Follow us on...
Follow us on G+ Follow us on Twitter Follow us on Facebook Watch us on YouTube
Register
Page 1 of 3 123 LastLast
Results 1 to 15 of 33

Thread: cara block P2P

  1. #1
    Status
    Offline
    emruxc's Avatar
    Calon Member
    Join Date
    Oct 2007
    Posts
    86
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0

    Question cara block P2P

    Pagi semuanya..


    minta tolong dunk, gimana cara block semua jenis P2P dari mikrotik.. biar bandwidth gak kemakan semua.. (limewire, bearshare, imesh. dll).. tolong ya kasih tau caranya..

  2. #2
    Status
    Offline
    anjis's Avatar
    Newbie
    Join Date
    Jul 2007
    Posts
    56
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Pake simple queue, setting di bagian advance trus tentuin deh limitnya.
    Trus taruh posisinya di bagian atas list

  3. #3
    Status
    Offline
    emruxc's Avatar
    Calon Member
    Join Date
    Oct 2007
    Posts
    86
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    sorri, gak paham nich masih baru.. bisa dijelaskan lebih rinci??

  4. #4
    Status
    Offline
    lonthong2002's Avatar
    Member Senior
    Join Date
    Jul 2007
    Location
    Malang
    Posts
    397
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    1 (100%)
    coba pake ini :

    firewall mangle :

    chain=prerouting p2p=all-p2p action=mark-connection
    new-connection-mark=p2p_conn passthrough=yes

    chain=prerouting p2p=all-p2p action=mark-packet new-packet-mark=p2p-mp
    passthrough=no


    Firewall filter:


    chain=forward src-address=[ blok ip client] p2p=all-p2p action=drop



    mudah mudahan bisa .. di tmptku pake ituClick here to enlargeClick here to enlarge

  5. The Following 2 Users Say Thank You to lonthong2002 For This Useful Post:


  6. #5
    Status
    Offline
    emruxc's Avatar
    Calon Member
    Join Date
    Oct 2007
    Posts
    86
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    OK.. saya coba dulu ya?? thx atas jawabannya

  7. #6
    Status
    Offline
    emruxc's Avatar
    Calon Member
    Join Date
    Oct 2007
    Posts
    86
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Mas, kok limewire kok masih bisa diakses ya?? saya ingin semua jenis P2P di blok semua, saya coba drop port di firewall filter juga gak berpengaruh.. ada cara yg lebih jitu gak mas??


    thx









    Click here to enlarge Originally Posted by lonthong2002 Click here to enlarge
    coba pake ini :

    firewall mangle :

    chain=prerouting p2p=all-p2p action=mark-connection
    new-connection-mark=p2p_conn passthrough=yes

    chain=prerouting p2p=all-p2p action=mark-packet new-packet-mark=p2p-mp
    passthrough=no


    Firewall filter:


    chain=forward src-address=[ blok ip client] p2p=all-p2p action=drop



    mudah mudahan bisa .. di tmptku pake ituClick here to enlargeClick here to enlarge

  8. #7
    Status
    Offline
    lonthong2002's Avatar
    Member Senior
    Join Date
    Jul 2007
    Location
    Malang
    Posts
    397
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    1 (100%)
    kalau gak bisa diblok coba dilimit aja.....he he he.. mungkin lime wire nya nakal kalee... btw tapi aplikasi limewire nya kedetec sama mikrotik engga? kalau kedetec sih dilimit aja....Click here to enlargeClick here to enlargeClick here to enlarge

  9. #8
    Status
    Offline
    NGERI's Avatar
    Newbie
    Join Date
    Sep 2007
    Location
    Mataram
    Posts
    64
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    kalo sya pake jurus blok semua port p2p... lumayan berhasil...

    #yang ini membatasi akses user yang masuk ke router
    add chain=input connection-state=established action=accept comment="Allow Established connections" disabled=no
    add chain=input src-address=192.168.100.0/24 dst-address=192.168.100.1 protocol=udp dst-port=53 action=accept comment="Allow UDP" disabled=no
    add chain=input protocol=icmp action=accept comment="Allow ICMP" disabled=no
    add chain=input src-address=192.168.100.125 dst-address=192.168.100.1 dst-port=8291 action=accept disabled=no
    add chain=input src-address=192.168.100.61 dst-address=192.168.100.1 dst-port=8291 action=accept disabled=no
    add chain=input action=drop comment="Drop anything else" disabled=no


    #yang ini blok p2p
    add chain=forward protocol=tcp connection-state=invalid action=drop comment="drop invalid connections" disabled=no
    add chain=forward p2p=all-p2p action=drop comment="drop p2p"
    add chain=forward protocol=tcp dst-port=6346-6348 action=drop
    add chain=forward protocol=tcp dst-port=41170 action=drop
    add chain=forward protocol=tcp dst-port=28864-28865 action=drop
    add chain=forward protocol=tcp dst-port=8888-8889 action=drop
    add chain=forward protocol=tcp dst-port=8311 action=drop
    add chain=forward protocol=tcp dst-port=7668 action=drop
    add chain=forward protocol=tcp dst-port=6881-6889 action=drop
    add chain=forward protocol=tcp dst-port=6969 action=drop
    add chain=forward protocol=tcp dst-port=5500-5503 action=drop
    add chain=forward protocol=tcp dst-port=4762 action=drop
    add chain=forward protocol=tcp dst-port=4661-4665 action=drop
    add chain=forward protocol=tcp dst-port=4329 action=drop
    add chain=forward protocol=tcp dst-port=1214 action=drop
    add chain=forward protocol=tcp dst-port=1044-1045 action=drop
    add chain=forward protocol=tcp dst-port=412 action=drop
    #yang ini bener-bener cuma melewatkan port 53, selain itu drop... memang sedikit terlalu ketat...
    add chain=forward protocol=udp dst-port=53 action=accept
    add chain=forward protocol=udp action=drop
    add chain=forward connection-state=established action=accept comment="allow already established connections" disabled=no
    add chain=forward connection-state=related action=accept comment="allow related connections" disabled=no

    oke semoga bermanfaat.
    Click here to enlarge

  10. The Following 4 Users Say Thank You to NGERI For This Useful Post:


  11. #9
    Status
    Offline
    lonthong2002's Avatar
    Member Senior
    Join Date
    Jul 2007
    Location
    Malang
    Posts
    397
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    1 (100%)
    bung NGERI emang MANTAPSSSSClick here to enlargeClick here to enlargeClick here to enlargeClick here to enlargeClick here to enlarge

  12. #10
    Status
    Offline
    jhoe412's Avatar
    Member
    Join Date
    Nov 2007
    Posts
    116
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0

    Smile

    Click here to enlarge Originally Posted by emruxc Click here to enlarge
    Pagi semuanya..


    minta tolong dunk, gimana cara block semua jenis P2P dari mikrotik.. biar bandwidth gak kemakan semua.. (limewire, bearshare, imesh. dll).. tolong ya kasih tau caranya..
    kalau q gini....
    Code:
    add chain=forward src-address=192.168.12.0/24 p2p=all-p2p action=drop
    penjelasn:

    1. 192.168.12.0/24 adalah IP lokal
    2. p2p=all adalah kita akan mengeblock semua p2p


    Gitu....sejauh ini berhasil tu...

  13. #11
    Status
    Offline
    okto_2005's Avatar
    Member Super Senior
    Join Date
    Jul 2007
    Posts
    655
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    gini.....

    tidak mungkin bisa memblok semua port p2p soalnya sekarang progie2 client tsb udah bisa meng-encrypt dan kalo misalnya port diblok, biasanya memakai port http biasa untuk koneksi keluar....

    mending lebih baik....
    dengan cara memblok port p2p dari firewall rule dan mangle packet p2pnya dan kasi queue bisa pake simple queue ato queue tree beberapa kilobit saja.

  14. #12
    Status
    Offline
    berut's Avatar
    Newbie
    Join Date
    Oct 2007
    Posts
    30
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by okto_2005 Click here to enlarge
    gini.....

    tidak mungkin bisa memblok semua port p2p soalnya sekarang progie2 client tsb udah bisa meng-encrypt dan kalo misalnya port diblok, biasanya memakai port http biasa untuk koneksi keluar....

    mending lebih baik....
    dengan cara memblok port p2p dari firewall rule dan mangle packet p2pnya dan kasi queue bisa pake simple queue ato queue tree beberapa kilobit saja.
    bisa dijelasin lebih detail lagi bro??

  15. The Following User Says Thank You to berut For This Useful Post:


  16. #13
    Status
    Offline
    septiadi's Avatar
    Newbie
    Join Date
    Jul 2007
    Posts
    69
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    klo saya sih pake ini

    ip firewall mangle
    Code:
    add chain=prerouting p2p=all-p2p action=mark-connection new-connection-mark=P2P-conn passthrough=yes comment="P2P Connection" disabled=no 
    add chain=prerouting connection-mark=P2P-conn action=mark-packet new-packet-mark=P2P-Packet passthrough=no comment="P2P Packet" disabled=no
    ip firewall filter
    Code:
    add chain=P2P packet-mark=P2P-Packet action=drop 
    add chain=P2P p2p=all-p2p action=drop 
    add chain=forward action=jump jump-target=P2P 
    add chain=output action=jump jump-target=P2P 
    add chain=input action=jump jump-target=P2P
    emang sih masih bisa buka list donlot tp begitu start donlot 0% terus ga jalan2 donlotnya (limewire sama bearshare)
    lom coba p2p lainnya

  17. #14
    Status
    Offline
    jhoe412's Avatar
    Member
    Join Date
    Nov 2007
    Posts
    116
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0

    Smile Tapi sejauh ini berhasil bro...

    Click here to enlarge Originally Posted by okto_2005 Click here to enlarge
    gini.....

    tidak mungkin bisa memblok semua port p2p soalnya sekarang progie2 client tsb udah bisa meng-encrypt dan kalo misalnya port diblok, biasanya memakai port http biasa untuk koneksi keluar....

    mending lebih baik....
    dengan cara memblok port p2p dari firewall rule dan mangle packet p2pnya dan kasi queue bisa pake simple queue ato queue tree beberapa kilobit saja.
    Sejauh ini berhasil2 aja tuh...bro daftar p2p yang sudah disediakan Mikrotik ke block semua..... tapi entahlah kalau ada p2p yang bisa membelokin ke port http wah bisa berabe tu bro..... n ceritanya ini sama IDMClick here to enlarge tapi endak papalah dari pada tidak di block....

  18. #15
    Status
    Offline
    donipermono1982's Avatar
    Moderator
    Join Date
    Feb 2008
    Location
    Jakarta Selatan
    Posts
    2,809
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0

    Serangan p2p berlanjut

    ceritanya di mulai dari blinking di modem yg terlihat seperti ada trafik tinggi namun setelah di liat di mikrotik ga ada yg onlineClick here to enlarge, setelah di telusuri ketemulah user yang di curigai memakai p2p ini dan di torch memang bener user ini memakai p2p buat download Click here to enlarge semua bw habis terpakai ke user tsb, langkai preventif saya coba ikuti rule di atas ini, dan memang terbukti berhasil , namun ada sedikit pertanyaan dalam hati yg belum terselesaikan.

    1. user tersebut sekarang sudah bisa di kendalikan, terkadang di simple queue tidak terlihat trafik yg lewat padahal dia sedang download..
    2. saya torch ip tsb saya liat dst port p2p selalu berubah setiap x saya blok ip tsb, seperti contoh saya blok 2500-3000 dalam beberapa menit kemudian dia akan naik perlahan sampai akhirnya melewati port yg saya blok tsb. pertanyaan saya apakah user berarti melewati rule yg saya buat jika sudah melewati port yang saya blok. dan rule saya tidak terpakai.
    3.ada kah yg tau cara blok all p2p lewat l7
    4.bagaimana melimit user tsb jika terdeteksi memakai p2p.

    mungkin itu dulu pertanyaan saya.


    sebelumnya terima kasih.Click here to enlarge

 

 
Page 1 of 3 123 LastLast

Thread Information

Users Browsing this Thread

There are currently 2 users browsing this thread. (0 members and 2 guests)

Similar Threads

  1. help block web di mikrotik
    By desukajo in forum General Networking
    Replies: 3
    Last Post: 31-10-2012, 12:21
  2. cara block Smpt dan POP3?
    By hen2drx in forum Beginner Basics
    Replies: 13
    Last Post: 28-10-2007, 11:59
  3. ASK, How to block http://routerip
    By alternativi in forum Beginner Basics
    Replies: 2
    Last Post: 17-10-2007, 02:11
  4. Block/Limit P2P [ARES]
    By firlando in forum General Networking
    Replies: 9
    Last Post: 21-09-2007, 14:49
  5. Port block
    By firlando in forum General Networking
    Replies: 1
    Last Post: 19-09-2007, 21:51

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •