999K
123K
970K
0
0
0
dark
Hand-Picked Top-Read Stories
Trending Tags
2 minute read

Scripts Mikrotik Untuk Keamanan Jaringan Router Mikrotik

Mencegah Port Scanner, Mencegah UDP Flood Attack, Mencegah TCP Syn Attack, Mencegah ICMP Smurf Attack, Mencegah Brute Force
Mikrotik security
Total
0
Shares
0
0
0
0
0
0
Table of Contents Hide
  1. Mencegah Port Scanner
  2. Mencegah UDP Flood Attack
  3. Mencegah TCP Syn Attack
  4. Mencegah ICMP Smurf Attack
  5. Mencegah Brute Force

Script dibawah merupkan backup command Scripts disarankan untuk penggunaan sudah memahami pengoperasian mikrotik

Mencegah Port Scanner

/ip firewall filter
add action=add-src-to-address-list address-list="Port Scan" address-list-timeout=4w2d chain=forward comment="Mencegah port scanner" protocol=tcp psd=21,3s,3,1
add action=add-src-to-address-list address-list="Port Scan" address-list-timeout=4w2d chain=input protocol=tcp psd=21,3s,3,1
add action=drop chain=forward src-address-list="Port Scan"
add action=drop chain=input src-address-list="Port Scan"

Mencegah UDP Flood Attack

/ip firewall raw
add action=drop chain=prerouting comment="Mencegah UDP Flood Attack" dst-port=53 in-interface=pppoe-out1 protocol=udp
add action=accept chain=prerouting dst-port=53 in-interface=!pppoe-out1 limit=100,5:packet protocol=udp
add action=drop chain=prerouting dst-port=53 in-interface=!pppoe-out1 protocol=udp


jangan Lupa Set Allow Remote Request di IP > DNS

Mencegah TCP Syn Attack

/ip firewall filter add chain=input protocol=tcp connection-limit=32,1 action=add-src-to-address-list  address-list=blocked-addr address-list-timeout=1d 
/ip firewall filter add chain=input protocol=tcp src-address-list=blocked-addr connection-limit=3,32 action=tarpit 
/ip firewall filter add chain=forward protocol=tcp tcp-flags=syn connection-state=new action=jump jump-target=SYN-Protect comment="SYN Flood protect" disabled=no
/ip firewall filter add chain=SYN-Protect protocol=tcp tcp-flags=syn limit=400,5 connection-state=new action=accept comment="" disabled=no
/ip firewall filter add chain=SYN-Protect protocol=tcp tcp-flags=syn connection-state=new action=drop comment="" disabled=no
/ip settings set tcp-syncookies=yes

Mencegah ICMP Smurf Attack

/ip firewall raw
add action=drop chain=prerouting comment="Mencegah ICMP Smurf Attack" dst-address-type=broadcast protocol=icmp

/ip firewall filter
add action=drop chain=input comment="Block Ping dari interface WAN" in-interface=LAN-1 protocol=icmp

Mencegah Brute Force

/ip firewall filter
add action=drop chain=input comment="Drop anyone in Black List (SSH)" src-address-list="Black List (SSH)"
add action=jump chain=input comment="Jump to Black List (SSH) Chain" dst-port=22 jump-target="Black List (SSH) Chain" protocol=tcp
add action=add-src-to-address-list address-list="Black List (SSH)" address-list-timeout=4w2d chain="Black List (SSH) Chain" comment="Transfer repeated attempts from Black List (SSH) Stage 3 to Black List (SSH)" connection-state=new src-address-list="Black List (SSH) Stage 3"
add action=add-src-to-address-list address-list="Black List (SSH) Stage 3" address-list-timeout=1m chain="Black List (SSH) Chain" comment="Add Successive attempts to Black List (SSH) Stage 3" connection-state=new src-address-list="Black List (SSH) Stage 2"
add action=add-src-to-address-list address-list="Black List (SSH) Stage 2" address-list-timeout=1m chain="Black List (SSH) Chain" comment="Add Successive attempts to Black List (SSH) Stage 2" connection-state=new src-address-list="Black List (SSH) Stage 1"
add action=add-src-to-address-list address-list="Black List (SSH) Stage 1" address-list-timeout=1m chain="Black List (SSH) Chain" comment="Add initial attempt to Black List (SSH) Stage 1" connection-state=new
add action=return chain="Black List (SSH) Chain" comment="Return from Black List (SSH) chain"

Jika teman2 masih ada tambahan silakan tinggalkan di kolom komentar ya

Total
0
Shares
Share 0
Tweet 0
Pin it 0
Share 0
Share 0
Share 0
Tinggalkan Balasan

Alamat email Anda tidak akan dipublikasikan. Ruas yang wajib ditandai *

Previous Post
Mikrotik Scripts Untuk Keamanan Jaringan Router Mikrotik

Dampak Kenaikan Dollar Bagi Ekonomi & Teknologi

Total
0
Share
0
0
0
0
0
0
0