Follow us on...
Follow us on G+ Follow us on Twitter Follow us on Facebook Watch us on YouTube
Register
Page 1 of 3 123 LastLast
Results 1 to 15 of 39
  1. #1
    Status
    Offline
    c0nf's Avatar
    Contributor
    Join Date
    Jul 2007
    Location
    Bandung, Indonesia
    Posts
    1,816
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0

    Menghadapi Para Hacker

    Code:
    /ip firewall filter
    add action=accept chain=input comment="Allow limited pings" disabled=no limit=50/5s,2 protocol=icmp
    add action=accept chain=input comment="" disabled=no limit=50/5s,2 protocol=icmp
    Chain di atas digunakan untuk membatasi ping (ddos) yang ditujukan ke router kita.

    Code:
    add action=drop chain=input comment="drop FTP Brute Forcers" disabled=no dst-port=21 protocol=tcp src-address-list=FTP_BlackList
    add action=drop chain=input comment="" disabled=no dst-port=21 protocol=tcp src-address-list=FTP_BlackList
    add action=accept chain=output comment="" content="530 Login incorrect" disabled=no dst-limit=1/1m,9,dst-address/1m protocol=tcp
    add action=add-dst-to-address-list address-list=FTP_BlackList address-list-timeout=1d chain=output comment="" content="530 Login incorrect" disabled=no protocol=tcp
    chain di atas digunakan, apabila anda terpaksa harus mengaktifkan ftp di router anda.

    Code:
    add action=drop chain=input comment="drop SSH&TELNET Brute Forcers" disabled=no dst-port=22-23 protocol=tcp src-address-list=IP_BlackList
    add action=add-src-to-address-list address-list=IP_BlackList address-list-timeout=1d chain=input comment="" connection-state=new disabled=no dst-port=22-23 protocol=tcp src-address-list=SSH_BlackList_3
    add action=add-src-to-address-list address-list=SSH_BlackList_3 address-list-timeout=1m chain=input comment="" connection-state=new disabled=no dst-port=22-23 protocol=tcp src-address-list=SSH_BlackList_2
    add action=add-src-to-address-list address-list=SSH_BlackList_2 address-list-timeout=1m chain=input comment="" connection-state=new disabled=no dst-port=22-23 protocol=tcp src-address-list=SSH_BlackList_1
    add action=add-src-to-address-list address-list=SSH_BlackList_1 address-list-timeout=1m chain=input comment="" connection-state=new disabled=no dst-port=22-23 protocol=tcp
    Chain ini digunakan untuk mengecek apakah ada aktivitas dari hacker yang mencoba untuk masuk ke router melalui port 22 (ssh) atau port 23 (telnet).
    - Pada kesempatan pertama, ip hacker akan otomatis masuk ke address list SSH_BlackList_1 selama 1 menit.
    - Apabila hacker tadi mencoba pada kesempatan kedua, maka ip nya akan masuk ke address list SSH_BlackList_2 selama 1 menit.
    - Apabila hacker tadi masih mencoba untuk masuk, maka ip nya akan masuk ke address list SSH_BlackList_3 selama 1 menit
    - Apabila hacker tadi masih mencoba sekali lagi untuk masuk ke router, maka ip hacker tsb akan masuk ke address list IP_BlackList, dan akan di banned dari router kita selama 1 hari.

    cat: harap diperhatikan bahwa rule ini berlaku untuk kita. Jadi kalau kita lupa login atau password; atau salah mengetikkan password sebanyak 4x dalam kurun waktu kurang dari 1 menit; maka ip kita akan di banned oleh router kita sendiri selama 1 hari. karenanya jangan pernah melupakan password anda sendiri.


    Code:
    add action=drop chain=input comment="drop port scanners" disabled=no src-address-list=port_scanners
    add chain=input protocol=tcp psd=21,3s,3,1 action=add-src-to-address-list addresslist="port scanners" address-list-timeout=2w comment="Port scanners to list" disabled=no
    Chain ini dipakai untuk mendaftar ip ke black-list address list. Chain selanjutnya untuk mendeteksi apakah ada indikasi aktifitas port scanner:

    Code:
    add action=add-src-to-address-list address-list=port_scanners address-list-timeout=2w chain=input comment="" disabled=no protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg
    add action=add-src-to-address-list address-list=port_scanners address-list-timeout=2w chain=input comment="" disabled=no protocol=tcp tcp-flags=fin,syn
    add action=add-src-to-address-list address-list=port_scanners address-list-timeout=2w chain=input comment="" disabled=no protocol=tcp tcp-flags=syn,rst
    add action=add-src-to-address-list address-list=port_scanners address-list-timeout=2w chain=input comment="" disabled=no protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack
    add action=add-src-to-address-list address-list=port_scanners address-list-timeout=2w chain=input comment="" disabled=no protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg
    add action=add-src-to-address-list address-list=port_scanners address-list-timeout=2w chain=input comment="" disabled=no protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
    Secara singkat, perintah di atas berarti apabila ada tanda2 serangan seperti yang sudah ditandai di atas, maka ip hacker tsb akan dimasukkan ke dalam address list port-scanner selama 2 minggu (sesuaikan berapa lama anda ingin memblock ip tsb)

  2. The Following 2 Users Say Thank You to c0nf For This Useful Post:


  3. #2
    Status
    Offline
    wandie's Avatar
    Member Super Senior
    Join Date
    Apr 2010
    Location
    banjarmasin,surabaya
    Posts
    621
    Reviews
    Read 0 Reviews
    Downloads
    5
    Uploads
    0
    Feedback Score
    0
    ini apa baiknya di gabung sama ssh bruteforced om Click here to enlarge kan satu golongan ama port scanner Click here to enlarge

  4. #3
    Status
    Offline
    c0nf's Avatar
    Contributor
    Join Date
    Jul 2007
    Location
    Bandung, Indonesia
    Posts
    1,816
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    siap sis Click here to enlarge
    Invisible...

  5. #4
    Status
    Offline
    Mas no's Avatar
    Newbie
    Join Date
    Sep 2010
    Posts
    24
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Manteb om,, di coba dolo om,,,,Click here to enlarge

  6. #5
    Status
    Offline
    singkong77's Avatar
    Member
    Join Date
    Jan 2010
    Posts
    266
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    maaf pai mau tanya, yg mencegah DDOS, kayaknya itu cuma limit trafic icmp aja deh, kalo ddos kan bisa juga lewat tcp, UDp icmp dengan paket yang besar, dan setau ane masih susah untuk ditanggulangi mungkin dapat diminimalisir dengan menggunakan model Distributed Content ato cloudcomputing CMiiw
    Last edited by singkong77; 12-12-2011 at 21:25.

  7. #6
    Status
    Offline
    iyou's Avatar
    Member
    Join Date
    Aug 2008
    Location
    Luwu
    Posts
    187
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    mantap nih... gua dah coba, sambil melototin address-list, dan ternyata banyak juga yah yang mau masuk....
    thx agan....

  8. #7
    Status
    Offline
    Vandal's Avatar
    Member
    Join Date
    May 2011
    Location
    Port 3128
    Posts
    107
    Reviews
    Read 0 Reviews
    Downloads
    2
    Uploads
    0
    Feedback Score
    0
    hanya block IP aja ya master?? kenapa gac MAC Add juga master?? Click here to enlarge

  9. #8
    Status
    Offline
    dj rebell's Avatar
    Baru Gabung
    Join Date
    Jan 2012
    Posts
    7
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    test dulu gan Click here to enlarge

  10. #9
    Status
    Offline
    Anugerah's Avatar
    Baru Gabung
    Join Date
    Mar 2012
    Posts
    1
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Mantab dah infonyaClick here to enlarge

  11. #10
    Status
    Offline
    yogii's Avatar
    Member Senior
    Join Date
    Jun 2010
    Location
    Batam - Indonesia
    Posts
    416
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    1
    Feedback Score
    0
    Click here to enlarge Originally Posted by Vandal Click here to enlarge
    hanya block IP aja ya master?? kenapa gac MAC Add juga master?? Click here to enlarge
    mac? itu layer keberapa mas, apa saya bisa nyerang router anda dengan alamat mac. Click here to enlarge
    --------------------------------------------------------------------------

    @om conf

    thengkyu om trik triknya..

  12. #11
    Status
    Offline
    msinet's Avatar
    Baru Gabung
    Join Date
    Aug 2010
    Location
    Sibuhuan
    Posts
    13
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    nais info gan, ane yg nubie ikut nyoba duluClick here to enlarge

  13. #12
    Status
    Offline
    chozy31's Avatar
    Baru Gabung
    Join Date
    Feb 2013
    Location
    Makassar
    Posts
    13
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Trima kasih ilmunya gan.. dpt tmbahan pengetahuan lg ni di dunia mikrotik..
    Salam NewbieClick here to enlarge

  14. #13
    Status
    Offline
    karimasen's Avatar
    Newbie
    Join Date
    Feb 2013
    Posts
    20
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    thanks info nya, nanti saya coba praktek dulu

  15. #14
    Status
    Offline
    Jacky Oke's Avatar
    Baru Gabung
    Join Date
    Apr 2012
    Posts
    5
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    wow...coba dlu gan

  16. #15
    Status
    Offline
    franzwahyu's Avatar
    Baru Gabung
    Join Date
    Apr 2013
    Posts
    2
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    nais info gan , ntar an coba Click here to enlarge

 

 
Page 1 of 3 123 LastLast

Thread Information

Users Browsing this Thread

There are currently 2 users browsing this thread. (0 members and 2 guests)

Similar Threads

  1. HOWTO: Menghindari Port Scanner dari Hacker
    By okto_2005 in forum Firewall
    Replies: 71
    Last Post: 28-09-2016, 09:53
  2. Replies: 62
    Last Post: 22-05-2013, 09:49
  3. Filter AP Mikrotik Di Jebol Hacker
    By Mr. WonderFULL in forum Wireless Networking
    Replies: 44
    Last Post: 11-07-2010, 17:23
  4. ask:blokir login hacker from ssh
    By hamjayo in forum General Networking
    Replies: 1
    Last Post: 30-04-2010, 19:32
  5. help. web-proxy di bobol hacker
    By Cloudly in forum General Networking
    Replies: 10
    Last Post: 18-11-2009, 18:43

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •