Cara blok virus dan Aktivitas Hacking di mikrotik - Baik Kali ini saya akan membahas cara memfilter virus dan sejenisnya dari jaringan global agar tidak dapat masuk menginfeksi jaringan lokal kita, tutorial ini berfungsi juga untuk memblok aktifitas hacking dari jaringan global ke jaringan lokal kita, pada kasus ini saya akan membahas cara ini dengan menggunakan router mikrotik RB750 yang mana kita akan membahas seputaran masalah Firewall Filter. Tampa memperpanjang mari kita simak tutorial cara blok virus di mikrotik ini. pertama-tama sobat harus sudah mengerti dengan bagaimana sih cara konfigurasi dasar router mikrotik, jika belum dapat melihat artikel saya sebelumnya di Cara setting router Mikrotik RB750 , baik mari kita perhatikan secara seksama script-script yang akan saya paparkan sesudah ini, seperti biasa kita akan menggunakan aplikasi winbox untuk konfigurasi router.
Langkah kerja
1. Buka Aplikasi Winbox seperti cara dibawah ini, silahkan login denga username dan password sobat sendiri
2. Pilih menu New Terminal disebelah kiri program
3. Kemudian Copy Pastekan Script dibawah ini kedalam terminal
/ ip firewall filteradd chain=virus protocol=tcp dst-port=135-139 action=drop comment="Blaster Worm"add chain=virus protocol=udp dst-port=135-139 action=drop comment="Messenger Worm"add chain=virus protocol=tcp dst-port=445 action=drop comment="Blaster Worm"add chain=virus protocol=udp dst-port=445 action=drop comment="Blaster Worm"add chain=virus protocol=tcp dst-port=593 action=drop comment="________"add chain=virus protocol=tcp dst-port=1024-1030 action=drop comment="________"add chain=virus protocol=tcp dst-port=1080 action=drop comment="Drop MyDoom"add chain=virus protocol=tcp dst-port=1214 action=drop comment="________"add chain=virus protocol=tcp dst-port=1363 action=drop comment="ndm requester"add chain=virus protocol=tcp dst-port=1364 action=drop comment="ndm server"add chain=virus protocol=tcp dst-port=1368 action=drop comment="screen cast"add chain=virus protocol=tcp dst-port=1373 action=drop comment="hromgrafx"add chain=virus protocol=tcp dst-port=1377 action=drop comment="cichlid"add chain=virus protocol=tcp dst-port=1433-1434 action=drop comment="Worm"add chain=virus protocol=tcp dst-port=2745 action=drop comment="Bagle Virus"add chain=virus protocol=tcp dst-port=2283 action=drop comment="Dumaru.Y"add chain=virus protocol=tcp dst-port=2535 action=drop comment="Beagle"add chain=virus protocol=tcp dst-port=2745 action=drop comment="Beagle.C-K"add chain=virus protocol=tcp dst-port=3127-3128 action=drop comment="MyDoom"add chain=virus protocol=tcp dst-port=3410 action=drop comment="Backdoor OptixPro"add chain=virus protocol=tcp dst-port=4444 action=drop comment="Worm"add chain=virus protocol=udp dst-port=4444 action=drop comment="Worm"add chain=virus protocol=tcp dst-port=5554 action=drop comment="Drop Sasser"add chain=virus protocol=tcp dst-port=8866 action=drop comment="Drop Beagle.B"add chain=virus protocol=tcp dst-port=9898 action=drop comment="Drop Dabber.A-B"add chain=virus protocol=tcp dst-port=10000 action=drop comment="Drop Dumaru.Y"add chain=virus protocol=tcp dst-port=10080 action=drop comment="Drop MyDoom.B"add chain=virus protocol=tcp dst-port=12345 action=drop comment="Drop NetBus"add chain=virus protocol=tcp dst-port=17300 action=drop comment="Drop Kuang2"add chain=virus protocol=tcp dst-port=27374 action=drop comment="Drop SubSeven"add chain=virus protocol=tcp dst-port=65506 action=drop comment="Drop PhatBot,Agobot, Gaobot"add chain=virus protocol=udp dst-port=12667 action=drop comment="Trinoo" disabled=noadd chain=virus protocol=udp dst-port=27665 action=drop comment="Trinoo" disabled=noadd chain=virus protocol=udp dst-port=31335 action=drop comment="Trinoo" disabled=noadd chain=virus protocol=udp dst-port=27444 action=drop comment="Trinoo" disabled=noadd chain=virus protocol=udp dst-port=34555 action=drop comment="Trinoo" disabled=noadd chain=virus protocol=udp dst-port=35555 action=drop comment="Trinoo" disabled=noadd chain=virus protocol=tcp dst-port=27444 action=drop comment="Trinoo" disabled=noadd chain=virus protocol=tcp dst-port=27665 action=drop comment="Trinoo" disabled=noadd chain=virus protocol=tcp dst-port=31335 action=drop comment="Trinoo" disabled=noadd chain=virus protocol=tcp dst-port=31846 action=drop comment="Trinoo" disabled=noadd chain=virus protocol=tcp dst-port=34555 action=drop comment="Trinoo" disabled=noadd chain=virus protocol=tcp dst-port=35555 action=drop comment="Trinoo" disabled=noadd action=drop chain=forward comment=";;Block W32.Kido - Conficker" disabled=no protocol=udp src-port=135-139,445add action=drop chain=forward comment="" disabled=no dst-port=135-139,445 protocol=udpadd action=drop chain=forward comment="" disabled=no protocol=tcp src-port=135-139,445,593add action=drop chain=forward comment="" disabled=no dst-port=135-139,445,593 protocol=tcpadd action=accept chain=input comment="Allow limited pings" disabled=no limit=50/5s,2 protocol=icmpadd action=accept chain=input comment="" disabled=no limit=50/5s,2 protocol=icmpadd action=drop chain=input comment="drop FTP Brute Forcers" disabled=no dst-port=21 protocol=tcp src-address-list=FTP_BlackListadd action=drop chain=input comment="" disabled=no dst-port=21 protocol=tcp src-address-list=FTP_BlackListadd action=accept chain=output comment="" content="530 Login incorrect" disabled=no dst-limit=1/1m,9,dst-address/1m protocol=tcpadd action=add-dst-to-address-list address-list=FTP_BlackList address-list-timeout=1d chain=output comment="" content="530 Login incorrect" disabled=no protocol=tcpadd action=drop chain=input comment="drop SSH&TELNET Brute Forcers" disabled=no dst-port=22-23 protocol=tcp src-address-list=IP_BlackListadd action=add-src-to-address-list address-list=IP_BlackList address-list-timeout=1d chain=input comment="" connection-state=new disabled=no dst-port=22-23 protocol=tcp src-address-list=SSH_BlackList_3add action=add-src-to-address-list address-list=SSH_BlackList_3 address-list-timeout=1m chain=input comment="" connection-state=new disabled=no dst-port=22-23 protocol=tcp src-address-list=SSH_BlackList_2add action=add-src-to-address-list address-list=SSH_BlackList_2 address-list-timeout=1m chain=input comment="" connection-state=new disabled=no dst-port=22-23 protocol=tcp src-address-list=SSH_BlackList_1add action=add-src-to-address-list address-list=SSH_BlackList_1 address-list-timeout=1m chain=input comment="" connection-state=new disabled=no dst-port=22-23 protocol=tcpadd action=drop chain=input comment="drop port scanners" disabled=no src-address-list=port_scannersadd action=add-src-to-address-list address-list=port_scanners address-list-timeout=2w chain=input comment="" disabled=no protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urgadd action=add-src-to-address-list address-list=port_scanners address-list-timeout=2w chain=input comment="" disabled=no protocol=tcp tcp-flags=fin,synadd action=add-src-to-address-list address-list=port_scanners address-list-timeout=2w chain=input comment="" disabled=no protocol=tcp tcp-flags=syn,rstadd action=add-src-to-address-list address-list=port_scanners address-list-timeout=2w chain=input comment="" disabled=no protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ackadd action=add-src-to-address-list address-list=port_scanners address-list-timeout=2w chain=input comment="" disabled=no protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urgadd action=add-src-to-address-list address-list=port_scanners address-list-timeout=2w chain=input comment="" disabled=no protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
4. Jika sudah memasukkan scrip pada point 3 diatas kedalam terminal, kita dapat melihat output nya pada menu, IP > Firewall > Filter Rules
Baik, sekian dulu tutorial mikrotik untuk saat ini, kita akan membahas hal-hal lain seputar mikrotik pada waktu yang akan datang, salam.
source : proxyintech.com