Follow us on...
Follow us on G+ Follow us on Twitter Follow us on Facebook Watch us on YouTube
Register
Page 1 of 2 12 LastLast
Results 1 to 15 of 30
  1. #1
    Status
    Offline
    wp11b's Avatar
    Newbie
    Join Date
    Jul 2007
    Posts
    43
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0

    flood....again need firewall

    guys...mohon sharing u/ cegah flood...
    kalo gua torch src-address ip nya random dan dari ip international resenya hampir semua dst-port jadi ga spesifik.....pipa link international penuh gara2 ini...
    mohon sharing solusi yg ada sekarang gua sering minta ganti ip public....

  2. #2
    Status
    Offline
    sone's Avatar
    Member
    Join Date
    Aug 2007
    Posts
    266
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by wp11b Click here to enlarge
    guys...mohon sharing u/ cegah flood...
    kalo gua torch src-address ip nya random dan dari ip international resenya hampir semua dst-port jadi ga spesifik.....pipa link international penuh gara2 ini...
    mohon sharing solusi yg ada sekarang gua sering minta ganti ip public....
    Jika kamu pake mikrotik silahkan terapkan beberapa command dibawah ini:



  3. #3
    Status
    Offline
    wp11b's Avatar
    Newbie
    Join Date
    Jul 2007
    Posts
    43
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    rule2 di atas ga mempan bro....
    just FYI biasanya kalo kita pasang rule2 sprt di atas....kadang2 website seperti yahoo/yg pake https sering ga bisa di buka dan mesti sering liat adress list karena kadang2 ip dari network kita ada yg masuk address list tsb.
    karakter serangan yg gua alamin.... ip nya random, pake port 80,8080,5051

  4. #4
    Status
    Offline
    sone's Avatar
    Member
    Join Date
    Aug 2007
    Posts
    266
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by wp11b Click here to enlarge
    rule2 di atas ga mempan bro....
    just FYI biasanya kalo kita pasang rule2 sprt di atas....kadang2 website seperti yahoo/yg pake https sering ga bisa di buka dan mesti sering liat adress list karena kadang2 ip dari network kita ada yg masuk address list tsb.
    karakter serangan yg gua alamin.... ip nya random, pake port 80,8080,5051
    gak tuh, saya juga pake rule diatas, aman2 aja

    buka yahoo juga bisa, email juga bisa

    gak ada masalah

  5. #5
    Status
    Offline
    gun
    gun's Avatar
    Newbie
    Join Date
    Sep 2007
    Posts
    22
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by wp11b Click here to enlarge
    rule2 di atas ga mempan bro....
    just FYI biasanya kalo kita pasang rule2 sprt di atas....kadang2 website seperti yahoo/yg pake https sering ga bisa di buka dan mesti sering liat adress list karena kadang2 ip dari network kita ada yg masuk address list tsb.
    karakter serangan yg gua alamin.... ip nya random, pake port 80,8080,5051
    minta tolongin ajah sama isp nya mas tuk drop packet ip yang gak bisa di atasin ma router kita Click here to enlarge biar mereka drop di atas router kita ajah Click here to enlarge

  6. #6
    Status
    Offline
    uu11's Avatar
    Calon Member
    Join Date
    Aug 2007
    Posts
    74
    Reviews
    Read 0 Reviews
    Downloads
    1
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by gun Click here to enlarge
    minta tolongin ajah sama isp nya mas tuk drop packet ip yang gak bisa di atasin ma router kita Click here to enlarge biar mereka drop di atas router kita ajah Click here to enlarge
    Bener tuh memang gua juga sering alamin, udah beberapa macam obsi untuk handle tapi tetap kagak berhasil jadi jalan satu2 nya minta di atas router kita untuk drop Click here to enlarge

  7. #7
    Status
    Offline
    d3v4's Avatar
    Forum Guru
    Join Date
    Jul 2007
    Location
    di alam baka
    Posts
    1,015
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    flood itu 1/2 packet

    mau di drop juga tetep ngabisin semua bandwith

    langkah paling bagus adalah contact ISp nya bilang ilangin route dari
    network yang ngeflood di router BGP biar nggak makan bw

    klo di drop di sisi kita saja tetap ngabisin bw

  8. #8
    Status
    Offline
    sone's Avatar
    Member
    Join Date
    Aug 2007
    Posts
    266
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by d3v4 Click here to enlarge
    flood itu 1/2 packet

    mau di drop juga tetep ngabisin semua bandwith

    langkah paling bagus adalah contact ISp nya bilang ilangin route dari
    network yang ngeflood di router BGP biar nggak makan bw

    klo di drop di sisi kita saja tetap ngabisin bw
    ooo, tapi gpp dah, soalnya pake proxy ISP kok, gak di kasi tau ke ISPnya, mereka juga bakalan tau sendiri karena ada flooding (Banjir Click here to enlarge)

  9. #9
    Status
    Offline
    d3v4's Avatar
    Forum Guru
    Join Date
    Jul 2007
    Location
    di alam baka
    Posts
    1,015
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    nahhh yang jadi masalah si ISP bisa nanganin nggak Click here to enlarge

    klo ga bisa nanganin ya sama juga boong Click here to enlarge

  10. #10
    Status
    Offline
    scorpion14's Avatar
    Member Senior
    Join Date
    Sep 2007
    Posts
    306
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    coba di filter firewall masukkan
    add chain=input in-interface=Internet action=drop comment="" disabled=no

    trus allow saja IP address luar yg biasa digunakan untuk meremote mikrotik dari luar... misal

    add chain=input src-address=xxx.xxx.xxx.xxx action=accept comment="" disabled=no

    krn memang saya jg sebelumnya trafik penuh mlulu dari luar... Click here to enlarge
    akhirnya setelah saya blok total... akses dari luar... langsung adem trafik saya... aman sampe skrg

