Kamis, 24 April 2014

Drop Port Scanners Pada Mikrotik

Drop port scanners
To protect the Router from port scanners, we can record the IPs of hackers who try to scan your box. Using this address list we can drop connection from those IP

in /ip firewall filter

 add chain=input protocol=tcp psd=21,3s,3,1 action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="Port scanners to list " disabled=no

Various combinations of TCP flags can also indicate port scanner activity.

add chain=input protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="NMAP FIN Stealth scan"
add chain=input protocol=tcp tcp-flags=fin,syn action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="SYN/FIN scan"
add chain=input protocol=tcp tcp-flags=syn,rst action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="SYN/RST scan"
add chain=input protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="FIN/PSH/URG scan"
add chain=input protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="ALL/ALL scan"
add chain=input protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="NMAP NULL scan"
Then you can drop those IPs:

 add chain=input src-address-list="port scanners" action=drop comment="dropping port scanners" disabled=no
Similarly, you can drop these port scanners in the forward chain, but using the above rules with "chain=forward".

Source :
http://wiki.mikrotik.com/wiki/Drop_port_scanners


Salam 
Merah Putih Segoroasat
Thanks
Diposting oleh di Tidak ada komentar :
Label: ,

Selasa, 15 April 2014

Load Balancing & Failover 2 ISP Menggunakan Mikrotik

- LAN = 192.168.200.1/24
- Uplink = ISP-1 = 102.103.104.102/30 (Gateway ISP 102.103.104.101)
- Uplink = ISP-2 = 202.203.204.202/30 (Gateway ISP 202.203.204.201)


/ ip firewall mangle
add chain=prerouting action=mark-connection new-connection-mark=conn_1
passthrough=yes connection-state=new in-interface=LAN nth=2,1
add chain=prerouting action=mark-routing new-routing-mark=conn_1
passthrough=no in-interface=LAN connection-mark=conn_1
add chain=prerouting action=mark-connection new-connection-mark=conn_2
passthrough=yes connection-state=new in-interface=LAN nth=1,1
add chain=prerouting action=mark-routing new-routing-mark=conn_2
passthrough=no in-interface=LAN connection-mark=conn_2


/ip firewall nat
add chain=srcnat action=masquerade out-interface=ISP-1 connection-mark=conn_1
add chain=srcnat action=masquerade out-interface=ISP-2 connection-mark=conn_2


/ip route
add dst-address=0.0.0.0/0 gateway=102.103.104.101 scope=255 target-scope=10 routing-mark=conn_1 comment=”"disabled=no
add dst-address=0.0.0.0/0 gateway=202.203.204.202 scope=255 target-scope=10 routing-mark=conn_2 comment=”"disabled=no
add dst-address=0.0.0.0/0 gateway=102.103.104.101 scope=255 target-scope=10 comment=”"disabled=no


Catatan :
DNS Router : Isi dengan DNS ke-2 ISP tersebut => Allow Remote Requests (Cek List)
Isi DNS pada PC User/Client dengan 192.168.200.1 (sama dengan IP Gateway)


Sekian.
Semoga menambah pengetahuan kita.

Script diatas sudah saya coba dan berhasil.


Salam 
Merah Putih Segoroasat
Thanks
Diposting oleh di Tidak ada komentar :
Label: ,

Senin, 07 April 2014

Membuat Kabel USB Panjang 10 Meter Dengan Kabel UTP

Berikut langkah-langkahnya :

1. Siapkan bahan-bahan yang diperlukan :


2. Posisikan kabel untuk Jack USB Male


3. Solder kabel yang sudah dibagi tadi ke Jack USB Male.


4. Hasil dari Jack USB Male


5. Posisikan kabel untuk Jack USB FeMale


6. Solder pada USB Jack Female 


7. Hasil dari USB Jack Female.


8. Selesai, berikut hasilnya :

Demikian.
Semoga bermanfaat dan bisa menambah pengetahuan kita.

Source : Facebook luluknet

Salam 
Merah Putih Segoroasat
Terima kasih. 
Diposting oleh di 1 komentar :
Label:

Selasa, 18 Februari 2014

Permanent Static Routes for Mac OS X (Route Add Mac OS)

Permanent Static Routes for Mac OS X

Based on some research, here’s a way to add permanent static routes to Mac OS X Lion (and problably other OS Xs too).

The principe is that we create a bash script which is run on every boot and sets static routes.


First of all, you have to be a local admin.

Open a terminal and change to the StartupItems directory
cd /Library/StartupItems
Then create a new directory with root priviledges, e.g. AddRoutes and change into it
sudo mkdir ./AddRoutes
cd ./AddRoutes
Now you have to create and edit the bash script
sudo touch ./AddRoutes
sudo nano ./AddRoutes
Paste the following Lines into the bash script and adapt it for your network

#!/bin/sh
# Set static routing tables
. /etc/rc.common
StartService ()
{
sleep 10
ConsoleMessage "Adding Static Routing Table"
sudo /sbin/route add -net 10.0.0.0 -netmask 255.0.0.0 -gateway w.x.y.z
}
StopService ()
{
return 0
}
StopService ()
{
return 0
}
RestartService ()
{
return 0
}
RunService "$1"

When you finished with the script, save it.

Then create the corresponding plist.

sudo touch StartupParameters.plist
sudo nano StartupParameters.plist

When you created the plist file, paste the following lines into it.

{
Description = "Add static routing tables";
Provides = ("AddRoutes");
Requires = ("Network");
OrderPreference = "None";
}


When you finished the plist file, save it.

Finally we have to set the access rights

sudo chmod 755 /Library/StartupItems/AddRoutes/*

At the end we have to
reboot 
and now your permanent static routes are set.

You can verify with the following
netstat -nr

Diposting oleh di Tidak ada komentar :
Label:
Langganan: Postingan ( Atom )