My Forum
Home > > Script MikroTik Anti DDOS, Port Scanner dan NetCut

Script MikroTik Anti DDOS, Port Scanner dan NetCut

Bagikan ke Teman! :



MikroTik merupakan salah satu router yang cukup handal untuk menangani kebutuhan di jaringan Anda. Dengan beberapa fitur diantaranya management bandwidth, ip firewall, web proxy, loadbalancing server membuat MikroTik banyak digunakan sebagai router di Warnet, Kantor, RT/RW Net, sekolah, dan di perumahan.
Di bawah ini saya akan sedikit berbagi script untuk mengamankan MikroTik dari port scanner, DDOS dan netcut. Anda tinggal copy pastekan script di bawah ini pada Terminal Winbox Anda, dan MikroTik Anda akan bertambah tebal dinding keamanannya.
Scriptnya :

Script Nya:

/ip firewall filter



add action=add-src-to-address-list address-list=DDOS address-list-timeout=15s chain=input comment="" disabled=no dst-port=1337 protocol=tcp



add action=add-src-to-address-list address-list=DDOS-address-list-timeout=15m chain=input comment="" disabled=no dst-port=7331 protocol=tcp src-address-list=knock



add action=add-src-to-address-list address-list="port-scanners" address-list-timeout=2w chain=input comment="port-scanners-to-list " disabled=no protocol=tcp psd=21,3s,3,1



add action=add-src-to-address-list address-list="port-scanners" address-list-timeout=2w chain=input comment="SYN/FIN scan" disabled=no protocol=tcp tcp-flags=fin,syn



add action=add-src-to-address-list address-list="port-scanners" address-list-timeout=2w chain=input comment="SYN/RST scan" disabled=no protocol=tcp tcp-flags=syn,rst



add action=add-src-to-address-list address-list="port-scanners" address-list-timeout=2w chain=input disabled=no tcp-flags=fin,psh,urg,!syn,!rst,!ack protocol=tcp comment="FIN/PSH/URG-Scan"



add action=add-src-to-address-list address-list="port-scanners" address-list-timeout=2w chain=input disabled=no protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg

comment="ALL/ALL-Scan"



add action=add-src-to-address-list address-list="port-scanners" address-list-timeout=2w chain=input tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg comment="NMAP-NULL-Scan" disabled=no protocol=tcp



add action=add-src-to-address-list address-list="port-scanners" address-list-timeout=2w chain=input comment="NMAP-FIN-Stealth-Scan" disabled=no protocol=tcp



add action=accept chain=input comment="ANTI-NETCUT" disabled=no dst-port=0-65535 protocol=tcp src-address=192.168.0.1/27


1 komentar — Skip ke Kotak Komentar

Unknown mengatakan...

thank you brada

6 Oktober 2016 pukul 10.14

Posting Komentar — or Kembali ke Postingan