Beranda > Mikrotik > Block Port scanner, DDOS dan netcut di MIKROTIK

Block Port scanner, DDOS dan netcut di MIKROTIK


Ini adalah scrip untuk mengamankan jaringan dari port scanner, DDOS dan netcut di Router Mikrotik.

Langkah² nya adalah sebagai berikut :

/ip firewall filter add action=add-src-to-address-list address-list=DDOS address-list-timeout=15s \ chain=input comment=”” disabled=no dst-port=1337 protocol=tcp

Kemudian :

add action=add-src-to-address-list address-list=DDOS address-list-timeout=15m \ chain=input comment=”” disabled=no dst-port=7331 protocol=tcp src-address-list=knock

add action=add-src-to-address-list address-list=”port scanners” address-list-timeout=2w \ chain=input comment=”Port scanners to list ” disabled=no protocol=tcp psd=21,3s,3,1

add action=add-src-to-address-list address-list=”port scanners” address-list-timeout=2w \ chain=input comment=”SYN/FIN scan” disabled=no protocol=tcp tcp-flags=fin,syn

add action=add-src-to-address-list address-list=”port scanners” address-list-timeout=2w \ chain=input comment=”SYN/RST scan” disabled=no protocol=tcp tcp-flags=syn,rst

add action=add-src-to-address-list address-list=”port scanners” address-list-timeout=2w \ chain=input  disabled=no tcp-flags=fin,psh,urg,!syn,!rst,!ack protocol=tcp \ comment=”FIN/PSH/URG scan”

add action=add-src-to-address-list address-list=”port scanners” address-list-timeout=2w \ chain=input disabled=no protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg \
comment=”ALL/ALL scan”

add action=add-src-to-address-list address-list=”port scanners” address-list-timeout=2w \ chain=input  tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg comment=”NMAP NULL scan” \ disabled=no protocol=tcp

add action=add-src-to-address-list address-list=”port scanners” address-list-timeout=2w \ chain=input comment=”NMAP FIN Stealth scan” disabled=no protocol=tcp

add action=accept chain=input comment=”ANTI NETCUT” disabled=no dst-port=0-65535 \ protocol=tcp src-address=61.213.183.1-61.213.183.254

add action=accept chain=input comment=”ANTI NETCUT” disabled=no dst-port=0-65535 \ protocol=tcp src-address=67.195.134.1-67.195.134.254

add action=accept chain=input comment=”ANTI NETCUT” disabled=no dst-port=0-65535 \ protocol=tcp src-address=68.142.233.1-68.142.233.254

Iklan
Kategori:Mikrotik
  1. wawan
    2 November 2012 pukul 11:37 AM

    maksud ” 67.195.134.1-67.195.134.254 ” ini alamat ip yang kita pakai di jaringan ya gan

    • 17 November 2012 pukul 4:30 AM

      Tinggal di paste gan…thankz

  2. 5 Maret 2013 pukul 2:52 PM

    Reblogged this on Hunter Synard Zoldic.

  3. axho
    15 Mei 2013 pukul 9:12 AM

    itu ip address buat apa gan? apa disesuaikan dengan ip masing2?

  4. 11 Agustus 2013 pukul 9:48 PM

    In comparison to levothyroxine (T4), liothyronine (T3) has a faster onset of action as well
    as a shorter biological half-life, which may be due to less plasma protein binding to thyroxine-binding globulin and transthyretin.
    Today’s your lucky day if you are still searching for a breakthrough weight loss method. You have a simple goal – spin to the point where you get slightly dizzy.

  1. No trackbacks yet.

Tinggalkan Balasan

Isikan data di bawah atau klik salah satu ikon untuk log in:

Logo WordPress.com

You are commenting using your WordPress.com account. Logout / Ubah )

Gambar Twitter

You are commenting using your Twitter account. Logout / Ubah )

Foto Facebook

You are commenting using your Facebook account. Logout / Ubah )

Foto Google+

You are commenting using your Google+ account. Logout / Ubah )

Connecting to %s

%d blogger menyukai ini: