Follow us on...
Follow us on G+ Follow us on Twitter Follow us on Facebook Watch us on YouTube
Register
Page 3 of 28 FirstFirst 1234513 ... LastLast
Results 31 to 45 of 410
  1. #31
    Status
    Offline
    yogaponsel's Avatar
    Forum Guru
    Join Date
    Oct 2008
    Location
    "BnetAkses"
    Posts
    2,511
    Reviews
    Read 0 Reviews
    Downloads
    1
    Uploads
    0
    Feedback Score
    0
    sarkem --- firewall -- open 24 hour


    seng koyok ngene ki yo ......... Click here to enlarge
    GRC Port Authority Report created on UTC: 2010-04-27 at 13:04:43

    Results from scan of ports: 0-1055

    0 Ports Open
    0 Ports Closed
    1056 Ports Stealth
    ---------------------
    1056 Ports Tested

    ALL PORTS tested were found to be: STEALTH.

    TruStealth: FAILED - ALL tested ports were STEALTH,
    - NO unsolicited packets were received,
    - A PING REPLY (ICMP Echo) WAS RECEIVED.

  2. The Following User Says Thank You to yogaponsel For This Useful Post:


  3. #32
    Status
    Offline
    indifferentials's Avatar
    Member Senior
    Join Date
    Oct 2009
    Location
    /var/log
    Posts
    423
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by masQ Click here to enlarge
    Cara ngecek kayak begitu gimana bro??
    <-- cek port

  4. #33
    Status
    Offline
    goez's Avatar
    Newbie
    Join Date
    Jun 2008
    Posts
    48
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0

    kagak ada

    Click here to enlarge Originally Posted by indifferentials Click here to enlarge
    <-- cek port
    kagaka da mlh situs 2 iklan/.. cara nya gimana masClick here to enlarge

  5. #34
    Status
    Offline
    Indra Yd's Avatar
    Baru Gabung
    Join Date
    Apr 2010
    Posts
    2
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    ++++,.... Click here to enlarge

  6. #35
    Status
    Offline
    indifferentials's Avatar
    Member Senior
    Join Date
    Oct 2009
    Location
    /var/log
    Posts
    423
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by goez Click here to enlarge
    kagaka da mlh situs 2 iklan/.. cara nya gimana masClick here to enlarge
    klik menu "service -> shields up -> Proceed" truss pilih All Service Ports
    coba
    Last edited by indifferentials; 29-04-2010 at 21:30.

  7. The Following User Says Thank You to indifferentials For This Useful Post:


  8. #36
    Status
    Offline
    adhielesmana's Avatar
    Administrator
    Join Date
    Jan 2009
    Location
    http://www.adhielesmana.com
    Posts
    3,056
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by indifferentials Click here to enlarge
    klik menu "service -> shields up -> Proceed" truss pilih All Service Ports
    coba
    yupsz... thanks bro.. tak tambahkan di pageone biar abis baca bisa pada nyoba.. Click here to enlarge

  9. The Following 2 Users Say Thank You to adhielesmana For This Useful Post:


  10. #37
    Status
    Offline
    budakbaheula's Avatar
    Member Senior
    Join Date
    Jan 2010
    Location
    Sukabumi-Bandung
    Posts
    481
    Reviews
    Read 0 Reviews
    Downloads
    1
    Uploads
    0
    Feedback Score
    0

    share simple firewall ku disni ah....

    rb750g os 4.6
    ip public
    ip warnet
    ip wifi:


    blokir conficker ke address list
    blokir ftp ke address list
    blokir telnet ke address list
    blokir ssh ke address list
    blokir ssh brute force
    blokir port scanner ke address list
    blokir curi koneksi

    Code:
    /ip firewall filter
    add action=add-src-to-address-list address-list=Drop-Conficker \
        address-list-timeout=0s chain=input comment=Drop-Conficker disabled=no \
        dst-port=135,137,138,139,445,5933,593,4691 protocol=tcp
    add action=drop chain=input comment="" disabled=no dst-port=\
        135,137,138,139,445,5933,593,4691 protocol=tcp
    add action=add-src-to-address-list address-list=Drop-Conficker \
        address-list-timeout=0s chain=input comment="" disabled=no dst-port=\
        135,137,138,139,445 protocol=udp
    add action=drop chain=input comment="" disabled=no dst-port=\
        135,137,138,139,445 protocol=udp
    add action=add-src-to-address-list address-list=Drop-Ftp \
        address-list-timeout=0s chain=input comment=Drop-Ftp disabled=no \
        dst-port=21 protocol=tcp
    add action=drop chain=input comment="" disabled=no dst-port=21 protocol=tcp
    add action=add-src-to-address-list address-list=Drop-SSH \
        address-list-timeout=0s chain=input comment=Drop-SSH disabled=no \
        dst-port=22 protocol=tcp
    add action=drop chain=input comment="" disabled=no dst-port=22 protocol=tcp
    add action=drop chain=input comment="Drop SSH Brute Force" disabled=no \
        dst-port=22 protocol=tcp src-address-list=ssh_blacklist
    add action=add-src-to-address-list address-list=ssh_blacklist \
        address-list-timeout=1w3d chain=input comment="" connection-state=new \
        disabled=no dst-port=22 protocol=tcp src-address-list=ssh_stage3
    add action=add-src-to-address-list address-list=ssh_stage3 \
        address-list-timeout=1m chain=input comment="" connection-state=new \
        disabled=no dst-port=22 protocol=tcp src-address-list=ssh_stage2
    add action=add-src-to-address-list address-list=ssh_stage2 \
        address-list-timeout=1m chain=input comment="" connection-state=new \
        disabled=no dst-port=22 protocol=tcp src-address-list=ssh_stage1
    add action=add-src-to-address-list address-list=ssh_stage1 \
        address-list-timeout=1m chain=input comment="" connection-state=new \
        disabled=no dst-port=22 protocol=tcp
    add action=add-src-to-address-list address-list=Drop-Telnet \
        address-list-timeout=0s chain=input comment=Drop-Telnet disabled=no \
        dst-port=23 protocol=tcp
    add action=drop chain=input comment="" disabled=no dst-port=23 protocol=tcp
    add action=add-src-to-address-list address-list="port scanners" \
        address-list-timeout=2w chain=input comment="Drop Port Scanner" disabled=\
        no protocol=tcp psd=21,3s,3,1
    add action=add-src-to-address-list address-list="port scanners" \
        address-list-timeout=2w chain=input comment="" disabled=no protocol=tcp \
        tcp-flags=fin,!syn,!rst,!psh,!ack,!urg
    add action=add-src-to-address-list address-list="port scanners" \
        address-list-timeout=2w chain=input comment="" disabled=no protocol=tcp \
        tcp-flags=fin,syn
    add action=add-src-to-address-list address-list="port scanners" \
        address-list-timeout=2w chain=input comment="" disabled=no protocol=tcp \
        tcp-flags=syn,rst
    add action=add-src-to-address-list address-list="port scanners" \
        address-list-timeout=2w chain=input comment="" disabled=no protocol=tcp \
        tcp-flags=fin,psh,urg,!syn,!rst,!ack
    add action=add-src-to-address-list address-list="port scanners" \
        address-list-timeout=2w chain=input comment="" disabled=no protocol=tcp \
        tcp-flags=fin,syn,rst,psh,ack,urg
    add action=add-src-to-address-list address-list="port scanners" \
        address-list-timeout=2w chain=input comment="" disabled=no protocol=tcp \
        tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
    add action=drop chain=input comment="" disabled=no src-address-list=\
        "port scanners"
    add action=drop chain=input comment=Drop-CuriKoneksi disabled=no \
        in-interface=wifi src-address-list=!wifi
    add action=drop chain=input comment="" disabled=no in-interface=warnet \
        src-address-list=!warnet
    cat: untuk ip warnet dan ip wifi disarankan didaftarin dulu di address list,,karna ip2 yang telah didaftarkan maka akan diijinkan untuk mendapatkan koneksi dari router..dan selain ip yg didaftarkan itu maka akan di blok....cocok diimplementasikan untuk rt/rw net.
    satu lagi akang2 bisa liatin ip2 yang masuk ke address list.....Click here to enlarge bisa di cek mana yang masih default ato nggak usernamenya(spesial setingan speedy klo yg default)
    Last edited by budakbaheula; 10-05-2010 at 21:56.

  11. The Following 4 Users Say Thank You to budakbaheula For This Useful Post:


  12. #38
    Status
    Offline
    donipermono1982's Avatar
    Moderator
    Join Date
    Feb 2008
    Location
    Jakarta Selatan
    Posts
    2,810
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by budakbaheula Click here to enlarge
    rb750g os 4.6
    ip public
    ip warnet
    ip wifi:


    blokir conficker ke address list
    blokir ftp ke address list
    blokir telnet ke address list
    blokir ssh ke address list
    blokir ssh brute force
    blokir port scanner ke address list
    blokir curi koneksi

    Code:
    /ip firewall filter
    add action=add-src-to-address-list address-list=Drop-Conficker \
        address-list-timeout=0s chain=input comment=Drop-Conficker disabled=no \
        dst-port=135,137,138,139,445,5933,593,4691 protocol=tcp
    add action=drop chain=input comment="" disabled=no dst-port=\
        135,137,138,139,445,5933,593,4691 protocol=tcp
    add action=add-src-to-address-list address-list=Drop-Conficker \
        address-list-timeout=0s chain=input comment="" disabled=no dst-port=\
        135,137,138,139,445 protocol=udp
    add action=drop chain=input comment="" disabled=no dst-port=\
        135,137,138,139,445 protocol=udp
    add action=add-src-to-address-list address-list=Drop-Ftp \
        address-list-timeout=0s chain=input comment=Drop-Ftp disabled=no \
        dst-port=21 protocol=tcp
    add action=drop chain=input comment="" disabled=no dst-port=21 protocol=tcp
    add action=add-src-to-address-list address-list=Drop-SSH \
        address-list-timeout=0s chain=input comment=Drop-SSH disabled=no \
        dst-port=22 protocol=tcp
    add action=drop chain=input comment="" disabled=no dst-port=22 protocol=tcp
    add action=drop chain=input comment="Drop SSH Brute Force" disabled=no \
        dst-port=22 protocol=tcp src-address-list=ssh_blacklist
    add action=add-src-to-address-list address-list=ssh_blacklist \
        address-list-timeout=1w3d chain=input comment="" connection-state=new \
        disabled=no dst-port=22 protocol=tcp src-address-list=ssh_stage3
    add action=add-src-to-address-list address-list=ssh_stage3 \
        address-list-timeout=1m chain=input comment="" connection-state=new \
        disabled=no dst-port=22 protocol=tcp src-address-list=ssh_stage2
    add action=add-src-to-address-list address-list=ssh_stage2 \
        address-list-timeout=1m chain=input comment="" connection-state=new \
        disabled=no dst-port=22 protocol=tcp src-address-list=ssh_stage1
    add action=add-src-to-address-list address-list=ssh_stage1 \
        address-list-timeout=1m chain=input comment="" connection-state=new \
        disabled=no dst-port=22 protocol=tcp
    add action=add-src-to-address-list address-list=Drop-Telnet \
        address-list-timeout=0s chain=input comment=Drop-Telnet disabled=no \
        dst-port=23 protocol=tcp
    add action=drop chain=input comment="" disabled=no dst-port=23 protocol=tcp
    add action=add-src-to-address-list address-list="port scanners" \
        address-list-timeout=2w chain=input comment="Drop Port Scanner" disabled=\
        no protocol=tcp psd=21,3s,3,1
    add action=add-src-to-address-list address-list="port scanners" \
        address-list-timeout=2w chain=input comment="" disabled=no protocol=tcp \
        tcp-flags=fin,!syn,!rst,!psh,!ack,!urg
    add action=add-src-to-address-list address-list="port scanners" \
        address-list-timeout=2w chain=input comment="" disabled=no protocol=tcp \
        tcp-flags=fin,syn
    add action=add-src-to-address-list address-list="port scanners" \
        address-list-timeout=2w chain=input comment="" disabled=no protocol=tcp \
        tcp-flags=syn,rst
    add action=add-src-to-address-list address-list="port scanners" \
        address-list-timeout=2w chain=input comment="" disabled=no protocol=tcp \
        tcp-flags=fin,psh,urg,!syn,!rst,!ack
    add action=add-src-to-address-list address-list="port scanners" \
        address-list-timeout=2w chain=input comment="" disabled=no protocol=tcp \
        tcp-flags=fin,syn,rst,psh,ack,urg
    add action=add-src-to-address-list address-list="port scanners" \
        address-list-timeout=2w chain=input comment="" disabled=no protocol=tcp \
        tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
    add action=drop chain=input comment="" disabled=no src-address-list=\
        "port scanners"
    add action=drop chain=input comment=Drop-CuriKoneksi disabled=no \
        in-interface=wifi src-address-list=!wifi
    add action=drop chain=input comment="" disabled=no in-interface=warnet \
        src-address-list=!warnet
    cat: untuk ip warnet dan ip wifi disarankan didaftarin dulu di address list,,karna ip2 yang telah didaftarkan maka akan diijinkan untuk mendapatkan koneksi dari router..dan selain ip yg didaftarkan itu maka akan di blok....cocok diimplementasikan untuk rt/rw net.
    satu lagi akang2 bisa liatin ip2 yang masuk ke address list.....Click here to enlarge bisa di cek mana yang masih default ato nggak usernamenya(spesial setingan speedy klo yg default)
    ! wifi << kalau yg ip wifi terdaftar di clone mac nya gimana ? Click here to enlarge

  13. #39
    Status
    Offline
    budakbaheula's Avatar
    Member Senior
    Join Date
    Jan 2010
    Location
    Sukabumi-Bandung
    Posts
    481
    Reviews
    Read 0 Reviews
    Downloads
    1
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by donipermono1982 Click here to enlarge
    ! wifi << kalau yg ip wifi terdaftar di clone mac nya gimana ? Click here to enlarge
    menurutku,kalo clone mac berarti setidaknya harus tau mac yg mana yg akan di clone?setidaknya juga harus masuk dulu ke router (kecuali ada bisik2 berhadiah)....alhamdulilah ampe sekarang lancar2 aja,,blum ada yg tlp2..(mudah2an jangan)...ini juga masih nyoba2 mau ke 1 minggunya....

  14. #40
    Status
    Offline
    dingting's Avatar
    Member
    Join Date
    Jul 2008
    Posts
    277
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by adhielesmana Click here to enlarge
    Semangat Pagiiiiiiiiiiiiii !!!!!!!!!!Click here to enlarge

    Semangat adhielesmana kami pancar luaskan untuk anda.. kali ini sekedar berbagi seting firewall untuk menghalau akses yang tidak di kehendaki dari sisi publik secara simple..

    saya persembahkan :

    Simple Firewall Ampuh - Rahasia Para Tekhnisi I S P

    Fungsi : Memblok akses yang tidak di ijinkan yang datang dari arah publik. selain yang di allow. semua akses masuk dari publik akan di drop. attacker flooder maupun port scanner yang mo nembus mikrotik anda dari luar dijamin klepek klepek..
    Wan : Interface ke arah internet.
    Lan : Interface ke arah local.
    Ip Local : 192.168.0.0/16
    Media : Mikrotik - Ip Firewall Filter

    Langsung saja Jamunya...



    Code:
    ip firewall filter 
    
    add chain=forward in-interface=Wan out-interface=Lan dst-address=192.168.0.0/16 action=accept comment="Allow semua akses internet to client" disabled=no
    
    add chain=input in-interface=Wan protocol=tcp dst-port=8291 action=accept comment="Allow Remote winbox dari Publik" disabled=no
    
    add chain=input in-interface=Wan protocol=udp src-port=53 action=accept comment="Allow DNS Traffic" disabled=no
    
    add chain=input in-interface=Wan protocol=icmp action=accept comment="Allow Ping Traceroute Traffic" disabled=no  
    
    add chain=input in-interface=Wan connection-state=new action=add-src-to-address-list address-list=spam address-list-timeout=30m comment="Log Ip Yang Di Tolak" disabled=no 
    
    add chain=input in-interface=Wan action=drop comment="Drop Semua Akses yang tidak di ijinkan" disabled=no
    Bagi yang udah pinter terima kasih sudah mampir.. mohon pencerahanna agar lebih sempurna.. Bagi yang baru belajar.. silahkan di coba.. sesuaikan ip localnya, nama interface atau ether pada mikrotik anda..



    Click here to enlargeClick here to enlarge

    Selamat Pagi.. dan Terima Kasih

    Click here to enlargeClick here to enlarge




    Terima Kasih Ndan.. dah di Rate

    Click here to enlarge

    terima kasih juga udah nombol Click here to enlarge dan Click here to enlarge
    cukup forward & input aja yah mas.
    yg output ga usah yah?Click here to enlarge

  15. The Following User Says Thank You to dingting For This Useful Post:


  16. #41
    Status
    Offline
    loriyaga's Avatar
    Baru Gabung
    Join Date
    Jan 2008
    Posts
    13
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    gmana cara nerapin simple firewall ini di LoadBalance ?

    gw sempat test di GRC gw terima pesan seperti ini :

    Many Internet connection IP addresses are associated with a DNS machine name. (But yours is not.) The presence of "Reverse DNS", which allows the machine name to be retrieved from the IP address, can represent a privacy and possible security concern for Internet consumers since it may uniquely and persistently identify your Internet account — and therefore you — and may disclose other information, such as your geographic location.

    When present, reverse DNS is supported by Internet service providers. But no such lookups are possible with your current Internet connection address (125.167.xxx.xxx). That's generally a good thing.

    jadi gw harus buat dns server dolo yah ?
    Click here to enlargeClick here to enlargeClick here to enlarge

  17. #42
    Status
    Offline
    nurwai's Avatar
    Baru Gabung
    Join Date
    May 2010
    Posts
    13
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    This textual summary may be printed, or marked and copied
    for subsequent pasting into any other application:

    ----------------------------------------------------------------------

    GRC Port Authority Report created on UTC: 2010-05-26 at 08:22:28

    Results from scan of ports: 0-1055

    5 Ports Open
    1049 Ports Closed
    2 Ports Stealth
    ---------------------
    1056 Ports Tested

    Ports found to be OPEN were: 21, 22, 23, 53, 80

    Ports found to be STEALTH were: 135, 445

    Other than what is listed above, all ports are CLOSED.

    TruStealth: FAILED - NOT all tested ports were STEALTH,
    - NO unsolicited packets were received,
    - A PING REPLY (ICMP Echo) WAS RECEIVED.

    gan minta bantuanya dong nih hasil dari scanernya, dialup udah dari MK ( add defaul raouternya = no ) mohon kasih pencerahan ya gan di tunggu

  18. #43
    Status
    Offline
    adhielesmana's Avatar
    Administrator
    Join Date
    Jan 2009
    Location
    http://www.adhielesmana.com
    Posts
    3,056
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by dingting Click here to enlarge
    cukup forward & input aja yah mas.
    yg output ga usah yah?Click here to enlarge
    Cukup ikuti aja klo ga mudeng...

    apa itu forward apa itu input apa itu output silahkan di pelajari dibagian beginner basic. jadi biar anda paham kenapa saya pake forward dan input aja..

  19. The Following User Says Thank You to adhielesmana For This Useful Post:


  20. #44
    Status
    Offline
    adhielesmana's Avatar
    Administrator
    Join Date
    Jan 2009
    Location
    http://www.adhielesmana.com
    Posts
    3,056
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by loriyaga Click here to enlarge
    gmana cara nerapin simple firewall ini di LoadBalance ?

    gw sempat test di GRC gw terima pesan seperti ini :

    Many Internet connection IP addresses are associated with a DNS machine name. (But yours is not.) The presence of "Reverse DNS", which allows the machine name to be retrieved from the IP address, can represent a privacy and possible security concern for Internet consumers since it may uniquely and persistently identify your Internet account — and therefore you — and may disclose other information, such as your geographic location.

    When present, reverse DNS is supported by Internet service providers. But no such lookups are possible with your current Internet connection address (125.167.xxx.xxx). That's generally a good thing.

    jadi gw harus buat dns server dolo yah ?
    Click here to enlargeClick here to enlargeClick here to enlarge
    Tutorial saya SUDAH DAN TERBUKTI BISA Saya terapkan di Berbagai Model Load Balancing. Firewall Tersebut tidak ada pengaruh dengan load balancing yang selama ini umum di gunakan.

    Silahkan di cermati dlu.. di tutorial tersebut sudah ada rule allow DNS dan lain sebagainya.. kalau anda punya 2 line.. buat saja masing masing 2 x rule tersebut.. beres..

  21. #45
    Status
    Offline
    faiz_mahbob's Avatar
    Member
    Join Date
    Sep 2009
    Posts
    248
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    kemaren aku pake firewal yang sama kaya om budakbaheula.
    tapi pas aku upload file ke RB pake filezila . . . seketika itu juga . . . RB ngga bisa di remote sama sekali, baik dari winbox, dari webbox, dari FTP, PUTTY, semua ke blok Click here to enlargetapi masih bisa dipake internetnya

    karena panik dan ngga bisa ngapa-ngapain dan bingung, dasar goblok dan lain sebagainya, pake jalan pintas cabut kabel power adaptornya Click here to enlarge
    begitu nyala bisa remote lagi.

    Om-om yang udah jendral bisakah menjelaskannya pada saya, kenapa itu?
    sekarang rule filter disable dulu

    makasih,,,,,

 

 
Page 3 of 28 FirstFirst 1234513 ... LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. firewall ku krg ampuh
    By terjunbebas in forum Beginner Basics
    Replies: 12
    Last Post: 16-08-2011, 11:11
  2. setting firewall
    By suck-kay in forum Beginner Basics
    Replies: 2
    Last Post: 08-01-2010, 23:34
  3. Firewall & Web-Proxy
    By kacokale in forum Beginner Basics
    Replies: 0
    Last Post: 16-07-2009, 21:34
  4. (help) firewall server
    By durjay in forum General Networking
    Replies: 9
    Last Post: 28-04-2009, 12:44
  5. flood....again need firewall
    By wp11b in forum General Networking
    Replies: 29
    Last Post: 14-01-2008, 17:38

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •