11/25/13

Setting Firewall Mikrotik Untuk Block Virus dan Serangan Hacker

No comments
Internet merupakan salah satu gerbang utama masuknya virus, hal itu tidak bisa kita pungkiri dalam mengakses internet tiba-tiba komputer kita terdapat banyak virus. Meskipun tidak kita sadari virus itu bisa masuk dalam komputer kita melalui web, video, atau software, maka dari itu kita perlu membuat filter. Adanya fitur firewall dalam router mikrotik menjadi salah satu penangkal kita untuk menghindari masuknya virus.

Saya mempunyai beberapa konfigurasi firewall chain mikrotik untuk menangkal masuknya virus dan serangan hacker dari dunia gaib :D yang akan saya share pada kalian. Okey, perhatikan baik-baik langkah-langkah dibawah

Cara Setting Firewall Mikrotik Untuk Block Virus dan Serangan Hacker


Langkah pertama buka terminal mikrotik kalian, kemudian masukan kode perintah dibawah

ip firewall filter



add chain=virus protocol=tcp dst-port=135-139 action=drop comment="Drop Blaster Worm"



add chain=virus protocol=udp dst-port=135-139 action=drop comment="Drop Messenger Worm"



add chain=virus protocol=tcp dst-port=445 action=drop comment="Drop Blaster Worm"



add chain=virus protocol=udp dst-port=445 action=drop comment="Drop Blaster Worm"



add chain=virus protocol=tcp dst-port=593 action=drop comment="________"



add chain=virus protocol=tcp dst-port=1024-1030 action=drop comment="________"



add chain=virus protocol=tcp dst-port=1080 action=drop comment="Drop MyDoom"



add chain=virus protocol=tcp dst-port=1214 action=drop comment="________"



add chain=virus protocol=tcp dst-port=1363 action=drop comment="ndm requester"



add chain=virus protocol=tcp dst-port=1364 action=drop comment="ndm server"



add chain=virus protocol=tcp dst-port=1368 action=drop comment="screen cast"



add chain=virus protocol=tcp dst-port=1373 action=drop comment="hromgrafx"



add chain=virus protocol=tcp dst-port=1377 action=drop comment="cichlid"



add chain=virus protocol=tcp dst-port=1433-1434 action=drop comment="Worm"



add chain=virus protocol=tcp dst-port=2745 action=drop comment="Bagle Virus"



add chain=virus protocol=tcp dst-port=2283 action=drop comment="Drop Dumaru.Y"



add chain=virus protocol=tcp dst-port=2535 action=drop comment="Drop Beagle"



add chain=virus protocol=tcp dst-port=2745 action=drop comment="Drop Beagle.C-K"



add chain=virus protocol=tcp dst-port=3127-3128 action=drop comment="Drop MyDoom"



add chain=virus protocol=tcp dst-port=3410 action=drop comment="Drop Backdoor OptixPro"



add chain=virus protocol=tcp dst-port=4444 action=drop comment="Worm"



add chain=virus protocol=udp dst-port=4444 action=drop comment="Worm"



add chain=virus protocol=tcp dst-port=5554 action=drop comment="Drop Sasser"



add chain=virus protocol=tcp dst-port=8866 action=drop comment="Drop Beagle.B"



add chain=virus protocol=tcp dst-port=9898 action=drop comment="Drop Dabber.A-B"



add chain=virus protocol=tcp dst-port=10000 action=drop comment="Drop Dumaru.Y"



add chain=virus protocol=tcp dst-port=10080 action=drop comment="Drop MyDoom.B"



add chain=virus protocol=tcp dst-port=12345 action=drop comment="Drop NetBus"



add chain=virus protocol=tcp dst-port=17300 action=drop comment="Drop Kuang2"



add chain=virus protocol=tcp dst-port=27374 action=drop comment="Drop SubSeven"



add chain=virus protocol=tcp dst-port=65506 action=drop comment="Drop PhatBot,Agobot, Gaobot"



add chain=virus protocol=udp dst-port=12667 action=drop comment="Trinoo" disabled=no



add chain=virus protocol=udp dst-port=27665 action=drop comment="Trinoo" disabled=no



add chain=virus protocol=udp dst-port=31335 action=drop comment="Trinoo" disabled=no



add chain=virus protocol=udp dst-port=27444 action=drop comment="Trinoo" disabled=no



add chain=virus protocol=udp dst-port=34555 action=drop comment="Trinoo" disabled=no



add chain=virus protocol=udp dst-port=35555 action=drop comment="Trinoo" disabled=no



add chain=virus protocol=tcp dst-port=27444 action=drop comment="Trinoo" disabled=no



add chain=virus protocol=tcp dst-port=27665 action=drop comment="Trinoo" disabled=no



add chain=virus protocol=tcp dst-port=31335 action=drop comment="Trinoo" disabled=no



add chain=virus protocol=tcp dst-port=31846 action=drop comment="Trinoo" disabled=no



add chain=virus protocol=tcp dst-port=34555 action=drop comment="Trinoo" disabled=no



add chain=virus protocol=tcp dst-port=35555 action=drop comment="Trinoo" disabled=no



add action=drop chain=forward comment=";;Block W32.Kido - Conficker" disabled=no protocol=udp src-port=135-139,445



add action=drop chain=forward comment="" disabled=no dst-port=135-139,445 protocol=udp



add action=drop chain=forward comment="" disabled=no protocol=tcp src-port=135-139,445,593



add action=drop chain=forward comment="" disabled=no dst-port=135-139,445,593 protocol=tcp



add action=accept chain=input comment="Allow limited pings" disabled=no limit=50/5s,2 protocol=icmp



add action=accept chain=input comment="" disabled=no limit=50/5s,2 protocol=icmp



add action=drop chain=input comment="drop FTP Brute Forcers" disabled=no dst-port=21 protocol=tcp src-address-list=FTP_BlackList



add action=drop chain=input comment="" disabled=no dst-port=21 protocol=tcp src-address-list=FTP_BlackList



add action=accept chain=output comment="" content="530 Login incorrect" disabled=no dst-limit=1/1m,9,dst-address/1m protocol=tcp



add action=add-dst-to-address-list address-list=FTP_BlackList address-list-timeout=1d chain=output comment="" content="530 Login incorrect" disabled=no protocol=tcp

add action=drop chain=input comment="drop SSH&TELNET Brute Forcers" disabled=no dst-port=22-23 protocol=tcp src-address-list=IP_BlackList
add action=add-src-to-address-list address-list=IP_BlackList address-list-timeout=1d chain=input comment="" connection-state=new disabled=no dst-port=22-23 protocol=tcp src-address-list=SSH_BlackList_3
add action=add-src-to-address-list address-list=SSH_BlackList_3 address-list-timeout=1m chain=input comment="" connection-state=new disabled=no dst-port=22-23 protocol=tcp src-address-list=SSH_BlackList_2
add action=add-src-to-address-list address-list=SSH_BlackList_2 address-list-timeout=1m chain=input comment="" connection-state=new disabled=no dst-port=22-23 protocol=tcp src-address-list=SSH_BlackList_1
add action=add-src-to-address-list address-list=SSH_BlackList_1 address-list-timeout=1m chain=input comment="" connection-state=new disabled=no dst-port=22-23 protocol=tcp
add action=drop chain=input comment="drop port scanners" disabled=no src-address-list=port_scanners
add action=add-src-to-address-list address-list=port_scanners address-list-timeout=2w chain=input comment="" disabled=no protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg
add action=add-src-to-address-list address-list=port_scanners address-list-timeout=2w chain=input comment="" disabled=no protocol=tcp tcp-flags=fin,syn
add action=add-src-to-address-list address-list=port_scanners address-list-timeout=2w chain=input comment="" disabled=no protocol=tcp tcp-flags=syn,rst
add action=add-src-to-address-list address-list=port_scanners address-list-timeout=2w chain=input comment="" disabled=no protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack
add action=add-src-to-address-list address-list=port_scanners address-list-timeout=2w chain=input comment="" disabled=no protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg
add action=add-src-to-address-list address-list=port_scanners address-list-timeout=2w chain=input comment="" disabled=no protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg

Selesai, sekarang jaringan kita sudah cukup aman menghadapi virus dan serangan hacker. Saya tidak berani menjamin 100% aman karena kita semua faham diatas langit masih ada langit ;) - semoga membantu

No comments :

Post a Comment

Silahkan tulis kritik, saran dan pertanyaan kalian.

Notice :
Tolong jangan gunakan nama Anonymous, gunakanlah Name/URL, Google ID, Wordpress ID, Tyepad dll. Mohon pengertiannya untuk menghindari spam, bagi yang masih ngeyel mengunakan anonymous terpaksa komentar kami hapus.

- Terima Kasih