tag:blogger.com,1999:blog-7031988210288208612011-11-28T07:22:44.039+07:00A little blog about MikrotikAkbarnoreply@blogger.comBlogger71100tag:blogger.com,1999:blog-703198821028820861.post-18527352180716911262007-08-23T21:46:00.000+07:002007-08-23T21:49:00.617+07:00<b><span style="font-size:130%;"><div align="center">How To : Melindungi FTP Server Mikrotik Anda</div></span></b><br /><br /><i>Artikel singkat ini akan menjelaskan cara untuk melindungi FTP Server Mikrotik anda dari serangan Brute Force.<br /></i><br /><br /><br />Service FTP Server pada Router Mikrotik kita kadang2 tentunya kita perlu jalankan untuk keperluan-keperluan administrasi.<br /><br />Tapi, bagaimana bila jika FTP sedang running, ada pihak-pihak yang ingin memanfaatkan FTP pada Router Mikrotik untuk mencoba hal-hal yang membahayakan Jaringan kita. Cara yang paling umum dilakukan untuk hal ini biasanya adalah dengan menggunakan metode Brute Force Attack.<br /><br />Brute force attack adalah sebuah teknik serangan terhadap sebuah sistem keamanan komputer yang menggunakan percobaan terhadap semua kunci yang mungkin. Pendekatan ini pada awalnya merujuk pada sebuah program komputer yang mengandalkan kekuatan pemrosesan komputer dibandingkan kecerdasan manusia. (Source : <a href="http://id.wikipedia.org/wiki/Brute_force_attack" target="_blank">Wikipedia</a> )<br /><br />Hal yang harus dilakukan untuk mencegah hal diatas sebenarnya cukup sederhana. Hanya butuh 3 rule di firewall.<br /><br /><pre class="alt2" dir="ltr" style="border: 1px inset ; margin: 0px; padding: 6px; overflow: auto; width: 640px; height: 162px; text-align: left;">/ ip firewall filter<br />add chain=input in-interface=ether1 protocol=tcp dst-port=21 src-address-list=ftp_blacklist action=drop<br /><br /># accept 10 incorrect logins per minute<br />/ ip firewall filter<br />add chain=output action=accept protocol=tcp content=530 Login incorrect dst-limit=1/1m,9,dst-address/1m<br /><br />#add to blacklist<br />add chain=output action=add-dst-to-address-list protocol=tcp content=530 Login incorrect address-list=ftp_blacklist address-list-timeout=3h</pre><br /><br /><b>Ingat, urutan diatas harus tepat...tidak boleh tertukar-tukar...</b><br /><br /><br />Mari kita bahas satu persatu dari rule-rule diatas...<br /><br /><br /><br /><b><div style="margin: 5px 20px 20px;"> <div class="smallfont" style="margin-bottom: 2px;">Code:</div> <pre class="alt2" dir="ltr" style="border: 1px inset ; margin: 0px; padding: 6px; overflow: auto; width: 640px; height: 50px; text-align: left;">/ ip firewall filter<br />add chain=input in-interface=ether1 protocol=tcp dst-port=21 src-address-list=ftp_blacklist action=drop</pre> </div></b><br /><br />Rule pertama ini akan melakukan filtering untuk traffik yang berasal dari ether1 (silahkan dirubah sesuai kebutuhan), protocol TCP dengan port 21...dan IP asal traffik dicocokkan dengan addr-list ftp_blacklist (yang akan dicreate di rule berikutnya)....bila cocok / positif maka action drop akan dilakukan...<br /><br />Bila ada yang melakukan brute force attack untuk pertama kalinya, rule pertama ini tidak melakukan apa2...Namun apabila IP-nya telah tercatat, maka akan langsung di Drop.<br /><br /><br /><br /><b><div style="margin: 5px 20px 20px;"> <div class="smallfont" style="margin-bottom: 2px;">Code:</div> <pre class="alt2" dir="ltr" style="border: 1px inset ; margin: 0px; padding: 6px; overflow: auto; width: 640px; height: 66px; text-align: left;"># accept 10 incorrect logins per minute<br />/ ip firewall filter<br />add chain=output action=accept protocol=tcp content=530 Login incorrect dst-limit=1/1m,9,dst-address/1m</pre> </div></b><br />Rule ini bertindak sebagai pengawas, apakah dari IP tertentu telah melakukan Login secara Incorrect sebanyak 9 kali dalam jangka waktu 1 menit....Jadi bila masih dalam batasan 9 kali dalam 1 menit maka masih akan diaccept...Nah apabila telah melampaui 9 kali, maka rule ini tidak akan apply dan akan lanjut ke rule setelahnya yakni...<br /><br /><br /><br /><br /><b><div style="margin: 5px 20px 20px;"> <div class="smallfont" style="margin-bottom: 2px;">Code:</div> <pre class="alt2" dir="ltr" style="border: 1px inset ; margin: 0px; padding: 6px; overflow: auto; width: 640px; height: 50px; text-align: left;">#add to blacklist<br />add chain=output action=add-dst-to-address-list protocol=tcp content=530 Login incorrect address-list=blacklist address-list-timeout=3h</pre> </div></b><br /><br />Rule ini akan menambahkan IP sang penyerang ke dalam addr-list bernama <b>ftp_blacklist</b>...hanya itu yang dilakukan rule ini...<br /><br />Nah, pada saat percobaan yang ke-11 serangan ini akan di Drop oleh Rule yang Pertama....<br /><br /><br />Sekian artikel singkat ini...Selamat mencoba <img src="http://www.forummikrotik.com/images/smilies/Nouve%20Smiley/Smiley-msn.com-3D-2010.gif" alt="" title=":[thumbsup]" class="inlineimg" border="0" /><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/703198821028820861-1852735218071691126?l=mikrotik-howto.blogspot.com' alt='' /></div>Akbarnoreply@blogger.com2tag:blogger.com,1999:blog-703198821028820861.post-57657005577658105092007-08-18T19:33:00.000+07:002007-08-18T19:39:51.610+07:00Source : http://www.forummikrotik.com/showthread.php?t=251<br />Written By : <a href="http://www.forummikrotik.com/member.php?u=52">d3v4</a><br />topologi jaringan adalah sebagai berikut :<br /><br />inet -- cisco --hub -- Squid (slackware) -- mikrotik (bw managr) -- client<br />......................|<br />......................|<br />......................|-- server lain nya<br /><br /><b> IP ADDRESS SESUAIKAN DENGAN YANG DI MILIKI </b><br /><br />blok ip yang di dapat adalah : 202.152.100.0/24<br /><br />syarat dasar pemahaman :<br />1. ip subnetting<br />2. perintah dasar linux<br />3. perintah dasar mikrotik<br /><br />Langkah2...<br /><br /><b>1. Liat ip address cisco nya</b> (asumsi menggunakan FO)<br />ip address cisco s0/0 202.152.30.1<br />netmask 255.255.255.252<br />gateway 202.152.30.2<br /><br />(biasanya di dapat dari ISP yang di atas isp kita)<br /><br /><b>2. Memecah blok ip address yang kita dapat :</b><br /><br />sebelum blok ip address yang kita miliki kita gunakan ada baik nya di pecah dulu. pada contoh berikut akan saya berikan untuk di bagi menjadi 2. BLOK IP SERVER dan blok ip CLIENT.<br /><br />BLOK IP SERVER2 :<br />network : 202.152.100.0/28<br />ip yang dapat di gunakan :202.152.100.1 - 202.152.100.14<br />broadcast : 202.152.100.15<br /><br />BLOK IP CLIENT :<br />selain yang di atas adalah ip yang dapat di gunakan untuk client.<br /><b><br />3. SET IP ETHERNET CISCO</b><br />set ip cisco ethernet0/0<br />ip address : 202.152.100.1<br />netmask 255.255.255.240<br /><br /><br />4. <b>setting Proxy server + TUNE UP </b>:<br />Linux yang di gunakan adalah SLACKWARE 9 dapat di download di :<br /><a href="http://mirror.vip.net.id/pub/slackware/" target="_blank">http://mirror.vip.net.id/pub/slackware/</a><br />yang di gunakan adalah :<br />komputer P4<br />HARD DISK 40 G seagate baracuda 7200 rpm 3 keping dengan RAM 2 G<br />keping hardisk pertama di mount ke /<br />keping hardisk ke 2 di mount ke /cache1<br />keping hard disk ke 3 di mount ke /cache2<br /><br />setelah di install isikan ip address berikut :<br /><br /><b>interface eth0</b><br />ip address : 202.152.100.2<br />netmask 255.255.255.240<br />gateway 202.152.100.1<br /><br /><b>Interface eth1</b><br />ip address : 202.152.100.17<br />netmask 255.255.255.252<br /><br />setelah itu ...<br /><br />buka file : type.h<br />root@proxy:~# vi /usr/include/bits/types.h<br />edit bagian ini :<br /><br />#define __FD_SETSIZE 1024<br /><br />jadi seperti ini<br /><br />#define __FD_SETSIZE 8192<br /><br />==> kemudian keluar dari VI EDITOR<br /><br />kemudian ketik perintah ini :<br /><br />root@proxy:~# ulimit -HSn 8192<br /><br />kemudian download squid 2.5.STABLE9 dari sini :<br /><br />wget <a href="http://202.154.183.7/squid-2.5.STABLE9.tar.gz" target="_blank">http://202.154.183.7/squid-2.5.STABLE9.tar.gz</a><br /><br />simpan di direktori /usr/local/src<br /><br />ekstrak dengan perintah :<br /><br />tar -zxvf squid-2.5.STABLE9.tar.gz<br /><br />masuk kedirektori squid<br />ketik perintah berikut ini :<br /><br />./configure \<br />--prefix=/opt/squid \<br />--exec-prefix=/opt/squid \<br />--enable-gnuregex \<br />--enable-async-io=30 \<br />--with-aufs-threads=30 \<br />--with-pthreads \<br />--with-aio \<br />--with-dl \<br />--enable-storeio=aufs \<br />--enable-removal-policies=heap \<br />--enable-icmp \<br />--disable-wccp \<br />--enable-snmp \<br />--enable-cache-digests \<br />--enable-default-err-languages=English \<br />--enable-err-languages=English \<br />--enable-linux-netfilter \<br />--disable-ident-lookups \<br />--disable-hostname-checks \<br />--enable-underscores<br /><br />karena udah ada mikrotik untuk bw management tidak di perlukan lagi delay pool. Konfigurasi ini adalah untuk komputer dengan spek seperti berikut :<br /><br />HARDISK 3 keping 40 G seagate baracuda 7200 rpm, RAM 2 G<br /><br />2 keping hard disk untuk cache, 1 keping untuk system. apabila menggunakan hard disk scsi --enable-async-io=30 --with-aufs-threads=30 bisa di naekkan jadi 32.<br /><br />==> selesai install squid. semua file squid akan terletak di direktori /opt/squid<br /><br />setelah itu gunakan squid.conf di bawah ini :<br /><br /><pre class="alt2" dir="ltr" style="border: 1px inset ; margin: 0px; padding: 6px; overflow: auto; width: 640px; height: 498px; text-align: left;">http_port 8080<br />acl youtube dstdomain .youtube.com<br />no_cache allow youtube<br />hierarchy_stoplist cgi-bin ? localhost .js .jsp .friendster.com<br />acl QUERY urlpath_regex cgi-bin \? localhost .friendster.com<br />no_cache deny QUERY<br />cache_replacement_policy heap LFUDA<br />memory_replacement_policy heap GDSF<br />cache_mem 6 MB<br />cache_dir aufs /cache1 8000 13 256<br />cache_dir aufs /cache2 8000 13 256<br />cache_swap_low 98<br />cache_swap_high 99<br />cache_access_log /cache1/access.log<br />cache_log /dev/null<br />cache_store_log none<br />mime_table /opt/squid/etc/mime.conf<br />pid_filename /var/run/squid.pid<br />client_netmask 255.255.255.0<br />refresh_pattern ^ftp: 10080 95% 241920 reload-into-ims override-lastmod<br />refresh_pattern . 180 95% 120960 reload-into-ims override-lastmod<br />redirect_rewrites_host_header off<br />acl all src 0.0.0.0/0.0.0.0<br />acl manager proto cache_object<br />acl localnet src 202.152.100.0/255.255.255.0<br />acl localhost src 127.0.0.1/255.255.255.255<br />acl SSL_ports port 443 8443 563 777<br />acl Safe_ports port 25 80 81 110 443 563 6667 7000 777 210 119 70 21 1025-65535<br />acl Safe_ports port 280 6668 6669<br />acl Safe_ports port 488<br />acl Safe_ports port 591<br />acl Safe_ports port 777<br />acl lewat dst_as 4622 4761 4787 4795 4796 4855 4800 7587 7597 7713 9326 9340 9448 9657 9791 9794 9875 9905 9228 9251 10114 10137 10208 10217 17440 17450 17451 17538 17658 17671 17670 17725 17727 17769 4832 4833 17817 17884 17907 17910 17922 17800 10220 17974 17826 17885 18052 18056 18059 7632 4821 18103 17996 18004 18153 18156 18189 18237 18251 18347 3583 3382 4382 4434 18364 18365 18379 9341 9785 18393 17995 23651 23666 23671 23679 23691 23756 23945 24052 24057 24194<br />always_direct allow lewat<br />always_direct deny all<br />#header_access Accept-Encoding deny all<br />acl CONNECT method CONNECT<br />http_access allow manager localhost<br />http_access deny manager<br />http_access allow localnet<br />http_access allow localhost<br />http_access deny !Safe_ports<br />http_access deny CONNECT !SSL_ports<br />http_access deny CONNECT<br />httpd_accel_host virtual<br />httpd_accel_port 80<br />httpd_accel_with_proxy on<br />httpd_accel_uses_host_header on<br />http_access deny all<br />maximum_object_size 128 MB<br />maximum_object_size_in_memory 8 KB<br />ipcache_size 4096<br />ipcache_low 98<br />ipcache_high 99<br />quick_abort_min 0<br />quick_abort_max 0<br />quick_abort_pct 75<br />fqdncache_size 4096<br />shutdown_lifetime 10 seconds<br />cache_mgr hendraarif@yahoo.com<br />cache_effective_user squid<br />cache_effective_group squid<br />memory_pools off<br />buffered_logs off<br />log_icp_queries off<br />logfile_rotate 1<br />log_fqdn off<br />forwarded_for off<br />icp_hit_stale on<br />query_icmp on<br />reload_into_ims on<br />emulate_httpd_log off<br />negative_ttl 2 minutes<br />pipeline_prefetch on<br />vary_ignore_expire on<br />half_closed_clients off<br />high_page_fault_warning 2<br />visible_hostname proxy@dodol.org<br />nonhierarchical_direct on<br />prefer_direct off<br /><br /></pre><br />perhatikan ip address yang di izinkan. sesuaikan dengan ip yang di gunakan.<br />perhatikan juga penggunaan cache direktori. maksimal untuk 1 keping adalah 18 Giga.<br /><br />setelah itu tambahkan user squid di linux :<br /><br />root@proxy:~# useradd squid<br /><br />tambahkan juga group squid<br /><br />root@proxy:~# groupadd squid<br /><br /><br />bentuk direktori cache di squid :<br /><br />root@proxy:~# /opt/squid/sbin/squid -z<br /><br />ketik perintah ini sekali lagi :<br /><br />root@proxy:~# ulimit -HSn 8192<br /><br />kemudian jalankan squid dengan perintah :<br /><br />root@proxy:~# /opt/squid/sbin/squid -DY &<br /><br />================================================== ==============<br /><br />okeee.. kita lanjut :<br /><br />5. Setting mikrotik :<br /><br />masukin ip address ether 1 :<br />/ip address add address=202.152.100.18/30 interface=ether1<br /><br />karena seluruh ip yang di gunakan adalah ip public maka perlu subnetting di pisah-pisah :<br />masukin ip address untuk pasangan ip client :<br />misalkan ip client adalah 202.152.100.22 maka yang di masukkan di mikrotik ethr2 adalah 202.152.100.21/30<br /><br />demikian pula untuk pasangan ip client2 yang lain.<br /><br />/ip address add address=202.152.100.21/30 interface=ether2<br /><br /><br /><br />untuk lebih jelasnya dapat di liat pada tablel berikut :<br /><div style="margin: 5px 20px 20px;"> <div class="smallfont" style="margin-bottom: 2px;">Code:</div> <pre class="alt2" dir="ltr" style="border: 1px inset ; margin: 0px; padding: 6px; overflow: auto; width: 640px; height: 498px; text-align: left;"> network first avail last avail broadcast<br />202.152.100.20 202.152.100.21 202.152.100.22 202.152.100.23<br />202.152.100.24 202.152.100.25 202.152.100.26 202.152.100.27<br />202.152.100.28 202.152.100.29 202.152.100.30 202.152.100.31<br />202.152.100.32 202.152.100.33 202.152.100.34 202.152.100.35<br />202.152.100.36 202.152.100.37 202.152.100.38 202.152.100.39<br />202.152.100.40 202.152.100.41 202.152.100.42 202.152.100.43<br />202.152.100.44 202.152.100.45 202.152.100.46 202.152.100.47<br />202.152.100.48 202.152.100.49 202.152.100.50 202.152.100.51<br />202.152.100.52 202.152.100.53 202.152.100.54 