MikroTik merupakan salah satu router yang cukup handal untuk menangani kebutuhan di jaringan Anda. Dengan beberapa fitur diantaranya management bandwidth, ip firewall, web proxy, loadbalancing server membuat MikroTik banyak digunakan sebagai router di Warnet, Kantor, RTRW Net, sekolah, dan di perumahan.
Di bawah ini saya akan sedikit berbagi script untuk mengamankan MikroTik dari port scanner, DDOS dan netcut. Anda tinggal copy pastekan script di bawah ini pada Terminal Winbox Anda, dan MikroTik Anda akan bertambah tebal dinding keamanannya. No system was secure, so pelajari terus security di MikroTik Anda!!
Scriptnya:
/ip firewall filter
add action=add-src-to-address-list address-list=DDOS address-list-timeout=15s \ chain=input comment="" disabled=no dst-port=1337 protocol=tcp
add action=add-src-to-address-list address-list=DDOS address-list-timeout=15m \ chain=input comment="" disabled=no dst-port=7331 protocol=tcp src-address-list=knock
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w \ chain=input comment="Port scanners to list " disabled=no protocol=tcp psd=21,3s,3,1
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w \ chain=input comment="SYN/FIN scan" disabled=no protocol=tcp tcp-flags=fin,syn
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w \ chain=input comment="SYN/RST scan" disabled=no protocol=tcp tcp-flags=syn,rst
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w \ chain=input disabled=no tcp-flags=fin,psh,urg,!syn,!rst,!ack protocol=tcp \ comment="FIN/PSH/URG scan"
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w \ chain=input disabled=no protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg \
comment="ALL/ALL scan"
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w \ chain=input tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg comment="NMAP NULL scan" \ disabled=no protocol=tcp
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w \ chain=input comment="NMAP FIN Stealth scan" disabled=no protocol=tcp
add action=accept chain=input comment="ANTI NETCUT" disabled=no dst-port=0-65535 \ protocol=tcp src-address=...........................
add action=accept chain=input comment="ANTI NETCUT" disabled=no dst-port=0-65535 \ protocol=tcp src-address=..................................
add action=accept chain=input comment="ANTI NETCUT" disabled=no dst-port=0-65535 \ protocol=tcp src-address=.....................
add action=accept chain=input comment="ANTI NETCUT" disabled=no dst-port=0-65535 \ protocol=tcp src-address=......................
add action=accept chain=input comment="ANTI NETCUT" disabled=no dst-port=0-65535 \ protocol=tcp src-address=203.84.204.1-203.84.204.254
add action=accept chain=input comment="ANTI NETCUT" disabled=no dst-port=0-65535 \ protocol=tcp src-address=.................................
add action=accept chain=input comment="ANTI NETCUT" disabled=no dst-port=0-65535 \ protocol=tcp src-address=.................
add action=accept chain=input comment="ANTI NETCUT" disabled=no dst-port=0-65535 \ protocol=tcp src-address=.........
add action=accept chain=input comment="ANTI NETCUT" disabled=no dst-port=0-65535 \ protocol=tcp src-address=...........
Catatan :
- Yang ada tanda titik-titik mohon di isi range alamat IP LAN anda
Contact Me
Popular post
-
filetype:htpasswd htpasswd intitle:"Index of? .htpasswd? -intitle:"dist -apache -htpasswd.c index.of.private (algo privado) ...
Contact :
Creating Website | Email : agendoza404@gmail.com
Copyright © 2016. Erwin Eshan Firas - All Rights Reserved
Copyright © 2016. Erwin Eshan Firas - All Rights Reserved
Posting Komentar