Sunday, January 3, 2016

Securing Mikrotik From DDOS

Securing Mikrotik From DDOS

This configuration for securing Mikrotik from DDOS Scaner Etc. May be usefull information

ip firewall filter add chain=input protocol=tcp dst-port=1337 action= add-src-to-address-list address-list=knock address-list-timeout=15s comment=”” disabled=no


ip firewall filter add chain=input protocol=tcp dst-port=7331 src-address-list=knock action= add-src-to-address-list address-list=safe address-list-timeout=15m comment=”” disabled=no

ip firewall filter add chain=input connection-state=established action=accept comment=”accept established connection packets” disabled=no
ip firewall filter add chain=input connection-state=related action=accept comment=”accept related connection packets” disabled=no
ip firewall filter add chain=input connection-state=invalid action=drop comment=”drop invalid packets” disabled=no

ip firewall filter add chain=input protocol=tcp psd=21,3s,3,1 action=drop comment=”detect and drop port scan connections” disabled=no
ip firewall filter add chain=input protocol=tcp connection-limit=3,32 src-address-list=black_list action=tarpit comment=”suppress DoS attack” disabled=no
ip firewall filter add chain=input protocol=tcp connection-limit=10,32 action=add-src-to-address-list address-list=black_list address-list-timeout=1d comment=”detect DoS attack” disabled=no

ip firewall filter add chain=input protocol=icmp action=jump jump-target=ICMP comment=”jump to chain ICMP” disabled=no
ip firewall filter add chain=input action=jump jump-target=services comment=”jump to chain services” disabled=no

ip firewall filter add chain=input dst-address-type=broadcast action=accept comment=”Allow Broadcast Traffic” disabled=no

ip firewall filter add chain=input action=log log-prefix=”Filter:” comment=”” disabled=no

ip firewall filter add chain=input src-address=Ip-dari-isp action=accept comment=”Allow access to router from known network”
ip firewall filter add chain=input src-address=Ip-LAN-Kamu action=accept
ip firewall filter add chain=input src-address=Ip-yang-kamu-anggap-aman action=accept
ip firewall filter add chain=input action=drop comment=”drop everything else” disabled=no

ip firewall filter add chain=ICMP protocol=icmp icmp-options=0:0-255 limit=5,5 action=accept comment=”0:0 and limit for 5pac/s” disabled=no
ip firewall filter add chain=ICMP protocol=icmp icmp-options=3:3 limit=5,5 action=accept comment=”3:3 and limit for 5pac/s” disabled=no
ip firewall filter add chain=ICMP protocol=icmp icmp-options=3:4 limit=5,5 action=accept comment=”3:4 and limit for 5pac/s” disabled=no
ip firewall filter add chain=ICMP protocol=icmp icmp-options=8:0-255 limit=5,5 action=accept comment=”8:0 and limit for 5pac/s” disabled=no
ip firewall filter add chain=ICMP protocol=icmp icmp-options=11:0-255 limit=5,5 action=accept comment=”11:0 and limit for 5pac/s” disabled=no
ip firewall filter add chain=ICMP protocol=icmp action=drop comment=”Drop everything else” disabled=no

ip firewall filter add chain=services src-address-list=127.0.0.1 dst-address=127.0.0.1 action=accept comment=”accept localhost” disabled=no
ip firewall filter add chain=services protocol=udp dst-port=20561 action=accept comment=”allow MACwinbox ” disabled=no
ip firewall filter add chain=services protocol=tcp dst-port=2000 action=accept comment=”Bandwidth server” disabled=yes
ip firewall filter add chain=services protocol=udp dst-port=5678 action=accept comment=” MT Discovery Protocol” disabled=no
ip firewall filter add chain=services protocol=tcp dst-port=161 action=accept comment=”allow SNMP” disabled=no
ip firewall filter add chain=services protocol=tcp dst-port=179 action=accept comment=”Allow BGP” disabled=yes
ip firewall filter add chain=services protocol=udp dst-port=5000-5100 action=accept comment=”allow BGP” disabled=yes
ip firewall filter add chain=services protocol=udp dst-port=123 action=accept comment=”Allow NTP” disabled=yes
ip firewall filter add chain=services protocol=tcp dst-port=1723 action=accept comment=”Allow PPTP” disabled=yes
ip firewall filter add chain=services protocol=gre action=accept comment=”allow PPTP and EoIP” disabled=yes
ip firewall filter add chain=services protocol=tcp dst-port=53 action=accept comment=”allow DNS request” disabled=no
ip firewall filter add chain=services protocol=udp dst-port=53 action=accept comment=”Allow DNS request” disabled=no
ip firewall filter add chain=services protocol=udp dst-port=1900 action=accept comment=”UPnP” disabled=yes
ip firewall filter add chain=services protocol=tcp dst-port=2828 action=accept comment=”UPnP” disabled=yes
ip firewall filter add chain=services protocol=udp dst-port=67-68 action=accept comment=”allow DHCP” disabled=yes
ip firewall filter add chain=services protocol=tcp dst-port=8080 action=accept comment=”allow Web Proxy” disabled=yes
ip firewall filter add chain=services protocol=ipencap action=accept comment=”allow IPIP” disabled=yes
ip firewall filter add chain=services protocol=tcp dst-port=443 action=accept comment=”allow https for Hotspot” disabled=yes
ip firewall filter add chain=services protocol=tcp dst-port=1080 action=accept comment=”allow Socks for Hotspot” disabled=yes
ip firewall filter add chain=services protocol=udp dst-port=500 action=accept comment=”allow IPSec connections” disabled=yes
ip firewall filter add chain=services protocol=ipsec-esp action=accept comment=”allow IPSec” disabled=yes
ip firewall filter add chain=services protocol=ipsec-ah action=accept comment=”allow IPSec” disabled=yes
ip firewall filter add chain=services protocol=ospf action=accept comment=”allow OSPF” disabled=yes
ip firewall filter add chain=services action=return comment=”” disabled=no

ip firewall filter add chain=forward connection-state=established comment=”allow established connections”
ip firewall filter add chain=forward connection-state=related comment=”allow related connections”
ip firewall filter add chain=forward connection-state=invalid action=drop comment=”drop invalid connections”

ip firewall filter add chain=virus protocol=tcp dst-port=135-139 action=drop comment=”Drop Blaster Worm”
ip firewall filter add chain=virus protocol=udp dst-port=135-139 action=drop comment=”Drop Messenger Worm”
ip firewall filter add chain=virus protocol=tcp dst-port=445 action=drop comment=”Drop Blaster Worm”
ip firewall filter add chain=virus protocol=udp dst-port=445 action=drop comment=”Drop Blaster Worm”
ip firewall filter add chain=virus protocol=tcp dst-port=593 action=drop comment=”Virus”
ip firewall filter add chain=virus protocol=tcp dst-port=1024-1030 action=drop comment=”Virus”
ip firewall filter add chain=virus protocol=tcp dst-port=1080 action=drop comment=”Drop MyDoom”
ip firewall filter add chain=virus protocol=tcp dst-port=1214 action=drop comment=”Virus”
ip firewall filter add chain=virus protocol=tcp dst-port=1363 action=drop comment=”ndm requester”
ip firewall filter add chain=virus protocol=tcp dst-port=1364 action=drop comment=”ndm server”
ip firewall filter add chain=virus protocol=tcp dst-port=1368 action=drop comment=”screen cast”
ip firewall filter add chain=virus protocol=tcp dst-port=1373 action=drop comment=”hromgrafx”
ip firewall filter add chain=virus protocol=tcp dst-port=1377 action=drop comment=”cichlid”
ip firewall filter add chain=virus protocol=tcp dst-port=1433-1434 action=drop comment=”Worm”
ip firewall filter add chain=virus protocol=tcp dst-port=2745 action=drop comment=”Bagle Virus”
ip firewall filter add chain=virus protocol=tcp dst-port=2283 action=drop comment=”Drop Dumaru.Y”
ip firewall filter add chain=virus protocol=tcp dst-port=2535 action=drop comment=”Drop Beagle”
ip firewall filter add chain=virus protocol=tcp dst-port=2745 action=drop comment=”Drop Beagle.C-K”
ip firewall filter add chain=virus protocol=tcp dst-port=3127-3128 action=drop comment=”Drop MyDoom”
ip firewall filter add chain=virus protocol=tcp dst-port=3410 action=drop comment=”Drop Backdoor OptixPro”
ip firewall filter add chain=virus protocol=tcp dst-port=4444 action=drop comment=”Worm”
ip firewall filter add chain=virus protocol=udp dst-port=4444 action=drop comment=”Worm”
ip firewall filter add chain=virus protocol=tcp dst-port=5554 action=drop comment=”Drop Sasser”
ip firewall filter add chain=virus protocol=tcp dst-port=6881-6889 action=drop comment=”Virus”
ip firewall filter add chain=virus protocol=tcp dst-port=8866 action=drop comment=”Drop Beagle.B”
ip firewall filter add chain=virus protocol=tcp dst-port=9898 action=drop comment=”Drop Dabber.A-B”
ip firewall filter add chain=virus protocol=tcp dst-port=10000 action=drop comment=”Drop Dumaru.Y”
ip firewall filter add chain=virus protocol=tcp dst-port=10080 action=drop comment=”Drop MyDoom.B”
ip firewall filter add chain=virus protocol=tcp dst-port=12345 action=drop comment=”Drop NetBus”
ip firewall filter add chain=virus protocol=tcp dst-port=17300 action=drop comment=”Drop Kuang2″
ip firewall filter add chain=virus protocol=tcp dst-port=27374 action=drop comment=”Drop SubSeven”
ip firewall filter add chain=virus protocol=tcp dst-port=65506 action=drop comment=”Drop PhatBot, Agobot, Gaobot”

ip firewall filter add chain=forward action=jump jump-target=virus comment=”jump to the virus chain”

ip firewall filter add chain=forward protocol=icmp comment=”allow ping”
ip firewall filter add chain=forward protocol=udp comment=”allow udp”
ip firewall filter add chain=forward src-address=Ip-dari-isp action=accept comment=”Allow access to internet from known network”
ip firewall filter add chain=forward src-address=Ip-LAN-Kamu action=accept
ip firewall filter add chain=forward src-address=Ip-yang-kamu-anggap-aman action=accept
ip firewall filter add chain=forward action=drop comment=”drop everything else”
Baca Juga Genghis Khan Split Channel Bandwith Motor Fast Without Cost Carburetor Setting Configuration Webhtb Ubuntu Securing Mikrotik From DDOS Setting Connections Invalid Click Adsense Membuat Game Sederhana Bermain Gitar Cara Mendaftar Google Adsense Cara Memelihara Aglaonema Budidaya Aglaonema Mastering Burung Beternak Burung Kenari Manfaat Sayur Dan Buah Cara Berhenti Merokok Cara Merawat Motor Asma Hiperemesis Graviadrium Tetanus Diabetes Rheumatik Tuberculosis Diare Kota Banyumas Hidup Sehat Meringankan Windows Memperbaiki File Membuat Batu Bacan Membuat Blog Seal Online Instal Komputer Dan Laptop Dragon Nest Age Of Empire II
Source Article Information