202.152.100.55<br />202.152.100.56 202.152.100.57 202.152.100.58 202.152.100.59<br />202.152.100.60 202.152.100.61 202.152.100.62 202.152.100.63<br />202.152.100.64 202.152.100.65 202.152.100.66 202.152.100.67<br />202.152.100.68 202.152.100.69 202.152.100.70 202.152.100.71<br />202.152.100.72 202.152.100.73 202.152.100.74 202.152.100.75<br />202.152.100.76 202.152.100.77 202.152.100.78 202.152.100.79<br />202.152.100.80 202.152.100.81 202.152.100.82 202.152.100.83<br />202.152.100.84 202.152.100.85 202.152.100.86 202.152.100.87<br />202.152.100.88 202.152.100.89 202.152.100.90 202.152.100.91<br />202.152.100.92 202.152.100.93 202.152.100.94 202.152.100.95<br />202.152.100.96 202.152.100.97 202.152.100.98 202.152.100.99<br />202.152.100.100 202.152.100.101 202.152.100.102 202.152.100.103<br />202.152.100.104 202.152.100.105 202.152.100.106 202.152.100.107<br />202.152.100.108 202.152.100.109 202.152.100.110 202.152.100.111<br />202.152.100.112 202.152.100.113 202.152.100.114 202.152.100.115<br />202.152.100.116 202.152.100.117 202.152.100.118 202.152.100.119<br />202.152.100.120 202.152.100.121 202.152.100.122 202.152.100.123<br />202.152.100.124 202.152.100.125 202.152.100.126 202.152.100.127<br />202.152.100.128 202.152.100.129 202.152.100.130 202.152.100.131<br />202.152.100.132 202.152.100.133 202.152.100.134 202.152.100.135<br />202.152.100.136 202.152.100.137 202.152.100.138 202.152.100.139<br />202.152.100.140 202.152.100.141 202.152.100.142 202.152.100.143<br />202.152.100.144 202.152.100.145 202.152.100.146 202.152.100.147<br />202.152.100.148 202.152.100.149 202.152.100.150 202.152.100.151<br />202.152.100.152 202.152.100.153 202.152.100.154 202.152.100.155<br />202.152.100.156 202.152.100.157 202.152.100.158 202.152.100.159<br />202.152.100.160 202.152.100.161 202.152.100.162 202.152.100.163<br />202.152.100.164 202.152.100.165 202.152.100.166 202.152.100.167<br />202.152.100.168 202.152.100.169 202.152.100.170 202.152.100.171<br />202.152.100.172 202.152.100.173 202.152.100.174 202.152.100.175<br />202.152.100.176 202.152.100.177 202.152.100.178 202.152.100.179<br />202.152.100.180 202.152.100.181 202.152.100.182 202.152.100.183<br />202.152.100.184 202.152.100.185 202.152.100.186 202.152.100.187<br />202.152.100.188 202.152.100.189 202.152.100.190 202.152.100.191<br />202.152.100.192 202.152.100.193 202.152.100.194 202.152.100.195<br />202.152.100.196 202.152.100.197 202.152.100.198 202.152.100.199<br />202.152.100.200 202.152.100.201 202.152.100.202 202.152.100.203<br />202.152.100.204 202.152.100.205 202.152.100.206 202.152.100.207<br />202.152.100.208 202.152.100.209 202.152.100.210 202.152.100.211<br />202.152.100.212 202.152.100.213 202.152.100.214 202.152.100.215<br />202.152.100.216 202.152.100.217 202.152.100.218 202.152.100.219<br />202.152.100.220 202.152.100.221 202.152.100.222 202.152.100.223<br />202.152.100.224 202.152.100.225 202.152.100.226 202.152.100.227<br />202.152.100.228 202.152.100.229 202.152.100.230 202.152.100.231<br />202.152.100.232 202.152.100.233 202.152.100.234 202.152.100.235<br />202.152.100.236 202.152.100.237 202.152.100.238 202.152.100.239<br />202.152.100.240 202.152.100.241 202.152.100.242 202.152.100.243<br />202.152.100.244 202.152.100.245 202.152.100.246 202.152.100.247<br />202.152.100.248 202.152.100.249 202.152.100.250 202.152.100.251<br />202.152.100.252 202.152.100.253 202.152.100.254 202.152.100.255</pre> </div>kemudian masukan gateway nya ke arah proxy :<br /><br />/route add gateway=202.152.100.17<br /><br /><br /><b>atur route di proxy </b>agar mengizinkan network end mikrotik dapat lewat :<br /><br />route add -net 202.152.100.16/30 gateway 202.154.183.18<br /><br />selesai urusan ip address...