Follow us on...
Follow us on G+ Follow us on Twitter Follow us on Facebook Watch us on YouTube
Register
Results 1 to 9 of 9
  1. #1
    Status
    Offline
    sum14rdi's Avatar
    VIP Member
    Join Date
    Sep 2007
    Location
    Tambun-Bekasi
    Posts
    860
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    1 (100%)

    ---Sekedar berbagi link---Conficker Virus Blocking

    bagi yang mau mencoba melawan conficker, awalnya dari sini
    scriptnya ada disini
    syaratnya di setting DNS mikrotiknya harus pake openDNS, dan klo mau fetch (pada tanggal sekarang dan seterusnya) kemungkinan akan muncul error 404 alias file not find, soalnya data terakhir bertanggal 04-30-2009.
    Klo masih mau pake, mau gak mau harus donlot manual dan taruh di mikrotik.
    Kemudian scriptnya dimodif...menjadi
    #:global date [/system clock get date]
    #:global month [: pick $date 0 3]
    #:global day [: pick $date 4 6]
    #:global year [: pick $date 7 11]

    #set month to numerical value
    #:if ([$month] = "jan") do={ :set month "01" };
    #:if ([$month] = "feb") do={ :set month "02" };
    #:if ([$month] = "mar") do={ :set month "03" };
    #:if ([$month] = "apr") do={ :set month "04" };
    #:if ([$month] = "may") do={ :set month "05" };
    #:if ([$month] = "jun") do={ :set month "06" };
    #:if ([$month] = "jul") do={ :set month "07" };
    #:if ([$month] = "aug") do={ :set month "08" };
    #:if ([$month] = "sep") do={ :set month "09" };
    #:if ([$month] = "oct") do={ :set month "10" };
    #:if ([$month] = "nov") do={ :set month "11" };
    #:if ([$month] = "dec") do={ :set month "12" };

    #download current days domain list
    #/tool fetch address=www.epicwinrar.com src-path="/conficker/$month-$day-$year.txt";
    #:log info "Download Complete";
    #:delay 2;

    #check to ensure todays file exists before deleting yesterdays list
    :log info "Begining Address List Modification"
    #:if ( [/file get [/file find name="$month-$day-$year.txt"] size] > 0 ) do={
    :if ( [/file get [/file find name="04-30-2009.txt"] size] > 0 ) do={
    /ip firewall address-list remove [/ip firewall address-list find list=daily-conficker];

    # :local content [/file get [/file find name="$month-$day-$year.txt"] contents] ;
    :local content [/file get [/file find name="04-30-2009.txt"] contents] ;
    :local contentLen [ :len $content ] ;

    :local lineEnd 0;
    :local line "";
    :local lastEnd 0;

    :do {
    :set lineEnd [:find $content "\n" $lastEnd ] ;
    :set line [: pick $content $lastEnd $lineEnd] ;
    :set lastEnd ( $lineEnd + 1 ) ;

    #resolve each new line and add to the address list daily-conficker. updated to list domain as comment
    :if ( [: pick $line 0 1] != "\n" ) do={
    :local entry [: pick $line 0 ($lineEnd ) ]
    :if ( [:len $entry ] > 0 ) do={
    :local listip [:resolve "$entry"]
    :if ($listip != "failure" ) do={
    :if ((/ip firewall address-list find list=daily-conficker address=$listip) = "") do={
    /ip firewall address-list add list=daily-conficker address=$listip comment=$entry
    :log info "$listip"
    } else={:log info "duplicate IP $entry"}
    }
    }
    }
    } while ($lineEnd < $contentLen)
    }
    :log info "Address List Modification Complete"
    #cleaning up
    #/file remove "$month-$day-$year.txt"
    ---sekedar berbagi link---

  2. The Following 16 Users Say Thank You to sum14rdi For This Useful Post:

    + Show/Hide list of the thanked


  3. #2
    Status
    Offline
    xopal's Avatar
    Member
    Join Date
    Jan 2010
    Posts
    245
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Ini masih valid bang ? aku koq failure

    Code:
     status: connecting
                                                                                                                               
      status: failed
    failure: 404 Not Found

  4. #3
    Status
    Offline
    lucubrb's Avatar
    KocokJaya Team
    Join Date
    Nov 2007
    Location
    localhost - 127.0.0.1
    Posts
    542
    Reviews
    Read 0 Reviews
    Downloads
    3
    Uploads
    0
    Feedback Score
    0
    kalo gw cuman pake ini doank Click here to enlarge

    / ip fi fi
    add chain=forward protocol=udp src-port=135-139 action=drop comment=";;Block \
    W32.Kido - Conficker" disabled=no
    add chain=forward protocol=udp dst-port=135-139 action=drop comment="" \
    disabled=no
    add chain=forward protocol=udp src-port=445 action=drop comment="" disabled=no
    add chain=forward protocol=udp dst-port=445 action=drop comment="" disabled=no
    add chain=forward protocol=tcp src-port=135-139 action=drop comment="" \
    disabled=no
    add chain=forward protocol=tcp dst-port=135-139 action=drop comment="" \
    disabled=no
    add chain=forward protocol=tcp src-port=445 action=drop comment="" disabled=no
    add chain=forward protocol=tcp dst-port=445 action=drop comment="" disabled=no
    add chain=forward protocol=tcp dst-port=4691 action=drop comment="" \
    disabled=no
    add chain=forward protocol=tcp dst-port=5933 action=drop comment="" \
    disabled=no
    add chain=forward protocol=udp dst-port=5355 action=drop comment="Block LLMNR" \
    disabled=no
    add chain=forward protocol=udp dst-port=4647 action=drop comment="" \
    disabled=no
    add action=drop chain=forward comment="SMTP Deny" disabled=no protocol=tcp \
    src-port=25
    add action=drop chain=forward comment="" disabled=no dst-port=25 protocol=tcp

  5. The Following 3 Users Say Thank You to lucubrb For This Useful Post:


  6. #4
    Status
    Online
    padang05's Avatar
    Baru Gabung
    Join Date
    Apr 2010
    Posts
    6
    Reviews
    Read 0 Reviews
    Downloads
    2
    Uploads
    0
    Feedback Score
    0
    kk kalau itu apa masih bisa print dari client ?

  7. #5
    Status
    Offline
    iyou's Avatar
    Member
    Join Date
    Aug 2008
    Location
    Luwu
    Posts
    187
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by lucubrb Click here to enlarge
    kalo gw cuman pake ini doank Click here to enlarge
    / ip fi fi
    add chain=forward protocol=udp src-port=135-139 action=drop comment=";;Block \
    W32.Kido - Conficker" disabled=no
    add chain=forward protocol=udp dst-port=135-139 action=drop comment="" \
    disabled=no
    add chain=forward protocol=udp src-port=445 action=drop comment="" disabled=no
    add chain=forward protocol=udp dst-port=445 action=drop comment="" disabled=no
    add chain=forward protocol=tcp src-port=135-139 action=drop comment="" \
    disabled=no
    add chain=forward protocol=tcp dst-port=135-139 action=drop comment="" \
    disabled=no
    add chain=forward protocol=tcp src-port=445 action=drop comment="" disabled=no
    add chain=forward protocol=tcp dst-port=445 action=drop comment="" disabled=no
    add chain=forward protocol=tcp dst-port=4691 action=drop comment="" \
    disabled=no
    add chain=forward protocol=tcp dst-port=5933 action=drop comment="" \
    disabled=no
    add chain=forward protocol=udp dst-port=5355 action=drop comment="Block LLMNR" \
    disabled=no
    add chain=forward protocol=udp dst-port=4647 action=drop comment="" \
    disabled=no
    add action=drop chain=forward comment="SMTP Deny" disabled=no protocol=tcp \
    src-port=25
    add action=drop chain=forward comment="" disabled=no dst-port=25 protocol=tcp
    trus gimana hasilanya perfect gak....
    coz di warnet aku, sepertinya ada conficker deh..
    masalahnya gini gan...
    ping ke dns sangat tinggi ketika ip client tidak diblok, padahal diclient tidak ada yang online.....
    begitu diblok ping ke dns kembali normal....

    trus saya dapat script dari forum sebelah....yang menormalkan ping
    saya coba menjalankan script tersebut di firewall...alhasil ping normal tapi........
    browsing tidak bisa.....dan anehnya lagi ping ke dns lancar....

    kira-kira letak kesalahnnya dimana yah......Click here to enlarge

    mohon bantuannya...kkClick here to enlarge

  8. #6
    Status
    Offline
    alaska's Avatar
    Newbie
    Join Date
    Mar 2010
    Posts
    33
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    mau nanya bos, brati maksudnya setelah masukin scrip di atas, nanti addres listnya akan bertambah ngga?

    saya coba ko ngga bertambah ya addres listnya

    yg saya lakukan:
    pertama download manual file ini



    lalu saya msukan kedalam files (di mikrotik)

    lalu saya jalankan scrip di atas
    Last edited by alaska; 26-04-2010 at 16:34.

  9. #7
    Status
    Offline
    ray_xtrem's Avatar
    Baru Gabung
    Join Date
    Jan 2009
    Posts
    17
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0

    Coba Ini Gan

    ip fi mangle

    chain=prerouting action=mark-connection
    new-connection-mark=conn-conficker passthrough=yes protocol=udp
    dst-port=445

    chain=prerouting action=mark-connection
    new-connection-mark=conn-conficker passthrough=yes protocol=tcp
    dst-port=445

    chain=prerouting action=mark-connection
    new-connection-mark=conn-conficker passthrough=yes protocol=tcp
    dst-port=135,137,138,139

    chain=prerouting action=mark-connection
    new-connection-mark=conn-conficker passthrough=yes protocol=udp
    dst-port=135,137,138,139

    conficker-pkt
    chain=prerouting action=mark-packet new-packet-mark=conficker-pkt
    passthrough=no connection-mark=conn-conficker

    MOhon revisi klo ada kesalahan., Click here to enlarge

  10. The Following User Says Thank You to ray_xtrem For This Useful Post:


  11. #8
    Status
    Offline
    Yudi_vmc's Avatar
    Newbie
    Join Date
    Jan 2011
    Posts
    22
    Reviews
    Read 0 Reviews
    Downloads
    2
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by ray_xtrem Click here to enlarge
    ip fi mangle

    chain=prerouting action=mark-connection
    new-connection-mark=conn-conficker passthrough=yes protocol=udp
    dst-port=445

    chain=prerouting action=mark-connection
    new-connection-mark=conn-conficker passthrough=yes protocol=tcp
    dst-port=445

    chain=prerouting action=mark-connection
    new-connection-mark=conn-conficker passthrough=yes protocol=tcp
    dst-port=135,137,138,139

    chain=prerouting action=mark-connection
    new-connection-mark=conn-conficker passthrough=yes protocol=udp
    dst-port=135,137,138,139

    conficker-pkt
    chain=prerouting action=mark-packet new-packet-mark=conficker-pkt
    passthrough=no connection-mark=conn-conficker

    MOhon revisi klo ada kesalahan., Click here to enlarge
    Om boleh nanya ya....?
    Setelah kita buatkan mangle seperti diatas nih.... aksi selanjutnya kok tidak ada ya...? Klo paket diatas sudah berjalan lancar berarti confickernya jalan juga dong ya?

    CMIIW....Click here to enlarge

  12. #9
    Status
    Offline
    carmello170's Avatar
    Baru Gabung
    Join Date
    Aug 2011
    Posts
    9
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    dicoba dulu yach gan....berbahaya memang virus ini..Click here to enlarge

 

 

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. (ask) Blocking akses berdasarkan IP dan MAC ADDRESS ?
    By sum14rdi in forum General Networking
    Replies: 4
    Last Post: 17-08-2010, 14:11
  2. Rule blocking friendster streaming
    By Dody in forum Beginner Basics
    Replies: 21
    Last Post: 29-04-2009, 22:43
  3. Tanya dan Berbagi mengenai topologi berikut
    By inderamaia in forum Beginner Basics
    Replies: 2
    Last Post: 30-10-2008, 04:15
  4. Sekedar Share : RB333 + SR5
    By adam_rachmad in forum Wireless Networking
    Replies: 12
    Last Post: 02-06-2008, 12:44

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •