$entry"]
:if ($listip != "failure" ) do={
:if ((/ip firewall address-list find list=daily-conficker address=$listip) = "") do={
/ip firewall address-list add list=daily-conficker address=$listip comment=$entry
:log info "$listip"
} else={:log info "duplicate IP $entry"}
}
}
}
} while ($lineEnd < $contentLen)
}
:log info "Address List Modification Complete"

#cleaning up
/file remove "$month-$day-$year.txt"
Posted by at
Labels:

4 comments:

  1. sujokoAugust 1, 2010 at 8:22 AM

    booosssss,,,,

    tolong posting belajar microtic untuk pemula dunk,,,

    yang ini super pemula soalnya,,

    ReplyDelete
  2. AkangrubyJanuary 21, 2012 at 7:15 PM

    http://www.4shared.com/office/A3rE8tsY/0_mtcna-0911.html?

    ReplyDelete

Subscribe to: Post Comments (Atom)