Follow us on...
Follow us on G+ Follow us on Twitter Follow us on Facebook Watch us on YouTube
Register
Results 1 to 8 of 8
  1. #1
    Status
    Offline
    Viceroy's Avatar
    Newbie
    Join Date
    Dec 2008
    Location
    Jakarta, ID
    Posts
    26
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0

    Question (ASK) (HELP) Mikrotik access situs2 aneh sendiri dan melambatkan jaringan (??)

    Suhu2 sekalian,
    mohon petunjuknya pliss..

    bbrp bulan lalu gw instal mikrotik(MT) di jaringan gw,semua settingan gw dpt dari forum ini.
    MT nya gw "pake-in" pcq dan webproxy. niatnya spy semua org dpt bandwidth yg sama dan akses jd lbh cpt dgn webproxy.

    Setelah pake MT,semua user gw happy,katanya akses internet jadi cpt, lancar.

    stlh bbrp bulan gw tinggal,jaringan gw jadi lambat.malah kadang g bisa akses sama skali.
    kl gw bypass ke modem (tanpa lewat MT), akses kenceng, tp kl di blkg MT,akses lambat. jadi kecurigaan gw ada di MT.
    MT gw reboot, akses normal, tp bbrp menit kemudian melambat lg.
    MT nya gw coba restore ke settingan gw terakhir (takut ada yg "keubah" pas gw g ada,tp ini g mungkin,krn password cuma gw yg tau,dan akses ke pc terkunci). sukses cuma sehari, melambat lg...

    setelah gw perhatiin di winbox (gw biasanya berkutat lgs di pc MTnya), gw nemuin settingan "aneh",yg seinget gw g pernah gw pasang.

    contohnya di firewall-address list, ada settingan
    namanya : port scanners
    address : 58.222.16.133

    yg stlh gw track IP nya berasal dari china...Click here to enlarge

    trus di webproxy-connections, banyak bgt aktivitas2 koneksi yg src-addr maupun dst-addr g ada yg dari ip lokal gw.
    malah kadang g ada ip lokal sama sekali di semua listnya, krn memang lg g ada org di ktr.

    sama halnya di firewall-connections, ada ribuan items yg g ada dari ip lokal gw...
    bbrp coba gw track ipnya berasal dari belanda dan amrik. yg kl dibuka di browser ada yg kebuka sbg situs2 ga jelas...

    ada yang bisa jelasin apa yg terjadi dengan MT gw??
    apa ini normal???
    atau ada yg berhasil bobol ke MT gw dan acak2 settingan??atau kesusup program??atawww????

    gw pengen attach gbr nya ksini,tp g ngerti caranya..maap nubie.. Click here to enlarge

    maap jg kl post nya mirip ky curhat... Click here to enlarge

    tolongin pliss suhu2..mohon pencerahannya...

    edit:
    ini link gbr nya :


    dan
    Last edited by Viceroy; 23-05-2009 at 15:03.

  2. #2
    Status
    Offline
    sum14rdi's Avatar
    VIP Member
    Join Date
    Sep 2007
    Location
    Tambun-Bekasi
    Posts
    860
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    1 (100%)
    maaf......mudah2an ini menjadi solusi....coba di firewall filter anda buat rule untuk memblock koneksi dari luar yang menuju port web-proxy anda (ada yang pake 3128 atau 8080, sesuaikan saja dengan settingan anda)...

    klo liat gambarnya :
    1. anda pake speedy
    2. yang dial pppoe adalah mikrotik anda bukan modem.

    jadi intinya coba pake ini
    /ip firewall filter
    add action=drop chain=forward comment="" connection-state=invalid disabled=no
    add action=drop chain=input comment="" disabled=no dst-port=8080 \
    in-interface=pppoe-out1 protocol=tcp
    add action=drop chain=input comment="" disabled=no dst-port=3128 \
    in-interface=pppoe-out1 protocol=tcp
    in-interfacenya sesuaikan dengan nama pppoe client yang anda buat, klo saya pake default yaitu pppoe-out1

  3. The Following 2 Users Say Thank You to sum14rdi For This Useful Post:


  4. #3
    Status
    Offline
    Viceroy's Avatar
    Newbie
    Join Date
    Dec 2008
    Location
    Jakarta, ID
    Posts
    26
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by sum14rdi Click here to enlarge
    maaf......mudah2an ini menjadi solusi....coba di firewall filter anda buat rule untuk memblock koneksi dari luar yang menuju port web-proxy anda (ada yang pake 3128 atau 8080, sesuaikan saja dengan settingan anda)...

    klo liat gambarnya :
    1. anda pake speedy
    2. yang dial pppoe adalah mikrotik anda bukan modem.

    jadi intinya coba pake ini


    in-interfacenya sesuaikan dengan nama pppoe client yang anda buat, klo saya pake default yaitu pppoe-out1
    Om, gw pakenya VSAT, dan ga pake PPPoE...
    jadi gmn ya?

    btw,dari analisa diatas,yg coba dilakukan adalah memblock koneksi ke web-proxy ya?
    kl gt sementara gw coba disable webproxy nya, pengen liat gmn hasilnya..

    oh iya, trus itu settingan di firewall-address list kok bisa ada ya?

    sblmnya thx bgt buat bantuannya!

  5. #4
    Status
    Offline
    sum14rdi's Avatar
    VIP Member
    Join Date
    Sep 2007
    Location
    Tambun-Bekasi
    Posts
    860
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    1 (100%)
    wah sorry bangat tebakannya salah....Click here to enlarge

    tapi intinya tetep sama saja....itu ada yang pake resource web-proxy anda...makanya sebelumnya saya bilang harap sesuaikan in-interfacenya

    klo yang ada di address-list kemungkinan ada memasang script "port scanner trap"

    scriptnya mirip2 kayak gini :
    /ip firewall filter
    add action=add-dst-to-address-list address-list="port scanner" \
    address-list-timeout=1w chain=input comment="port scanner" disabled=no \
    protocol=tcp psd=21,3s,3,1
    add action=add-dst-to-address-list address-list="port scanner" \
    address-list-timeout=1w chain=input comment="" disabled=no protocol=tcp \
    psd=21,3s,3,1 tcp-flags=fin,!syn,!rst,!psh,!ack,!urg
    add action=add-dst-to-address-list address-list="port scanner" \
    address-list-timeout=1w chain=input comment="" disabled=no protocol=tcp \
    psd=21,3s,3,1 tcp-flags=fin,syn
    add action=add-dst-to-address-list address-list="port scanner" \
    address-list-timeout=1w chain=input comment="" disabled=no protocol=tcp \
    psd=21,3s,3,1 tcp-flags=fin,rst
    add action=add-dst-to-address-list address-list="port scanner" \
    address-list-timeout=1w chain=input comment="" disabled=no protocol=tcp \
    psd=21,3s,3,1 tcp-flags=fin,psh,urg,!syn,!rst,!ack
    add action=add-dst-to-address-list address-list="port scanner" \
    address-list-timeout=1w chain=input comment="" disabled=no protocol=tcp \
    psd=21,3s,3,1 tcp-flags=fin,syn,rst,psh,ack,urg
    add action=add-dst-to-address-list address-list="port scanner" \
    address-list-timeout=1w chain=input comment="" disabled=no protocol=tcp \
    psd=21,3s,3,1 tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
    add action=drop chain=input comment="" disabled=no src-address-list=\
    "port scanner"

  6. The Following User Says Thank You to sum14rdi For This Useful Post:


  7. #5
    Status
    Offline
    Viceroy's Avatar
    Newbie
    Join Date
    Dec 2008
    Location
    Jakarta, ID
    Posts
    26
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    sip bro!
    dicoba dulu...

    thx sblmnya!!!

  8. #6
    Status
    Offline
    donipermono1982's Avatar
    Moderator
    Join Date
    Feb 2008
    Location
    Jakarta Selatan
    Posts
    2,809
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by sum14rdi Click here to enlarge
    wah sorry bangat tebakannya salah....Click here to enlarge

    tapi intinya tetep sama saja....itu ada yang pake resource web-proxy anda...makanya sebelumnya saya bilang harap sesuaikan in-interfacenya

    klo yang ada di address-list kemungkinan ada memasang script "port scanner trap"

    scriptnya mirip2 kayak gini :
    add action=add-dst-to-address-list address-list="port scanner" \
    address-list-timeout=1w chain=input comment="port scanner" disabled=no \
    protocol=tcp psd=21,3s,3,1
    add action=add-dst-to-address-list address-list="port scanner" \
    address-list-timeout=1w chain=input comment="" disabled=no protocol=tcp \
    psd=21,3s,3,1 tcp-flags=fin,!syn,!rst,!psh,!ack,!urg
    add action=add-dst-to-address-list address-list="port scanner" \
    address-list-timeout=1w chain=input comment="" disabled=no protocol=tcp \
    psd=21,3s,3,1 tcp-flags=fin,syn
    add action=add-dst-to-address-list address-list="port scanner" \
    address-list-timeout=1w chain=input comment="" disabled=no protocol=tcp \
    psd=21,3s,3,1 tcp-flags=fin,rst
    add action=add-dst-to-address-list address-list="port scanner" \
    address-list-timeout=1w chain=input comment="" disabled=no protocol=tcp \
    psd=21,3s,3,1 tcp-flags=fin,psh,urg,!syn,!rst,!ack
    add action=add-dst-to-address-list address-list="port scanner" \
    address-list-timeout=1w chain=input comment="" disabled=no protocol=tcp \
    psd=21,3s,3,1 tcp-flags=fin,syn,rst,psh,ack,urg
    add action=add-dst-to-address-list address-list="port scanner" \
    address-list-timeout=1w chain=input comment="" disabled=no protocol=tcp \
    psd=21,3s,3,1 tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
    add action=drop chain=input comment="" disabled=no src-address-list=\
    "port scanner"

    bisa di pake buat blok port yg lagi pake p2p g ya Click here to enlarge

  9. #7
    Status
    Offline
    oktama's Avatar
    Forum Guru
    Join Date
    Jul 2008
    Location
    Jayapura
    Posts
    1,929
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    kl proxyna kepake ama pihak luar yang ngga jelas sih di access listnya tinggal allow dulu jaringan internal anda trus masukin deny all Click here to enlarge

  10. #8
    Status
    Offline
    kdebugx86's Avatar
    Moderator
    Join Date
    Oct 2008
    Location
    greyarea
    Posts
    1,283
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    gambarnya kan gak jelas, tetep tidak menunjukkan ada penggunaan bandwidth berlebihan dari ip2 tertentu,

    jadi kemungkinannya banyak, bisa juga gara2 cache internal proxy penuh/gak bener.

    coba di disable aja sementara squid nya, terus pelan2 dimonitor terus apakah ada ip2 internal & external yang mencurigakan yang menyedot bandwidth besar.

    itulah jadi admin ya kudu sabar dan telaten.

 

 

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. (ask)kok mikrotik sering mati sendiri???
    By Lucky^net in forum Beginner Basics
    Replies: 20
    Last Post: 20-11-2009, 23:46
  2. [aks]Ada yang aneh di Mikrotik gua
    By Lordzion in forum General Networking
    Replies: 40
    Last Post: 26-05-2009, 01:35
  3. Aneh..Mikrotik Firewall trouble(bocor).Tolong
    By mc lod in forum Beginner Basics
    Replies: 12
    Last Post: 15-09-2008, 23:14
  4. Menu Mikrotik di Winbox aneh
    By rgiapratama in forum Beginner Basics
    Replies: 7
    Last Post: 11-09-2008, 22:39
  5. [ASK] Kadang2 koq mikrotik ku kaya stuck sendiri yah ?
    By rendyka in forum General Networking
    Replies: 6
    Last Post: 19-05-2008, 10:15

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •