Step 2, Security.
Setup username and
password
user set 0 name=ngeri password=ngeri
group=full
user add name=user01 password=password group:
read
Don’t use default user admin. Look at what I have done. I
change the default user to be other user name. Don't forget to setup the
password. It will make your mikrotik more secure.
Setup Firewall.
by grouping IP networks will make it easier to configure
the firewall later.
/ip firewall address-list
add address=10.17.123.0/24 disabled=no
list=IP-LAN
add address=10.254.128.0/22 disabled=no
list=IP-LAN
add address=1xx.9x.xx.xx/27 disabled=no list=full-trust
add address=1xx.1xx.xx.xx disabled=no list=full-trust
add address=0.0.0.0/8 disabled=no
list=local-untrust
add address=192.168.0.0/16 disabled=no
list=local-untrust
add address=127.0.0.0/8 disabled=no
list=local-untrust
add address=224.0.0.0/3 disabled=no
list=local-untrust
add address=172.16.0.0/12 disabled=no
list=local-untrust
add address=1xx.0.0.0/8 disabled=no
list=half-trust
add address=2xx.0.0.0/8 disabled=no
list=half-trust
add address=1xx.0.0.0/8 disabled=no list=half-trust
add address=3x.0.0.0/8 disabled=no list=half-trust
Drop IP address Local unused or untrusted
/ip firewall filter
add action=drop chain=forward
comment="Drop Local Untrust" disabled=no \
src-address-list=local-untrust
add action=drop chain=forward disabled=no
dst-address-list=local-untrust
Drop Connection invalid.
add action=drop chain=forward
comment="drop invalid connections" \
connection-state=invalid disabled=no
add action=accept chain=forward
connection-state=established disabled=no
add action=accept chain=forward
comment="allow related connections" \
connection-state=related disabled=no
For
communication Mikrotik with other DNS Server
add action=accept chain=input disabled=no
dst-port=53,5353 protocol=udp
add action=accept chain=input disabled=no
dst-port=53,5353 protocol=tcp
10.17.123.10 is
IP address for cacti. Cacti need port 22 (ssh) and port 161 (snmp). Trust everything from 10.17.123.10.
add action=accept chain=input disabled=no src-address=10.17.123.10
And this is it,
rules for IP addresses, 10.17.123.6. Users not need to know about this IP. But
if one day users know about this IP address, we can identify who is connected
to the IP address. There is a rule to the make records every IP address that
accesses to the IP 10.17.123.6. According this results, we can analize IP
address that should be blocked.
add action=add-src-to-address-list
address-list=IP_connect_to_graph \
address-list-timeout=0s chain=input disabled=no dst-address=10.17.123.6
\
dst-port=80 in-interface=LAN protocol=tcp src-address=10.254.128.0/22
add action=accept chain=input disabled=no
dst-address=10.17.123.6 dst-port=80 \
in-interface=LAN protocol=tcp src-address=10.254.128.0/22
add action=drop chain=input disabled=no
dst-address=10.17.123.6
Now about the security of the interface WAN. First, we limit IP address that will be connected to the router mikrotik. We just allow IP addresses that exist in half-trust group.
add action=drop chain=input disabled=no in-interface=WAN protocol=tcp \
src-address-list=!half-trust
Identify the IP
address of scanner then do blacklist
add action=add-src-to-address-list
address-list="port scanners" \
address-list-timeout=2w chain=input comment="Port scanners to list
" \
disabled=no protocol=tcp psd=21,3s,3,1
add action=add-src-to-address-list
address-list="port scanners" \
address-list-timeout=2w chain=input comment="NMAP FIN Stealth
scan" \
disabled=no protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg
add action=add-src-to-address-list
address-list="port scanners" \
address-list-timeout=2w chain=input comment="SYN/FIN scan"
disabled=no \
protocol=tcp tcp-flags=fin,syn
add action=add-src-to-address-list
address-list="port scanners" \
address-list-timeout=2w chain=input comment="SYN/RST scan"
disabled=no \
protocol=tcp tcp-flags=syn,rst
add action=add-src-to-address-list address-list="port
scanners" \
address-list-timeout=2w chain=input comment="FIN/PSH/URG scan"
disabled=\
no
protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack
add action=add-src-to-address-list
address-list="port scanners" \
address-list-timeout=2w chain=input comment="ALL/ALL scan"
disabled=no \
protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg
add action=add-src-to-address-list
address-list="port scanners" \
address-list-timeout=2w chain=input comment="NMAP NULL scan"
disabled=no \
protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
add action=drop chain=input
comment="dropping port scanners" disabled=no \
src-address-list="port scanners"
Limited Ping Flooding
add action=accept chain=icmp
comment="Limited Ping Flood" disabled=no \
icmp-options=0:0-255 limit=5,5 protocol=icmp
add action=accept chain=icmp disabled=no
icmp-options=3:3 limit=5,5 protocol=\
icmp
add action=accept chain=icmp disabled=no
icmp-options=3:4 limit=5,5 protocol=\
icmp
add action=accept chain=icmp disabled=no
icmp-options=8:0-255 limit=5,5 \
protocol=icmp
add action=accept chain=icmp disabled=no
icmp-options=11:0-255 limit=5,5 \
protocol=icmp
add action=drop chain=icmp disabled=no
protocol=icmp
add action=drop chain=input
comment="drop ssh brute forcers" disabled=no \
add
action=accept chain=input disabled=no in-interface=WAN src-address-list=\
full-trust
add action=drop chain=input comment="drop
ssh brute forcers" disabled=no \
dst-port=22,8291 protocol=tcp src-address-list=ssh_blacklist
add action=add-src-to-address-list
address-list=ssh_blacklist \
address-list-timeout=1w3d chain=input connection-state=new disabled=no \
dst-port=22,8291 protocol=tcp src-address-list=ssh_stage3
add action=add-src-to-address-list
address-list=ssh_stage3 \
address-list-timeout=1m chain=input connection-state=new disabled=no \
dst-port=22,8291 protocol=tcp src-address-list=ssh_stage2
add action=add-src-to-address-list
address-list=ssh_stage2 \
address-list-timeout=1m chain=input connection-state=new disabled=no \
dst-port=22,8291 protocol=tcp src-address-list=ssh_stage1
add action=add-src-to-address-list
address-list=ssh_stage1 \
address-list-timeout=1m
chain=input connection-state=new disabled=no \
dst-port=22,8291 protocol=tcp src-address-list=!half-trust
add action=drop chain=forward
comment="drop ssh brute downstream" disabled=no \
src-address-list=ssh_blacklist
add action=drop chain=input disabled=no
protocol=tcp in-interface=WAN \
dst-port=!53,5353,22,8291
Just allow to access to ports 22 and 8291, from the interface LAN network.
add action=drop chain=input disabled=no
dst-port=!22,8291 in-interface=LAN \
protocol=tcp
Close the ports indicate viruses and malware. Be careful. Make sure the
port services that you need and import is not blocked.
add action=jump chain=forward disabled=no
jump-target=udp protocol=udp
add action=jump chain=forward
comment="Separate Protocol into Chains" \
disabled=no jump-target=tcp protocol=tcp
add action=jump chain=forward disabled=no
jump-target=icmp protocol=icmp
add action=jump chain=forward
comment="jump to the virus chain" disabled=no \
jump-target=virus
add action=drop chain=udp
comment="Bloking UDP Packet, deny TFTP" disabled=no \
dst-port=69 protocol=udp
add action=drop chain=udp comment="deny
PRC portmapper" disabled=no dst-port=\
111
protocol=udp
add action=drop chain=udp comment="deny
PRC portmapper" disabled=no dst-port=\
135,445 protocol=udp
add action=drop chain=udp comment="deny
NBT" disabled=no dst-port=137-139 \
protocol=udp
add action=drop chain=udp comment="deny
NFS" disabled=no dst-port=2049 \
protocol=udp
add action=drop chain=udp comment="deny
BackOriffice" disabled=no dst-port=\
3133 protocol=udp
add action=drop chain=tcp
comment="Bloking TCP Packet, deny TFTP" disabled=no \
dst-port=67-69 protocol=tcp
add action=drop chain=tcp comment="deny
RPC portmapper" disabled=no dst-port=\
111
protocol=tcp
add action=drop chain=tcp disabled=yes
dst-port=119 protocol=tcp
add action=drop chain=tcp comment="deny
RPC portmapper" disabled=no dst-port=\
135
protocol=tcp
add action=drop chain=tcp comment="deny
NBT" disabled=no dst-port=137-139 \
protocol=tcp
add action=drop chain=tcp comment="deny
cifs" disabled=no dst-port=445 \
protocol=tcp
add action=drop chain=tcp comment="deny
NFS" disabled=no dst-port=2049 \
protocol=tcp
add action=drop chain=tcp
comment="deny BackOriffice"
disabled=no dst-port=\
3133 protocol=tcp
add action=drop chain=tcp comment="deny
NetBus" disabled=no dst-port=20034 \
protocol=tcp
add action=drop chain=tcp comment="Drop
NetBus" disabled=no dst-port=\
12345-12346 protocol=tcp
add action=drop chain=virus comment=\
"________ And there are port that indicate virus" disabled=no
dst-port=\
593
protocol=tcp
add action=drop chain=virus
comment="________ & Remote Storm" disabled=no \
dst-port=1024-1030 protocol=tcp
add action=drop chain=virus comment=________
disabled=no dst-port=1214 \
protocol=tcp
add action=drop chain=virus comment="ndm
requester & ndm server" disabled=no \
dst-port=1363-1364 protocol=tcp
add action=drop chain=virus
comment="screen cast" disabled=no dst-port=1368 \
protocol=tcp
add action=drop chain=virus comment=hromgrafx
disabled=no dst-port=1373 \
protocol=tcp
add action=drop chain=virus comment=cichlid
disabled=no dst-port=1377 \
protocol=tcp
add action=drop chain=virus comment=Worm
disabled=no dst-port=1433-1434 \
protocol=tcp
add action=drop chain=virus
comment="Bagle Virus" disabled=no dst-port=2745 \
protocol=tcp
add action=drop chain=virus
comment="Drop Beagle" disabled=no dst-port=2535 \
protocol=tcp
add action=drop chain=virus
comment="Drop MyDoom" disabled=no dst-port=\
3127-3128 protocol=tcp
add action=drop chain=virus
comment="Drop Backdoor OptixPro" disabled=no \
dst-port=3410 protocol=tcp
add action=drop chain=virus comment=Worm
disabled=no dst-port=4444 protocol=\
tcp
add action=drop chain=virus comment=Worm
disabled=no dst-port=4444 protocol=\
udp
add action=drop chain=virus
comment="Drop Sasser" disabled=no dst-port=5554 \
protocol=tcp
add action=drop chain=virus
comment="Drop Beagle.B" disabled=no dst-port=8866 \
protocol=tcp
add action=drop chain=virus
comment="Drop Dabber.A-B" disabled=no dst-port=\
9898 protocol=tcp
add action=drop chain=virus
comment="Drop Dumaru.Y" disabled=no dst-port=\
10000 protocol=tcp
add action=drop chain=virus
comment="Drop MyDoom.B" disabled=no dst-port=\
10080 protocol=tcp
add action=drop chain=virus
comment="Drop Kuang2" disabled=no dst-port=17300 \
protocol=tcp
add action=drop chain=virus
comment="Drop SubSeven" disabled=no dst-port=\
27374 protocol=tcp
add action=drop chain=virus
comment="Drop PhatBot, Agobot, Gaobot" disabled=\
no
dst-port=65506 protocol=tcp
add action=drop chain=virus
comment="Sockets des Troie" disabled=no dst-port=\
1
protocol=udp
add action=drop chain=virus comment=Death
disabled=no dst-port=2 protocol=tcp
add action=drop chain=virus
comment="Senna Spy FTP server" disabled=no \
dst-port=20 protocol=tcp
add action=drop chain=virus
comment="Back Construction, Blade Runner, Cattivik\
\_FTP Server, CC Invader, Dark FTP, Doly Trojan, Fore, Invisible FTP,
Jugg\
ernaut 42, Larva, MotIv FTP, Net Administrator, Ramen, Senna Spy FTP
serve\
r,
The Flu, Traitor 21, WebEx, WinCrash" disabled=yes dst-port=21 \
protocol=tcp
add action=drop chain=virus comment=\
"Fire HacKer, Tiny Telnet Server TTS, Truva Atl" disabled=no
dst-port=23 \
protocol=tcp
add action=drop chain=virus
comment="Ajan, Antigen, Barok, Email Password Send\
er
EPS, EPS II, Gip, Gris, Happy99, Hpteam mail, Hybris, I love you, Kuang\
2,
Magic Horse, MBT Mail Bombing Trojan, Moscow Email trojan, Naebi, NewAp\
t
worm, ProMail trojan, Shtirlitz, Stealth, Tapiras, Terminator, WinPC, Wi\
nSpy" disabled=no dst-port=25 protocol=tcp
add action=drop chain=virus
comment="Agent 40421" disabled=no dst-port=30 \
protocol=tcp
add action=drop chain=virus comment=\
"Agent 31, Hackers Paradise, Masters Paradise" disabled=no
dst-port=31 \
protocol=tcp
add action=drop chain=virus
comment="Deep Throat, Foreplay" disabled=no \
dst-port=41 protocol=tcp
add action=drop chain=virus comment=DRAT
disabled=no dst-port=48 protocol=tcp
add action=drop chain=virus comment=DRAT
disabled=no dst-port=50 protocol=tcp
add action=drop chain=virus comment=DMSetup
disabled=no dst-port=58 protocol=\
tcp
add action=drop chain=virus comment=DMSetup
disabled=no dst-port=59 protocol=\
tcp
add action=drop chain=virus
comment="CDK, Firehotcker" disabled=no dst-port=\
79
protocol=tcp
add action=drop chain=virus comment=RemoConChubo
disabled=no dst-port=81 \
protocol=tcp
add action=drop chain=virus
comment="Hidden Port, NCX" disabled=no dst-port=\
99
protocol=tcp
add action=drop chain=virus
comment="ProMail trojan" disabled=yes dst-port=\
110
protocol=tcp
add action=drop chain=virus
comment="Invisible Identd Deamon, Kazimas" \
disabled=no dst-port=113 protocol=tcp
add action=drop chain=virus
comment="Attack Bot, God Message, JammerKillah" \
disabled=no dst-port=121 protocol=tcp
add action=drop chain=virus comment="Net
Controller" disabled=no dst-port=123 \
protocol=tcp
add action=drop chain=virus comment=Farnaz
disabled=no dst-port=133 protocol=\
tcp
add action=drop chain=virus comment=NetTaxi
disabled=no dst-port=142 \
protocol=tcp
add action=drop chain=virus comment=Infector
disabled=no dst-port=146 \
protocol=tcp
add action=drop chain=virus comment=Infector
disabled=no dst-port=146 \
protocol=udp
add action=drop chain=virus comment=A-trojan
disabled=no dst-port=170 \
protocol=tcp
add action=drop chain=virus comment=Backage
disabled=no dst-port=334 \
protocol=tcp
add action=drop chain=virus comment=Backage
disabled=no dst-port=411 \
protocol=tcp
add action=drop chain=virus
comment="Breach, Incognito" disabled=no dst-port=\
420 protocol=tcp
add action=drop chain=virus comment="TCP
Wrappers trojan" disabled=no \
dst-port=421 protocol=tcp
add action=drop chain=virus
comment="Hackers Paradise" disabled=no dst-port=\
456
protocol=tcp
add action=drop chain=virus comment="Grlogin
& RPC Backdoor" disabled=no \
dst-port=513-514 protocol=tcp
add action=drop chain=virus
comment="Net666, Rasmin" disabled=no dst-port=531 \
protocol=tcp
add action=drop chain=virus comment="711
trojan, Seven Eleven, Ini-Killer, Net\
\_Administrator,
Phase Zero, Phase-0, Stealth Spy" disabled=no dst-port=\
555
protocol=tcp
add action=drop chain=virus
comment="Secret Service" disabled=no dst-port=605 \
protocol=tcp
add action=drop chain=virus
comment="Attack FTP, Back Construction, BLA trojan\
,
Cain & Abel, NokNok, Satans Back Door SBD, ServU, Shadow Phyre, th3r1pp3\
rz
Therippers SniperNet" disabled=no dst-port=666-667 protocol=tcp
add action=drop chain=virus comment="DP
trojan" disabled=no dst-port=669 \
protocol=tcp
add action=drop chain=virus comment=GayOL
disabled=no dst-port=692 protocol=\
tcp
add action=drop chain=virus
comment="AimSpy, Undetected" disabled=no \
dst-port=777 protocol=tcp
add action=drop chain=virus comment=WinHole
disabled=no dst-port=808 \
protocol=tcp
add action=drop chain=virus
comment="Dark Shadow" disabled=no dst-port=911 \
protocol=tcp
add action=drop chain=virus
comment="Deep Throat, Foreplay, WinSatan & Der Spa\
eher, Direct Connection & Der Spaeher, Le Guardien, Silencer,
WebEx" \
disabled=no dst-port=999 protocol=tcp
add action=drop chain=virus
comment="Doly Trojan" disabled=no dst-port=\
1010-1016 protocol=tcp
add action=drop chain=virus comment=Vampire
disabled=no dst-port=1020 \
protocol=tcp
add action=drop chain=virus
comment="Remote Storm" disabled=no dst-port=1025 \
protocol=udp
add action=drop chain=virus
comment=Multidropper disabled=no dst-port=1035 \
protocol=tcp
add action=drop chain=virus comment="BLA
trojan" disabled=no dst-port=1042 \
protocol=tcp
add action=drop chain=virus comment=Rasmin
disabled=no dst-port=1045 \
protocol=tcp
add action=drop chain=virus
comment="sbin initd" disabled=no dst-port=1049 \
protocol=tcp
add action=drop chain=virus
comment=MiniCommand disabled=no dst-port=1050 \
protocol=tcp
add action=drop chain=virus comment="The
Thief & AckCmd" disabled=no \
dst-port=1053-1054 protocol=tcp
add action=drop chain=virus comment=WinHole
disabled=no dst-port=1080-1083 \
protocol=tcp
add action=drop chain=virus comment=Xtreme
disabled=no dst-port=1090 \
protocol=tcp
add action=drop chain=virus
comment="Remote Administration Tool RAT, Blood Fes\
t
Evolution, Remote Administration Tool RAT" disabled=no dst-port=\
1095-1099 protocol=tcp
add action=drop chain=virus comment=Orion
disabled=no dst-port=1150-1151 \
protocol=tcp
add action=drop chain=virus comment=\
"Psyber Stream Server PSS, Streaming Audio Server, Voice"
disabled=no \
dst-port=1170 protocol=tcp
add action=drop chain=virus comment=NoBackO
disabled=no dst-port=1200-1201 \
protocol=udp
add action=drop chain=virus
comment="SoftWAR & Infector" disabled=no \
dst-port=1207-1208 protocol=tcp
add action=drop chain=virus comment=Kaos
disabled=no dst-port=1212 protocol=\
tcp
add action=drop chain=virus
comment="SubSeven Java client, Ultors Trojan" \
disabled=no dst-port=1234 protocol=tcp
add action=drop chain=virus comment=\
"BackDoor-G, SubSeven, SubSeven Apocalypse, Tiles" disabled=no
dst-port=\
1243 protocol=tcp
add action=drop chain=virus
comment="VooDoo Doll" disabled=no dst-port=1245 \
protocol=tcp
add action=drop chain=virus
comment="Scarab & Project nEXT" disabled=no \
dst-port=1255-1256 protocol=tcp
add action=drop chain=virus comment=Matrix
disabled=no dst-port=1269 \
protocol=tcp
add action=drop chain=virus comment="The
Matrix" disabled=no dst-port=1272 \
protocol=tcp
add action=drop chain=virus comment=NETrojan
disabled=no dst-port=1313 \
protocol=tcp
add action=drop chain=virus comment="Millenium
Worm" disabled=no dst-port=\
1338 protocol=tcp
add action=drop chain=virus comment="Bo
dll" disabled=no dst-port=1349 \
protocol=tcp
add action=drop chain=virus
comment="GoFriller, Backdoor G-1" disabled=no \
dst-port=1394 protocol=tcp
add action=drop chain=virus
comment="Remote Storm" disabled=no dst-port=1441 \
protocol=tcp
add action=drop chain=virus comment=FTP99CMP
disabled=no dst-port=1492 \
protocol=tcp
add action=drop chain=virus comment=Trinoo
disabled=no dst-port=1524 \
protocol=tcp
add action=drop chain=virus
comment="Remote Hack" disabled=no dst-port=1568 \
protocol=tcp
add action=drop chain=virus
comment="Direct Connection, Shivka-Burka" \
disabled=no dst-port=1600 protocol=tcp
add action=drop chain=virus comment=Exploiter
disabled=no dst-port=1703 \
protocol=tcp
add action=drop chain=virus comment=Scarab
disabled=no dst-port=1777 \
protocol=tcp
add action=drop chain=virus comment=SpySender
disabled=no dst-port=1807 \
protocol=tcp
add action=drop chain=virus
comment="Fake FTP & WM FTP Server" disabled=no \
dst-port=1966-1967 protocol=tcp
add action=drop chain=virus comment="OpC
BO" disabled=no dst-port=1969 \
protocol=tcp
add action=drop chain=virus
comment="Bowl, Shockrave" disabled=no dst-port=\
1981 protocol=tcp
add action=drop chain=virus
comment="Back Door, SubSeven, TransScout, Der Spae\
her, Insane Network, Last 2000, Remote Explorer 2000, Senna Spy Trojan
Gen\
erator, Der Spaeher, Trojan Cow" disabled=no dst-port=1999-2001
protocol=\
tcp
add action=drop chain=virus
comment="Ripper Pro" disabled=no dst-port=2023 \
protocol=tcp
add action=drop chain=virus comment=WinHole
disabled=no dst-port=2080 \
protocol=tcp
add action=drop chain=virus comment=Bugs disabled=no
dst-port=2115 protocol=\
tcp
add action=drop chain=virus
comment="Mini Backlash" disabled=no dst-port=2130 \
protocol=udp
add action=drop chain=virus comment="The
Invasor" disabled=no dst-port=2140 \
protocol=tcp
add action=drop chain=virus
comment="Deep Throat, Foreplay" disabled=no \
dst-port=2140 protocol=udp
add action=drop chain=virus
comment="Illusion Mailer" disabled=no dst-port=\
2155 protocol=tcp
add action=drop chain=virus comment=Nirvana
disabled=no dst-port=2255 \
protocol=tcp
add action=drop chain=virus comment="Hvl
RAT" disabled=no dst-port=2283 \
protocol=tcp
add action=drop chain=virus comment=Xplorer
disabled=no dst-port=2300 \
protocol=tcp
add action=drop chain=virus
comment="Studio 54" disabled=no dst-port=2311 \
protocol=tcp
add action=drop chain=virus comment=Contact
disabled=no dst-port=2330-2339 \
protocol=tcp
add action=drop chain=virus
comment="Voice Spy" disabled=no dst-port=2339 \
protocol=udp
add action=drop chain=virus comment="Doly
Trojan" disabled=no dst-port=2345 \
protocol=tcp
add action=drop chain=virus
comment="Striker trojan" disabled=no dst-port=\
2565 protocol=tcp
add action=drop chain=virus comment=WinCrash
disabled=no dst-port=2583 \
protocol=tcp
add action=drop chain=virus
comment="Digital RootBeer" disabled=no dst-port=\
2600 protocol=tcp
add action=drop chain=virus comment="The
Prayer" disabled=no dst-port=2716 \
protocol=tcp
add action=drop chain=virus
comment="SubSeven, SubSeven 2.1 Gold" disabled=no \
dst-port=2773-2774 protocol=tcp
add action=drop chain=virus
comment="Phineas Phucker" disabled=no dst-port=\
2801 protocol=tcp
add action=drop chain=virus
comment="Remote Administration Tool RAT" \
disabled=no dst-port=2989 protocol=udp
add action=drop chain=virus
comment="Remote Shut" disabled=no dst-port=3000 \
protocol=tcp
add action=drop chain=virus comment=WinCrash
disabled=no dst-port=3024 \
protocol=tcp
add action=drop chain=virus comment=Microspy
disabled=no dst-port=3031 \
protocol=tcp
add action=drop chain=virus comment="The
Invasor" disabled=no dst-port=3150 \
protocol=tcp
add action=drop chain=virus
comment="Deep Throat, Foreplay, Mini Backlash" \
disabled=no dst-port=3150 protocol=udp
add action=drop chain=virus
comment="Terror trojan" disabled=no dst-port=3456 \
protocol=tcp
add action=drop chain=virus
comment="Eclipse 2000, Sanctuary" disabled=no \
dst-port=3459 protocol=tcp
add action=drop chain=virus
comment="Portal of Doom" disabled=no dst-port=\
3700 protocol=tcp
add action=drop chain=virus comment=PsychWard
disabled=no dst-port=3777 \
protocol=tcp
add action=drop chain=virus
comment="Total Solar Eclypse" disabled=no \
dst-port=3791-3801 protocol=tcp
add action=drop chain=virus comment=SkyDance
disabled=no dst-port=4000 \
protocol=tcp
add action=drop chain=virus comment=WinCrash
disabled=no dst-port=4092 \
protocol=tcp
add action=drop chain=virus
comment="Virtual Hacking Machine VHM" disabled=no \
dst-port=4242 protocol=tcp
add action=drop chain=virus comment=BoBo
disabled=no dst-port=4321 protocol=\
tcp
add action=drop chain=virus
comment="File Nail" disabled=no dst-port=4567 \
protocol=tcp
add action=drop chain=virus comment="ICQ
Trojan" disabled=no dst-port=4590 \
protocol=tcp
add action=drop chain=virus comment="ICQ
Trogen Lm" disabled=no dst-port=4950 \
protocol=tcp
add action=drop chain=virus
comment="Back Door Setup, Blazer5, Bubbel, ICKille\
r,
Ra1d, Sockets des Troie, Back Door Setup, Sockets des Troie, cd00r, Sha\
ft" disabled=no dst-port=5000-5002 protocol=tcp
add action=drop chain=virus
comment="Solo & One of the Last Trojans OOTLT, One\
\_of the Last Trojans OOTLT, modified" disabled=no
dst-port=5010-5011 \
protocol=tcp
add action=drop chain=virus comment="WM
Remote KeyLogger" disabled=no \
dst-port=5025 protocol=tcp
add action=drop chain=virus comment="Net
Metropolitan" disabled=no dst-port=\
5031-5032 protocol=tcp
add action=drop chain=virus
comment=Firehotcker disabled=no dst-port=5321 \
protocol=tcp
add action=drop chain=virus
comment="Backage, NetDemon" disabled=no dst-port=\
5333 protocol=tcp
add action=drop chain=virus
comment="wCrat WC Remote Administration Tool" \
disabled=no dst-port=5343 protocol=tcp
add action=drop chain=virus
comment="Back Construction, Blade Runner" \
disabled=no dst-port=5400-5402 protocol=tcp
add action=drop chain=virus
comment="Illusion Mailer" disabled=no dst-port=\
5512 protocol=tcp
add action=drop chain=virus comment="The
Flu" disabled=no dst-port=5534 \
protocol=tcp
add action=drop chain=virus comment=Xtcp
disabled=no dst-port=5550 protocol=\
tcp
add action=drop chain=virus comment=ServeMe
disabled=no dst-port=5555-5557 \
protocol=tcp
add action=drop chain=virus comment=Robo-Hack
disabled=no dst-port=5569 \
protocol=tcp
add action=drop chain=virus comment="PC
Crasher" disabled=no dst-port=\
5637-5638 protocol=tcp
add action=drop chain=virus comment=WinCrash
disabled=no dst-port=5742 \
protocol=tcp
add action=drop chain=virus
comment="Portmap Remote Root Linux Exploit" \
disabled=no dst-port=5760 protocol=tcp
add action=drop chain=virus comment="Y3K
RAT" disabled=no dst-port=5880-5889 \
protocol=tcp
add action=drop chain=virus comment="The
Thing" disabled=no dst-port=6000 \
protocol=tcp
add action=drop chain=virus comment="Bad
Blood" disabled=no dst-port=6006 \
protocol=tcp
add action=drop chain=virus
comment="Secret Service" disabled=no dst-port=\
6272 protocol=tcp
add action=drop chain=forward disabled=no
p2p=all-p2p
add action=drop chain=forward
comment="torrent-DHT-Out-Magnet d1:ad2:id20:" \
content=d1:ad2:id20: disabled=no dst-port=1025-65535 packet-size=95-190
\
protocol=udp
add action=drop chain=forward
comment="torrent-DHT-Out-Magnet d1:ad2:id20:" \
disabled=no dst-port=30000-65535 protocol=udp
add action=drop chain=forward
comment="torrent /announce..." content=\
"info_hash=" disabled=no dst-port=2710,80 protocol=tcp
Disable unnecessary services in Mikrotik
or port services that you have never use.
/ip firewall service-port
set ftp disabled=yes ports=21
set tftp disabled=yes ports=69
set irc disabled=yes ports=6667
set h323 disabled=no
set sip disabled=yes ports=5060,5061
sip-direct-media=yes
set pptp disabled=yes
/ip service
set telnet address="" disabled=no
port=23
set ftp address="" disabled=yes
port=21
set www address="" disabled=no
port=80
set ssh address="" disabled=no
port=22
set www-ssl address="" certificate=none
disabled=yes port=443
set api address="" disabled=yes
port=8728
set winbox address="" disabled=no
port=8291
Disable unneccessary tools or
that you have never use.
/tool bandwidth-server
set authenticate=no enabled=no
/tool mac-server
set [ find default=yes ] disabled=yes
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
/tool mac-server ping
set enabled=no
/routing bgp instance
set default as=65530 disabled=yes
/routing ospf instance
set [ find default=yes ] disabled=yes
/routing ospf area
set [ find default=yes ] area-id=0.0.0.0
disabled=yes
I've used Kaspersky protection for a few years now, I recommend this Anti-virus to all of you.
ReplyDelete