<br /><br />6. <b>dapat di uji coba client </b><br />menggunakan ip address :<br />202.152.100.22<br />netmask 255.255.255.252<br />gateway 202.152.100.21<br /><br />karena menggunakan subnetting selain ip address 22 tidak akan dapat melewati router mikrotik yang di buat<br /><br />7. <b> iptables di proxy </b><br />semua traffic harus di paksa lewat proxy server yang kita buat dengan perintah :<br /><br /><div style="margin: 5px 20px 20px;"> <div class="smallfont" style="margin-bottom: 2px;">Code:</div> <pre class="alt2" dir="ltr" style="border: 1px inset ; margin: 0px; padding: 6px; overflow: auto; width: 640px; height: 34px; text-align: left;">iptables -A PREROUTING -t nat -p tcp -s 202.152.100.0/24 -i eth2 -d \! 202.152.100.0/24 --dport 80 -j REDIRECT --to 8080</pre> </div>9. <b> DNS SERVER </b><br />jalankan dns server yang telah ada secara defaul di slackware dengan perintah :<br /><br />root@proxy:~# named -d1<br /><br />tinggal masukin di /etc/resolv.conf<br /><br />nameserver 127.0.0.1<br /><br />dan seluruh client pake dns ip 202.152.100.18<br /><br />TANPA NAT/MASQUERADE .................. ip public terdistribusi ke client<br /><br />jadi deeeehhhhhh gampang dan cepat kan ?<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/703198821028820861-5765700557765810509?l=mikrotik-howto.blogspot.com' alt='' /></div>Akbarnoreply@blogger.com0tag:blogger.com,1999:blog-703198821028820861.post-53932768962220974752007-08-18T19:00:00.000+07:002007-08-18T19:01:16.326+07:00<p>Web proxy allows clients to make indirect network connections to other network services. A client connects to the proxy server, then requests file, or other resource available on a different server. Web proxy performs Internet object cache function by storing requested Internet objects, i.e., data available via HTTP and FTP protocols on a system positioned closer to the recipient than the site the data is originated from. Transparent proxy performs request caching invisibly to the end-user. This way the user does not notice that his connection is being processed by the proxy and therefore does not need to perform any additional configuration of the software he is using. To setup transparent proxy follow the steps listed bellow </p><p>1. Configure the router to redirect all connections coming from clients (we assume that clients are connected to routers ether1 interface) to port 80 to the web proxy listening on port 8080, by adding the following destination NAT rule: </p> <pre>[admin@MikroTik] >ip firewall nat add in-interface=ether1 dst-port=80 \<br />\... protocol=tcp action=redirect to-ports=8080 chain=dstnat<br /></pre> <p>2. Specify DNS server: </p> <pre>[admin@MikroTik] ip dns set primary-dns=195.2.96.2<br /></pre> <p>3. Enable the proxy on port 8080: </p> <pre>[admin@MikroTik] ip web-proxy set enabled=yes port=8080 transparent-proxy=yes<br /></pre> <p>Notice that only HTTP traffic is supported in transparent mode of the web proxy. HTTPS and FTP protocols are not going to work this way. </p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/703198821028820861-5393276896222097475?l=mikrotik-howto.blogspot.com' alt='' /></div>Akbarnoreply@blogger.com3tag:blogger.com,1999:blog-703198821028820861.post-17725055210622799222007-08-17T21:12:00.001+07:002007-08-17T21:14:53.455+07:00You can use this little script to get an IP from Rapidshare...This script will look into the DNS cache, and everytime the word rapidshare comes out, it will place the IP it get to a address list, then after that you can config a queue rule to limit the traffic...<br /><br />:foreach i in=[/ip dns cache find] do={<br /> :if ([:find [/ip dns cache get $i name] "rapidshare"] > 0) do={<br /> :log info ("rapidshare: " . [/ip dns cache get $i name] . " (ip address " . [/ip dns cache get $i address] . ")")<br /> /ip firewall address-list add address=[/ip dns cache get $i address] list=rapidshare disabled=no<br /> }<br />}<br /><br />Source : http://forum.mikrotik.com/viewtopic.php?p=84349#p84349<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/703198821028820861-1772505521062279922?l=mikrotik-howto.blogspot.com' alt='' /></div>Akbarnoreply@blogger.com0tag:blogger.com,1999:blog-703198821028820861.post-50854083787177085902007-08-17T21:03:00.002+07:002007-08-17T21:04:21.314+07:00<b>normis :</b><br />...who uploads MikroTik related videos to the <a href="http://www.tiktube.com/" target="_blank">http://www.TikTube.com</a> video system. Any video directly related with MikroTik stuff will do. We will evaluate your video, and you will receive a free license!<br /><br /><br /><a href="http://forum.mikrotik.com/viewtopic.php?f=2&amp;t=17521" target="_blank"><br /></a><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/703198821028820861-5085408378717708590?l=mikrotik-howto.blogspot.com' alt='' /></div>Akbarnoreply@blogger.com2tag:blogger.com,1999:blog-703198821028820861.post-24941869258286606392007-08-17T21:03:00.001+07:002007-08-17T21:03:20.740+07:00<p>Sometimes you may need to cut off a customer and tell him to pay his bill. It's best done by redirecting his http requests to a page with information telling to pay in order to get reconnected. You can do it with a simple destination NAT rule that captures all http requests from a specific address and sends them to a server with webpage telling to pay the bill. However, it's quite easy to make this using the HotSpot feature of RouterOS. Please note that this don't work with PPPoE connections. </p><p>To make this setup, you should have Hotspot package enabled on the RouterOS. This example will cover how to block customer's computer. When he tries to open a webpage he would be redirected to the hotspot page which will contain info that he hasn't paid the bill for the Internet access. Your router should have already been configured and working (customer should have access to the Internet), you should have the DNS server specified in the router. </p><p>First you should edit the Hotspot login.html page with the text that contains information that will be shown to the customers who haven't paid their bills. It could be something like this: "Service not available, please pay the bill and contact us by phone to get reconnected". This page can be found within the hotspot folder of RouterOS. </p><p>Next, add an ip-binding rule that will allow all customers to bypass the hotspot page. It is done using such a command: </p> <pre>/ip hotspot ip-binding add type=bypassed address=0.0.0.0/0 \<br />comment="bypass the hotspot for all the paying customers"<br /></pre> <p>After that add the Hotspot server on the interface where your clients are connected. It can be done using such command: </p> <pre>/ip hotspot add interface=local disabled=no<br /></pre> <p>Now you can add ip-binding rules for the customers that haven't paid their bill. You can match them by IP address or MAC address. Here is an example using MAC address: </p> <pre>/ip hotspot ip-binding add mac-address=00:0C:42:00:00:90 type=regular comment "Non paying client 1"<br /></pre> <p>Now we have such configuration: </p> <pre>[admin@MikroTik] ip hotspot ip-binding> print<br />Flags: X - disabled, P - bypassed, B - blocked<br /># MAC-ADDRESS ADDRESS TO-ADDRESS SERVER<br />0 P ;;; bypass the hotspot for all the paying customers<br /> 0.0.0.0/0<br />1 ;;; Non paying client 1<br /> 00:0C:42:00:00:90<br /></pre> <p>There is one more step to make it work, you should change the order of these rules, the first rule should be above the bypass rule so it could be processed. You can move it using move command: </p> <pre>[admin@MikroTik] ip hotspot ip-binding> move 1 0<br /></pre> <p>Now the ip-binding configuration should look like this: </p> <pre>[admin@MikroTik] ip hotspot ip-binding> print<br />Flags: X - disabled, P - bypassed, B - blocked<br /># MAC-ADDRESS ADDRESS TO-ADDRESS SERVER<br />0 ;;; Non paying client 1<br /> 00:0C:42:00:00:90<br />1 P ;;; bypass the hotspot for all the paying customers<br /> 0.0.0.0/0<br /></pre> <p>If the customers can pay their bill using internet you can modify the login.html by adding some links to clients bank web-page where they can pay their bill. After you add these links in the login page you should also add them in the hotspot configuration so the blocked customer could access that page. This can be done in the 'ip hotspot walled-garden ip' menu. Here is an example: </p> <pre>/ip hotspot walled-garden ip add dst-host=www.paypal.com<br /></pre><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/703198821028820861-2494186925828660639?l=mikrotik-howto.blogspot.com' alt='' /></div>Akbarnoreply@blogger.com0tag:blogger.com,1999:blog-703198821028820861.post-87314726108290284102007-08-17T20:56:00.000+07:002007-08-17T21:02:24.406+07:00<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://wiki.mikrotik.com/wiki/Image:Arp_add_hosts.jpg"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 320px;" src="http://wiki.mikrotik.com/wiki/Image:Arp_add_hosts.jpg" alt="" border="0" /></a><br /><p>To protect the Router from port scanners, we can record the IPs of hackers who try to scan your box. Using this address list we can drop connection from those IP </p><p>in <b>/ip firewall filter</b> </p><br /><pre>add chain=input protocol=tcp psd=21,3s,3,1 action=add-src-to-address-list address-list="port scanners"<br />address-list-timeout=2w comment="Port scanners to list " disabled=no</pre><br />Various combinations of TCP flags can also indicate port scanner activity.<br /><br /><pre>add chain=input protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg<br />action=add-src-to-address-list address-list="port scanners"<br />address-list-timeout=2w comment="NMAP FIN Stealth scan"<br /></pre> <pre>add chain=input protocol=tcp tcp-flags=fin,syn<br />action=add-src-to-address-list address-list="port scanners"<br />address-list-timeout=2w comment="SYN/FIN scan"<br /></pre> <pre>add chain=input protocol=tcp tcp-flags=syn,rst<br />action=add-src-to-address-list address-list="port scanners"<br />address-list-timeout=2w comment="SYN/RST scan"<br /></pre> <pre>add chain=input protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack<br />action=add-src-to-address-list address-list="port scanners"<br />address-list-timeout=2w comment="FIN/PSH/URG scan"<br /></pre> <pre>add chain=input protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg<br />action=add-src-to-address-list address-list="port scanners"<br />address-list-timeout=2w comment="ALL/ALL scan"<br /></pre> <pre>add chain=input protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg<br />action=add-src-to-address-list address-list="port scanners"<br />address-list-timeout=2w comment="NMAP NULL scan"<br /></pre><br />Then you can drop those IPs:<br /><br /><pre>add chain=input src-address-list="port scanners" action=drop comment="dropping port scanners" disabled=no</pre>Similarly, you can drop these port scanners in the forward chain, but using the above rules with "chain=forward".<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/703198821028820861-8731472610829028410?l=mikrotik-howto.blogspot.com' alt='' /></div>Akbarnoreply@blogger.com0