Mikrotik

2 minute read

Scripts Mikrotik Untuk Keamanan Jaringan Router Mikrotik

Mencegah Port Scanner, Mencegah UDP Flood Attack, Mencegah TCP Syn Attack, Mencegah ICMP Smurf Attack, Mencegah Brute Force

Table of Contents Show

Script dibawah merupkan backup command Scripts disarankan untuk penggunaan sudah memahami pengoperasian mikrotik

Mencegah Port Scanner

/ip firewall filter
add action=add-src-to-address-list address-list="Port Scan" address-list-timeout=4w2d chain=forward comment="Mencegah port scanner" protocol=tcp psd=21,3s,3,1
add action=add-src-to-address-list address-list="Port Scan" address-list-timeout=4w2d chain=input protocol=tcp psd=21,3s,3,1
add action=drop chain=forward src-address-list="Port Scan"
add action=drop chain=input src-address-list="Port Scan"

Mencegah UDP Flood Attack

/ip firewall raw
add action=drop chain=prerouting comment="Mencegah UDP Flood Attack" dst-port=53 in-interface=pppoe-out1 protocol=udp
add action=accept chain=prerouting dst-port=53 in-interface=!pppoe-out1 limit=100,5:packet protocol=udp
add action=drop chain=prerouting dst-port=53 in-interface=!pppoe-out1 protocol=udp


jangan Lupa Set Allow Remote Request di IP > DNS

Mencegah TCP Syn Attack

/ip firewall filter add chain=input protocol=tcp connection-limit=32,1 action=add-src-to-address-list  address-list=blocked-addr address-list-timeout=1d 
/ip firewall filter add chain=input protocol=tcp src-address-list=blocked-addr connection-limit=3,32 action=tarpit 
/ip firewall filter add chain=forward protocol=tcp tcp-flags=syn connection-state=new action=jump jump-target=SYN-Protect comment="SYN Flood protect" disabled=no
/ip firewall filter add chain=SYN-Protect protocol=tcp tcp-flags=syn limit=400,5 connection-state=new action=accept comment="" disabled=no
/ip firewall filter add chain=SYN-Protect protocol=tcp tcp-flags=syn connection-state=new action=drop comment="" disabled=no
/ip settings set tcp-syncookies=yes

Mencegah ICMP Smurf Attack

/ip firewall raw
add action=drop chain=prerouting comment="Mencegah ICMP Smurf Attack" dst-address-type=broadcast protocol=icmp

/ip firewall filter
add action=drop chain=input comment="Block Ping dari interface WAN" in-interface=LAN-1 protocol=icmp

Mencegah Brute Force

/ip firewall filter
add action=drop chain=input comment="Drop anyone in Black List (SSH)" src-address-list="Black List (SSH)"
add action=jump chain=input comment="Jump to Black List (SSH) Chain" dst-port=22 jump-target="Black List (SSH) Chain" protocol=tcp
add action=add-src-to-address-list address-list="Black List (SSH)" address-list-timeout=4w2d chain="Black List (SSH) Chain" comment="Transfer repeated attempts from Black List (SSH) Stage 3 to Black List (SSH)" connection-state=new src-address-list="Black List (SSH) Stage 3"
add action=add-src-to-address-list address-list="Black List (SSH) Stage 3" address-list-timeout=1m chain="Black List (SSH) Chain" comment="Add Successive attempts to Black List (SSH) Stage 3" connection-state=new src-address-list="Black List (SSH) Stage 2"
add action=add-src-to-address-list address-list="Black List (SSH) Stage 2" address-list-timeout=1m chain="Black List (SSH) Chain" comment="Add Successive attempts to Black List (SSH) Stage 2" connection-state=new src-address-list="Black List (SSH) Stage 1"
add action=add-src-to-address-list address-list="Black List (SSH) Stage 1" address-list-timeout=1m chain="Black List (SSH) Chain" comment="Add initial attempt to Black List (SSH) Stage 1" connection-state=new
add action=return chain="Black List (SSH) Chain" comment="Return from Black List (SSH) chain"

Jika teman2 masih ada tambahan silakan tinggalkan di kolom komentar ya

Tinggalkan Balasan Batalkan balasan

Mikrotik Scripts Untuk Keamanan Jaringan Router Mikrotik

Dampak Kenaikan Dollar Bagi Ekonomi & Teknologi

Network

8 Tren Terbaru Istilah di Jaringan Internet

Trending View

Saham Syariah dan Daftar Nama Perusahaan Saham Syariah
Metode Sosiometri Serta Blanko Sosiometri
BAYANGAN Didalam Psikology
3 Daftar Router Mikrotik Dibawah 500rb
Burung Perenjak Sayap Kuning | Prinia familiars

Hand-Picked Top-Read Stories

5 Jenis Load Balance Pada MikroTik

11 Masalah Sistem Mikrotik dan solusinya

8 Tren Terbaru Istilah di Jaringan Internet

Trending Tags

Scripts Mikrotik Untuk Keamanan Jaringan Router Mikrotik

Table of Contents Show

Mencegah Port Scanner

Mencegah UDP Flood Attack

Mencegah TCP Syn Attack

Mencegah ICMP Smurf Attack

Mencegah Brute Force

Tinggalkan Balasan Batalkan balasan

Previous Post

Dampak Kenaikan Dollar Bagi Ekonomi & Teknologi

Next Post

8 Tren Terbaru Istilah di Jaringan Internet

5 Jenis Load Balance Pada MikroTik

11 Masalah Sistem Mikrotik dan solusinya

8 Tren Terbaru Istilah di Jaringan Internet

Saham Syariah dan Daftar Nama Perusahaan Saham Syariah

Metode Sosiometri Serta Blanko Sosiometri

BAYANGAN Didalam Psikology

3 Daftar Router Mikrotik Dibawah 500rb

Burung Perenjak Sayap Kuning | Prinia familiars

Scripts Mikrotik Untuk Keamanan Jaringan Router Mikrotik

Table of Contents Show

Mencegah Port Scanner

Mencegah UDP Flood Attack

Mencegah TCP Syn Attack

Mencegah ICMP Smurf Attack

Mencegah Brute Force

Tinggalkan Balasan Batalkan balasan

Previous Post

Next Post

Saham Syariah dan Daftar Nama Perusahaan Saham Syariah

Metode Sosiometri Serta Blanko Sosiometri

BAYANGAN Didalam Psikology

3 Daftar Router Mikrotik Dibawah 500rb

Burung Perenjak Sayap Kuning | Prinia familiars

Related Posts