    Click here to enlarge jadi klo IP yg tidak kita allow ke mikrotik kita.. melakukan ping pun akan keluar hasilnya "request time out"

  11. #11
    Status
    Offline
    okto_2005's Avatar
    Member Super Senior
    Join Date
    Jul 2007
    Posts
    655
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    coba dulu bro klien elo ada yg pake program p2p apa engga? soalnya program p2p itu juga kaya ngeflood.... jadinya banyak ip yg masuk ke tempat elo.

  12. #12
    Status
    Offline
    wp11b's Avatar
    Newbie
    Join Date
    Jul 2007
    Posts
    43
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    thx all,
    gua baru ngeh...ini serangan nembak ke ip public, jadi interface yg ke client gua disable traffik int tetep penuh. gua coba drop pake chain input ke ip publicnya. ga tau nih ulah apaan, soalnya port2 yg di pake untuk umum. untuk rule2 firewall yg ada wiki mikrotik kadang2 memang bisa bikin ngadat akses ke web https....asli ini gua alamin ( browse ke https lemot banget,kdang lancar kadang lemot). tadinya gua pikir ini masalah mtu...

  13. #13
    Status
    Offline
    scorpion14's Avatar
    Member Senior
    Join Date
    Sep 2007
    Posts
    306
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge gmn rule yg saya dari saya dah coba gmn hasilnya ?

  14. #14
    Status
    Offline
    d3v4's Avatar
    Forum Guru
    Join Date
    Jul 2007
    Location
    di alam baka
    Posts
    1,015
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by wp11b Click here to enlarge
    thx all,
    gua baru ngeh...ini serangan nembak ke ip public, jadi interface yg ke client gua disable traffik int tetep penuh. gua coba drop pake chain input ke ip publicnya. ga tau nih ulah apaan, soalnya port2 yg di pake untuk umum. untuk rule2 firewall yg ada wiki mikrotik kadang2 memang bisa bikin ngadat akses ke web https....asli ini gua alamin ( browse ke https lemot banget,kdang lancar kadang lemot). tadinya gua pikir ini masalah mtu...
    ini adalah model full connection tcp/ip yang terjadi
    contohnya request http port 80

    Code:
    hostA -> hostB TCP 1443 > http [SYN] Seq=9766 Ack=0 Win=5840 Len=0
    hostB -> hostA TCP http > 1443 [SYN, ACK] Seq=8404 Ack=9767 Win=5792 Len=0
    hostA -> hostB TCP 1443 > http [ACK] Seq=9767 Ack=8405 Win=5840 Len=0
    hostA -> hostB HTTP HEAD/HTTP/1.1
    hostB -> hostA TCP http > 1443 [ACK] Seq=8405 Ack=9985 Win=54 Len=0
    hostB -> hostA HTTP HTTP/1.1 200 OK
    hostA -> hostB TCP 1443 > http [ACK] Seq=9985 Ack=8672 Win=6432 Len=0
    hostB -> hostA TCP http > 1443 [FIN, ACK] Seq=8672 Ack=9985 Win=54 Len=0
    hostA -> hostB TCP 1443 > http [FIN, ACK] Seq=9985 Ack=8673 Win=6432 Len=0
    hostB -> hostA TCP http > 1443 [ACK] Seq=8673 Ack=9986 Win=54
    klo model 1/2 packet cuma sampe langkah 3 aja yang terjadi..
    si penyerang pasti ngecek dulu apakah port yang akan di serang kebuka atau nggak.. setelah itu baru melakukan penyerangan.

    jadi ngirim data (SYN) request terus tanpa perlu ACK dari penerima


    klo punya elo kena flood pasti si ISP juga "belingsatan"
    abiss bandwith nya. saran gw tanya sama si ISP nya mampu nanganin flood ga ... klo nggak mending ganti sama ISP lain yang mampu.....!!!
    Last edited by d3v4; 18-09-2007 at 02:42.

  15. The Following User Says Thank You to d3v4 For This Useful Post:

    [a]

  16. #15
    Status
    Offline
    wp11b's Avatar
    Newbie
    Join Date
    Jul 2007
    Posts
    43
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    thx bro atas pencerahannya.....lumayan terang

 

 
Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Firewall - Address List
    By Dody in forum Beginner Basics
    Replies: 18
    Last Post: 21-08-2010, 17:03
  2. [Info] Auto Enable P2P Firewall Rule in certain Time
    By okto_2005 in forum Scripting @ Mikrotik
    Replies: 5
    Last Post: 05-06-2009, 00:46
  3. ask=seting firewall wat protex UDP FLOOD gmn ?
    By xxx123 in forum General Networking
    Replies: 2
    Last Post: 17-09-2007, 10:50
  4. [ask] aktif/non aktifkan suatu firewall
    By moengoet in forum Scripting @ Mikrotik
    Replies: 4
    Last Post: 28-08-2007, 13:08

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •