Follow us on...
Follow us on G+ Follow us on Twitter Follow us on Facebook Watch us on YouTube
Register
Results 1 to 9 of 9
  1. #1
    Status
    Offline
    w1z4rd's Avatar
    Newbie
    Join Date
    Jul 2007
    Posts
    54
    Reviews
    Read 0 Reviews
    Downloads
    4
    Uploads
    0
    Feedback Score
    0

    Ask : kenapa selalu kena "port scanner" ?

    Saya menggunakan mikrotik ditempat kerja sebagai router, kemarin saya menambahkan rules pada firewall->filter untuk menghindari port scanner (saya dapat dari artikel forum mikrotik) berikut list nya:
    -----------
    /ip firewall filter add chain=input protocol=tcp psd=21,3s,3,1 action=add-src-to-address-list addresslist=" port scanners" address-list-timeout=2w comment="Port scanners to list" disabled=no

    add chain=input protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg action=add-srcto-address-list address-list="port scanners" address-list-timeout=2w comment="NMAP FIN Stealth scan"

    add chain=input protocol=tcp tcp-flags=fin,syn action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="SYN/FIN scan"

    add chain=input protocol=tcp tcp-flags=syn,rst action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="SYN/RST scan"

    add chain=input protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack action=add-src-toaddress-list address-list="port scanners" address-list-timeout=2w comment="FIN/PSH/URG scan"

    add chain=input protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg action=add-src-toaddress-list address-list="port scanners" address-list-timeout=2w comment="ALL/ALL scan"

    add chain=input protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg action=add-srcto-address-list address-list="port scanners" address-list-timeout=2w comment="NMAP NULL scan"

    add chain=input src-address-list="port scanners" action=drop comment="dropping port scanners" disabled=no

    -----------
    Tapi anehnya PC saya sendiri (sebagai client) masuk kategori "port scanner", dan nyangkut di address-list "port scanner", 19 PC lainnya gak. Memang di PC saya ada beberapa software yang saya install guna memudahkan pekerjaan saya seperti winbox, teamviewer, the dude dan Net Support Manager. Apakah dari software-software tersebut ada yang masuk kategory "port-scanner" ?, jika iya bagaimana solusinya ?.

  2. #2
    Status
    Offline
    felix_sg's Avatar
    Member Super Senior
    Join Date
    Sep 2007
    Location
    indonesia
    Posts
    607
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    kasi contoh satu aja

    /ip firewall filter add chain=input src-address=!ipserver protocol=tcp psd=21,3s,3,1 action=add-src-to-address-list addresslist=" port scanners" address-list-timeout=2w comment="Port scanners to list" disabled=no

  3. #3
    Status
    Offline
    ataru's Avatar
    Member
    Join Date
    Oct 2007
    Posts
    127
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    dude manager?

  4. #4
    Status
    Offline
    w1z4rd's Avatar
    Newbie
    Join Date
    Jul 2007
    Posts
    54
    Reviews
    Read 0 Reviews
    Downloads
    4
    Uploads
    0
    Feedback Score
    0
    @felix_sg
    Click here to enlarge Originally Posted by felix_sg Click here to enlarge
    kasi contoh satu aja

    /ip firewall filter add chain=input src-address=!ipserver protocol=tcp psd=21,3s,3,1 action=add-src-to-address-list addresslist=" port scanners" address-list-timeout=2w comment="Port scanners to list" disabled=no
    Kalo dikasi rules gini, PC saya aman Bro, ini permasalahannya dimana ya ?

  5. #5
    Status
    Offline
    yosanpro's Avatar
    Co-Admin
    Join Date
    Nov 2007
    Location
    Bantul, Bantul, Yogyakarta
    Posts
    2,548
    Reviews
    Read 0 Reviews
    Downloads
    11
    Uploads
    4
    Feedback Score
    1 (100%)
    TheDude keknya bisa masuk kategori itu, coba nonaktifkan dulu deh.

  6. #6
    Status
    Offline
    felix_sg's Avatar
    Member Super Senior
    Join Date
    Sep 2007
    Location
    indonesia
    Posts
    607
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by w1z4rd Click here to enlarge
    @felix_sg


    Kalo dikasi rules gini, PC saya aman Bro, ini permasalahannya dimana ya ?
    perintah yang "!ipserver" itu supaya memerintahkan mikrotik untuk tidak mengindahkan ip yag tertera di situ masuk ke address-list. tanda "!" di mikrotik artinya selain.

  7. #7
    Status
    Offline
    w1z4rd's Avatar
    Newbie
    Join Date
    Jul 2007
    Posts
    54
    Reviews
    Read 0 Reviews
    Downloads
    4
    Uploads
    0
    Feedback Score
    0
    @yosanpro :
    TheDude keknya bisa masuk kategori itu, coba nonaktifkan dulu deh.
    Kayanya emang bener kang, the dude ke jegal nih ama rules ini. Karena cuman PC saya yg install the dude, ya sudah terpaksa solusinya saya pake !IP_PCSAYA pada rules ini.

    Oh ya, satu lagi ini kang, saya juga memasang rules untuk drop virus dan trojan (pada artikel "melindungi data pelanggan/user"), dengan rules :
    Code:
    /ip firewall filter add chain=forward connection-state=established comment="allow established connections"
    add chain=forward connection-state=related comment="allow related connections"
    add chain=forward connection-state=invalid action=drop comment="drop invalid connections"
    add chain=virus protocol=tcp dst-port=135-139 action=drop comment="Drop Blaster Worm"
    add chain=virus protocol=tcp dst-port=2535 action=drop comment="Drop Beagle"
    dst----------------->>>>
    
    add chain=forward action=jump jump-target=virus comment="jump to the virus chain"
    add chain=forward protocol=icmp comment="allow ping"
    add chain=forward protocol=udp comment="allow udp"
    add chain=forward action=drop comment="drop everything else"
    Tetapi malah email client (outlook express) tidak bisa jalan, sebelumnya outlook express berjalan normal. Awalnya saya mengira POP3 gmail account (SSL mail port 995) kena block, tetapi semua mail accout juga nyangkut.

    Tetapi kalo rules :
    Code:
    add chain=forward action=drop comment="drop everything else"
    saya disable-kan outlook express nya normal berjalan, dimana kira-kira masalahnya ya rekan-rekan ?. Harapan saya rules ini bisa tetap terpasang karena memang beberapa kali berguna untuk memblock port yang ditumpangi virus/trojan.

    Mohon pencerahannya kang dan rekan-rekan semua.

  8. #8
    Status
    Offline
    bocah_dablek's Avatar
    Calon Member
    Join Date
    Feb 2008
    Posts
    79
    Reviews
    Read 0 Reviews
    Downloads
    2
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by felix_sg Click here to enlarge
    kasi contoh satu aja

    /ip firewall filter add chain=input src-address=!ipserver protocol=tcp psd=21,3s,3,1 action=add-src-to-address-list addresslist=" port scanners" address-list-timeout=2w comment="Port scanners to list" disabled=no
    berarti di address list nya dimasukin daftar ipserver dong...
    maaf nih maklum nyubie...

  9. #9
    Status
    Offline
    felix_sg's Avatar
    Member Super Senior
    Join Date
    Sep 2007
    Location
    indonesia
    Posts
    607
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    liat2 situasi mas, kalo cuma satu ip aja, langsung masukkan ipnya d src-address. tapi kalo banyak ip kayak dmz begitu. dibikin di address-list, dan pake option src-address-list.

 

 

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. [ask] setting agar user tidak bisa saling "lihat"
    By dencow in forum Beginner Basics
    Replies: 24
    Last Post: 14-03-2013, 14:37
  2. Replies: 3
    Last Post: 26-11-2012, 20:52
  3. [ASK] Bagaimana "membocorkan" sinyal dari Antenna?
    By bboelhasrin in forum Wireless Networking
    Replies: 6
    Last Post: 29-04-2010, 20:47
  4. IP Address status "Invalid" dan berwarna merah
    By pathic in forum Beginner Basics
    Replies: 9
    Last Post: 30-04-2009, 09:52
  5. Pertanyaan untuk wiki "Protecting your customers"
    By yudigadget in forum General Networking
    Replies: 7
    Last Post: 29-08-2008, 10:25

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •