Saturday, June 18, 2011

Anti DDoS di Mikrotik

ip firewall filter add chain=input protocol=tcp dst-port=1337 action= add-src-to-address-list address-list=DDOS address-list-timeout=15s comment=”" disabled=no
ip firewall filter add chain=input protocol=tcp dst-port=7331 src-address-list=knock action= add-src-to-address-list address-list=DDOS address-list-timeout=15m comment=”" disabled=no

ip firewall filter add chain=input connection-state=established action=accept comment=”accept established connection packets” disabled=no
ip firewall filter add chain=input connection-state=related action=accept comment=”accept related connection packets” disabled=no
ip firewall filter add chain=input connection-state=invalid action=drop comment=”drop Paket Invalid” disabled=no

ip firewall filter add chain=input protocol=tcp psd=21,3s,3,1 action=drop comment=”Mendetek serangan Port Scaner” disabled=no
ip firewall filter add chain=input protocol=tcp connection-limit=3,32 src-address-list=black_list action=tarpit comment=”Bikin kejutan ke ip penyerang” disabled=no
ip firewall filter add chain=input protocol=tcp connection-limit=10,32 action=add-src-to-address-list address-list=black_list address-list-timeout=1d comment=”Masukin ke karung Ip penyerang” disabled=no

ip firewall filter add chain=input protocol=icmp action=jump jump-target=ICMP comment=”jump chain ICMP” disabled=no
ip firewall filter add chain=input action=jump jump-target=services comment=”jump chain service” disabled=no

ip firewall filter add chain=input dst-address-type=broadcast action=accept comment=”Allow Broadcast Traffic” disabled=no

ip firewall filter add chain=input action=log log-prefix=”Filter:” comment=”Catat kegiatan penyerang” disabled=no

ip firewall filter add chain=input src-address=Subnet WAN action=accept comment=”List Ip yang boleh akses ke router”
ip firewall filter add chain=input src-address=Subnet Lan action=accept
ip firewall filter add chain=input src-address=Subnet DMZ action=accept
ip firewall filter add chain=input action=drop comment=”Blok Semua yang aneh2″ disabled=no

ip firewall filter add chain=ICMP protocol=icmp icmp-options=0:0-255 limit=5,5 action=accept comment=”0:0 dan limit utk 5pac/s” disabled=no
ip firewall filter add chain=ICMP protocol=icmp icmp-options=3:3 limit=5,5 action=accept comment=”3:3 dan limit utk 5pac/s” disabled=no
ip firewall filter add chain=ICMP protocol=icmp icmp-options=3:4 limit=5,5 action=accept comment=”3:4 dan limit for 5pac/s” disabled=no
ip firewall filter add chain=ICMP protocol=icmp icmp-options=8:0-255 limit=5,5 action=accept comment=”8:0 and limit utk 5pac/s” disabled=no
ip firewall filter add chain=ICMP protocol=icmp icmp-options=11:0-255 limit=5,5 action=accept comment=”11:0 and limit utk 5pac/s” disabled=no
ip firewall filter add chain=ICMP protocol=icmp action=drop comment=”Blok semua yang aneh2″ disabled=no

ip firewall filter add chain=forward protocol=icmp comment=”Perbolehkan ping”
ip firewall filter add chain=forward protocol=udp comment=”Perbolehkan ke udp”
ip firewall filter add chain=forward src-address=Subnet WAN action=accept comment=”Akses hanya dari ip terdaftar”
ip firewall filter add chain=forward src-address=Subnet LAN action=accept
ip firewall filter add chain=forward src-address=Subnet DMZ action=accept
ip firewall filter add chain=forward action=drop comment=”blok semua yang aneh2″
Share:

1 comments:

  1. nah bagai mana jika serangannya denan UDP...?
    apa benar2 bisa diblok atwa hanya bisa di minimalsir...?

    ReplyDelete

Followers

Total Pageviews

Definition List

Unordered List

Support