T-com abuse

[hostgator]

Vecer svima,

evo veceras tj. popodne t-com me iskljucio s interneta.
U razgovoru s agentom isti mi govori kako mu je prijavljeno da moram zatvoriti port 53 jer da preko njega navodno su slani virusi sa moje IP adrese.
Interesira me ako zatvorim u mikrotiku port 53:

Code:

/ip firewall filter
add chain=forward action=drop dst-port=53 protocol=tcp

dali cu imati problema sa DNS-om??

[Pomo]

http://forum.mikrotik.com/viewtopic.php?t=69677
Ako te tješi, istu stvar sam i ja izveo, uključio dns caching, bez da sam blokirao requestove s Interneta .
Rezultat je 5-6 mailova od abuse službe.
Sve ti je objašnjeno u linku.

[dadoremix]

A jel imas i pppoe sa mikrotika?
Da mikrotik zove neta?
Ili je modem i dalje u router mode?
Ili je modem u bridge i mikrotik je gazda?
Ocito je mikrotik postao dns spamer


Sent from my iPhone using Tapatalk Pro

[hostgator]

Da mikrotik je u ppoe, modem od tcoma je u bridge modu.
Sto mi savjetujete da napravim da me ne izgase ponovno jer mi prijete sa 7 dana iskljucenja.
Bolje da nemam tople vode nego interneta

[dadoremix]

Citiraj:

/ip firewall filter
add action=drop chain=input comment="drop port 21 s neta" dst-port=21 \
in-interface=xVdsl protocol=tcp
add action=drop chain=input comment="drop ssh brute forcers" dst-port=22 \
protocol=tcp src-address-list=ssh_blacklist
add action=add-src-to-address-list address-list=ssh_blacklist \
address-list-timeout=1w3d chain=input connection-state=new dst-port=22 \
protocol=tcp src-address-list=ssh_stage3
add action=add-src-to-address-list address-list=ssh_stage3 \
address-list-timeout=1m chain=input connection-state=new dst-port=22 \
protocol=tcp src-address-list=ssh_stage2
add action=add-src-to-address-list address-list=ssh_stage2 \
address-list-timeout=1m chain=input connection-state=new dst-port=22 \
protocol=tcp src-address-list=ssh_stage1
add action=add-src-to-address-list address-list=ssh_stage1 \
address-list-timeout=1m chain=input connection-state=new dst-port=22 \
protocol=tcp
add action=drop chain=input dst-port=22 protocol=tcp
add action=drop chain=input comment="drop 23 s neta" dst-port=23 \
in-interface=xVdsl protocol=tcp
add action=drop chain=input comment="drop httpa s neta" dst-port=80 \
in-interface=xVdsl protocol=tcp
add action=drop chain=input comment="drop dns-a tcp s neta" dst-port=53 \
in-interface=xVdsl protocol=tcp
add action=drop chain=input comment="drop dns-a udp s neta" dst-port=53 \
in-interface=xVdsl protocol=udp
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input comment="port scanners to list" \
protocol=tcp psd=21,3s,3,1
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input comment="NMAP FIN Stealth scan" \
protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input comment="SYN/FIN scan" protocol=tcp \
tcp-flags=fin,syn
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input comment="SYN/RST scan" protocol=tcp \
tcp-flags=syn,rst
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input comment="FIN/PSH/URG scan" protocol=\
tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input comment="NMAP NULL scan" protocol=tcp \
tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input comment="ALL/ALL scan" protocol=tcp \
tcp-flags=fin,syn,rst,psh,ack,urg
add action=drop chain=input comment="dropping port scanners" in-interface=\
xVdsl src-address-list="port scanners"
add action=drop chain=forward comment="dropamo smtp - radi wormova" dst-port=\
25 protocol=tcp src-address=172.16.0.0/24 src-address-list=\
"!SMTP/mail - dozvoljeno"
add action=reject chain=firewall dst-port=9 protocol=tcp
add action=reject chain=firewall dst-port=13 protocol=tcp
add action=reject chain=firewall dst-port=110 protocol=tcp
add action=reject chain=firewall dst-port=199 protocol=tcp
add action=reject chain=firewall dst-port=587 protocol=tcp
add action=reject chain=firewall dst-port=199 protocol=tcp
add action=reject chain=firewall dst-port=587 protocol=tcp
add action=reject chain=firewall dst-port=995 protocol=tcp
add action=reject chain=firewall dst-port=3306 protocol=tcp
add action=reject chain=firewall dst-port=2601 protocol=tcp
add action=reject chain=firewall dst-port=2602 protocol=tcp
add action=reject chain=firewall dst-port=953 protocol=tcp
add action=reject chain=firewall dst-port=55696 protocol=tcp
add action=reject chain=firewall dst-port=33343 protocol=tcp
add action=drop chain=firewall comment="msblast worm" dst-port=4444 protocol=\
tcp
add action=drop chain=firewall comment="WITTY worm" dst-port=4000 protocol=\
tcp
add action=drop chain=firewall comment="msblast worm" dst-port=593 protocol=\
tcp
add action=drop chain=firewall comment="SoBig.f worm" dst-port=8998 protocol=\
tcp
add action=drop chain=firewall comment="SoBig.f worm" dst-port=995-999 \
protocol=tcp
add action=drop chain=firewall comment="beagle worm" dst-port=2745 protocol=\
tcp
add action=drop chain=firewall comment="beagle worm" dst-port=4751 protocol=\
tcp
add action=drop chain=firewall comment="SQL Slammer" dst-port=1434 protocol=\
tcp
add action=drop chain=firewall comment="Known Spammer" src-address=\
81.180.98.3
add action=drop chain=firewall comment="Known Spammer" src-address=\
24.73.97.226
add action=drop chain=firewall comment=\
"Zlocesti serveri - http://isc.incidents.org/top10.html" src-address=\
202.99.11.99
add action=drop chain=firewall src-address=61.139.54.94
add action=drop chain=firewall src-address=218.75.199.50
add action=drop chain=firewall src-address=220.249.78.133
add action=drop chain=firewall src-address=210.126.215.254
add action=drop chain=firewall src-address=222.82.249.235
add action=drop chain=firewall src-address=219.138.39.23
add action=drop chain=firewall src-address=58.57.17.194
add action=drop chain=firewall src-address=60.161.78.144
add action=drop chain=firewall src-address=218.23.37.51
add action=drop chain=adsl-procetion comment="Crvi i ostala gamad ;-)" \
dst-port=444-445 protocol=tcp
add action=drop chain=adsl-procetion dst-port=135-139 protocol=tcp
add action=drop chain=adsl-procetion dst-port=444-445 protocol=udp
add action=drop chain=adsl-procetion dst-port=135-139 protocol=udp
add action=drop chain=adsl-procetion dst-port=995-999 protocol=udp
add action=drop chain=adsl-procetion dst-port=8998 protocol=udp

evo ti dio mojeg..

kod mene ti je dsl konekcija zvana xVDSL .. pa si to prilagodi i pokaj

bitno ti je zatvorit vitalne portove 21 22 23 80 .. 53 ti je unutra isto..


ovako ti je mikrotik odmah postao zombie za dns flood
svađaju se i na mikrotik zajednici.. zašto po defaultu ne dolazi neka zaštita kad ekipa slozi pppoe na dsl ..

[hostgator]

@dadoremix hvala ti !
Kopirao sam sljedece linije s mojim nazivom konekcije pppoe.
Neznam sto znace ostale linije pa ih nisam kopirao, ako ti nije problem mi malo pojasniti.
Ovako izgleda kod mene sada:

Code:

/ip firewall filter
add action=drop chain=input comment="drop port 21 s neta" dst-port=21 \
in-interface=pppoe protocol=tcp
add action=drop chain=input comment="drop ssh brute forcers" dst-port=22 \
protocol=tcp src-address-list=ssh_blacklist
add action=add-src-to-address-list address-list=ssh_blacklist \
address-list-timeout=1w3d chain=input connection-state=new dst-port=22 \
protocol=tcp src-address-list=ssh_stage3
add action=add-src-to-address-list address-list=ssh_stage3 \
address-list-timeout=1m chain=input connection-state=new dst-port=22 \
protocol=tcp src-address-list=ssh_stage2
add action=add-src-to-address-list address-list=ssh_stage2 \
address-list-timeout=1m chain=input connection-state=new dst-port=22 \
protocol=tcp src-address-list=ssh_stage1
add action=add-src-to-address-list address-list=ssh_stage1 \
address-list-timeout=1m chain=input connection-state=new dst-port=22 \
protocol=tcp
add action=drop chain=input dst-port=22 protocol=tcp
add action=drop chain=input comment="drop 23 s neta" dst-port=23 \
in-interface=pppoe protocol=tcp
add action=drop chain=input comment="drop httpa s neta" dst-port=80 \
in-interface=pppoe protocol=tcp
add action=drop chain=input comment="drop dns-a tcp s neta" dst-port=53 \
in-interface=pppoe protocol=tcp
add action=drop chain=input comment="drop dns-a udp s neta" dst-port=53 \
in-interface=pppoe protocol=udp