+ Responder ao Tópico



  1. 21-10-2014, 10:06 #1
    ccbsumare
    ccbsumare está desconectado
    Avatar de ccbsumare
    Ingresso
    May 2014
    Posts
    408

    Padrão Regras para ter um pouco mais de segurança em Sistema Mikrokit é necessario?

    Pessoal seria muito prevensão usar essa quantidade de regras em um RB 750G ou 450G, logico que algumas destas regras creio que não deva mais esta funciionando.

    Agora digamos que seria uma boa usa-las qual seria o desenpenho no processamento destas RB's?

    Código :
    /ip firewall filter 
add chain=virus protocol=tcp dst-port=2 action=drop comment="Death" disabled=no 
add chain=virus protocol=tcp dst-port=15 action=drop comment="B2" disabled=no 
add chain=virus protocol=tcp dst-port=23 action=drop comment="ADM worm" disabled=no 
add chain=virus protocol=tcp dst-port=30 action=drop comment="Agent 40421" disabled=no 
add chain=virus protocol=tcp dst-port=31 action=drop comment="Agent 31" disabled=no 
add chain=virus protocol=tcp dst-port=39 action=drop comment="subSARI" disabled=no 
add chain=virus protocol=tcp dst-port=41 action=drop comment="Deep Throat" disabled=no 
add chain=virus protocol=tcp dst-port=41 action=drop comment="Deep Throat" disabled=no 
add chain=virus protocol=tcp dst-port=44 action=drop comment="Arctic" disabled=no 
add chain=virus protocol=tcp dst-port=44 action=drop comment="Arctic" disabled=no 
add chain=virus protocol=tcp dst-port=48 action=drop comment="DRAT" disabled=no 
add chain=virus protocol=tcp dst-port=50 action=drop comment="DRAT" disabled=no 
add chain=virus protocol=tcp dst-port=58 action=drop comment="DMSetup" disabled=no 
add chain=virus protocol=tcp dst-port=59 action=drop comment="DMSetup" disabled=no 
add chain=virus protocol=tcp dst-port=67-68 action=drop comment="Denegar DHCP" disabled=no 
add chain=virus protocol=tcp dst-port=69 action=drop comment="denegar TFTP" disabled=no 
add chain=virus protocol=tcp dst-port=79 action=drop comment="CDK, Firehotcker" disabled=no 
add chain=virus protocol=tcp dst-port=81 action=drop comment="RemoConChubo USADO POR DISDOOS" disabled=no 
add chain=virus protocol=tcp dst-port=99 action=drop comment="Hidden" disabled=no 
add chain=virus protocol=tcp dst-port=111 action=drop comment="Denegar RPC portmapper" disabled=no 
add chain=virus protocol=tcp dst-port=113 action=drop comment="Invisible Identd Deamon" disabled=no 
add chain=virus protocol=tcp dst-port=119 action=drop comment="Happy99 OJO se usa para Grupo de Noticias" disabled=no 
add chain=virus protocol=tcp dst-port=121 action=drop comment="Attack Bot" disabled=no 
add chain=virus protocol=tcp dst-port=123 action=drop comment="Net Controller" disabled=no 
add chain=virus protocol=tcp dst-port=133 action=drop comment="Farnaz" disabled=no 
add chain=virus protocol=tcp dst-port=135-139 action=drop comment="Drop Blaster Worm" disabled=no 
add chain=virus protocol=udp dst-port=135-139 action=drop comment="Drop Messenger Worm" disabled=no 
add chain=virus protocol=tcp dst-port=137 action=drop comment="Chode" disabled=no 
add chain=virus protocol=tcp dst-port=138 action=drop comment="Chode" disabled=no 
add chain=virus protocol=tcp dst-port=142 action=drop comment="NetTaxi" disabled=no 
add chain=virus protocol=tcp dst-port=146 action=drop comment="Infector" disabled=no 
add chain=virus protocol=tcp dst-port=166 action=drop comment="NokNok" disabled=no 
add chain=virus protocol=tcp dst-port=170 action=drop comment="A-trojan" disabled=no 
add chain=virus protocol=tcp dst-port=445 action=drop comment="Drop Blaster Worm" disabled=no 
add chain=virus protocol=udp dst-port=445 action=drop comment="Drop Blaster Worm" disabled=no 
add chain=virus protocol=tcp dst-port=593 action=drop comment="________" disabled=no 
add chain=virus protocol=tcp dst-port=1024-1030 action=drop comment="________" disabled=no 
add chain=virus protocol=tcp dst-port=1045 action=drop comment="Rasmin" disabled=no 
add chain=virus protocol=tcp dst-port=1049 action=drop comment="/sbin/initd" disabled=no 
add chain=virus protocol=tcp dst-port=1050 action=drop comment="MiniCommand" disabled=no 
add chain=virus protocol=tcp dst-port=1053 action=drop comment="The Thief" disabled=no 
add chain=virus protocol=tcp dst-port=1054 action=drop comment="AckCmd" disabled=no 
add chain=virus protocol=tcp dst-port=1080 action=drop comment="Drop MyDoom" disabled=no 
add chain=virus protocol=tcp dst-port=1081 action=drop comment="WinHole" disabled=no 
add chain=virus protocol=tcp dst-port=1082 action=drop comment="Winhole" disabled=no 
add chain=virus protocol=tcp dst-port=1083 action=drop comment="WinHole" disabled=no 
add chain=virus protocol=tcp dst-port=1090 action=drop comment="Xtreme" disabled=no 
add chain=virus protocol=tcp dst-port=1095 action=drop comment="Remote Administration Tool - RAT" disabled=no 
add chain=virus protocol=tcp dst-port=1097 action=drop comment="Remote Administration Tool - RAT" disabled=no 
add chain=virus protocol=tcp dst-port=1098 action=drop comment="Remote Administration Tool - RAT" disabled=no 
add chain=virus protocol=tcp dst-port=1099 action=drop comment="Remote Administration Tool - RAT" disabled=no 
 
add chain=virus protocol=tcp dst-port=1150 action=add-dst-to-address-list address-list=DISDOSS address-list-timeout=1h comment="Orion" disabled=no 
 
add chain=virus protocol=tcp dst-port=1151 action=drop comment="Orion" disabled=no 
add chain=virus protocol=tcp dst-port=1170 action=drop comment="Streaming Audio Server" disabled=no 
add chain=virus protocol=tcp dst-port=1174 action=drop comment="DaCryptic" disabled=no 
add chain=virus protocol=tcp dst-port=1180 action=drop comment="unim68" disabled=no 
add chain=virus protocol=tcp dst-port=1207 action=drop comment="SoftWar" disabled=no 
add chain=virus protocol=tcp dst-port=1208 action=drop comment="Infector" disabled=no 
add chain=virus protocol=tcp dst-port=1212 action=drop comment="Kaos" disabled=no 
add chain=virus protocol=tcp dst-port=1214 action=drop comment="-----" disabled=no 
add chain=virus protocol=tcp dst-port=1234 action=drop comment="Subseven Java Client" disabled=no 
add chain=virus protocol=tcp dst-port=1243 action=drop comment="BackDoor - G" disabled=no 
add chain=virus protocol=tcp dst-port=1245 action=drop comment="VooDoo Doll" disabled=no 
add chain=virus protocol=tcp dst-port=1255 action=drop comment="Scarab" disabled=no 
add chain=virus protocol=tcp dst-port=1256 action=drop comment="Project Next" disabled=no 
add chain=virus protocol=tcp dst-port=1269 action=drop comment="Matrix" disabled=no 
add chain=virus protocol=tcp dst-port=1272 action=drop comment="The Matrix" disabled=no 
add chain=virus protocol=tcp dst-port=1313 action=drop comment="Netrojan" disabled=no 
add chain=virus protocol=tcp dst-port=1337 action=drop comment="ShadyShell" disabled=no 
add chain=virus protocol=tcp dst-port=1338 action=drop comment="Milennium Worm" disabled=no 
add chain=virus protocol=tcp dst-port=1349 action=drop comment="Bo dll" disabled=no 
add chain=virus protocol=tcp dst-port=1363 action=drop comment="ndm requester-" disabled=no 
add chain=virus protocol=tcp dst-port=1364 action=drop comment="ndm server-" disabled=no 
add chain=virus protocol=tcp dst-port=1368 action=drop comment="screen cast" disabled=no 
add chain=virus protocol=tcp dst-port=1373 action=drop comment="kromgrafx" disabled=no 
add chain=virus protocol=tcp dst-port=1377 action=drop comment="cichild" disabled=no 
add chain=virus protocol=tcp dst-port=1386 action=drop comment="Dagger" disabled=no 
add chain=virus protocol=tcp dst-port=1394 action=drop comment="GoFriller" disabled=no 
add chain=virus protocol=tcp dst-port=1433-1434 action=drop comment="Worm" disabled=no 
add chain=virus protocol=tcp dst-port=1441 action=drop comment="Remote Storm" disabled=no 
add chain=virus protocol=tcp dst-port=1492 action=drop comment="FTP99CMP" disabled=no 
add chain=virus protocol=tcp dst-port=1524 action=drop comment="Trinno" disabled=no 
add chain=virus protocol=tcp dst-port=1568 action=drop comment="Remote Hack" disabled=no 
add chain=virus protocol=tcp dst-port=2049 action=drop comment="Denegar NFS" disabled=no 
add chain=virus protocol=tcp dst-port=2283 action=drop comment="Drop Dumaru.Y" disabled=no 
add chain=virus protocol=tcp dst-port=2535 action=drop comment="Drop Beagle" disabled=no 
add chain=virus protocol=tcp dst-port=2745 action=drop comment="Drop Beagle.C-K" disabled=no 
add chain=virus protocol=tcp dst-port=3133 action=drop comment="Denegar BackOriffice" disabled=no 
add chain=virus protocol=tcp dst-port=3127-3128 action=drop comment="Drop MyDoom" disabled=no 
add chain=virus protocol=tcp dst-port=3410 action=drop comment="Drop Backdoor OptixPro" disabled=no 
add chain=virus protocol=tcp dst-port=4444 action=drop comment="Worm" disabled=no 
add chain=virus protocol=udp dst-port=4444 action=drop comment="Worm" disabled=no 
add chain=virus protocol=tcp dst-port=5554 action=drop comment="Drop Sasser" disabled=no 
add chain=virus protocol=tcp dst-port=8866 action=drop comment="Drop Beagle.B" disabled=no 
add chain=virus protocol=tcp dst-port=9898 action=drop comment="Drop Dabber.A-B" disabled=no 
add chain=virus protocol=tcp dst-port=10000 action=drop comment="Drop Dumaru.Y" disabled=no 
add chain=virus protocol=tcp dst-port=10080 action=drop comment="Drop MyDoom.B" disabled=no 
add chain=virus protocol=tcp dst-port=12345-12346 action=drop comment="Denegar NetBus" disabled=no 
add chain=virus protocol=tcp dst-port=17300 action=drop comment="Drop Kuang2" disabled=no 
add chain=virus protocol=tcp dst-port=27374 action=drop comment="Drop SubSeven" disabled=no 
add chain=virus protocol=tcp dst-port=65506 action=drop comment="Drop PhatBot, Agobot, Gaobot" disabled=no 
add chain=icmp protocol=icmp action=log log-prefix="" comment="" disabled=no 
add chain=forward action=jump jump-target=virus comment="jump to the virus chain" disabled=no 
add chain=input connection-state=related action=accept comment="Aceitar relatar conexões" disabled=no
 
add chain=input src-address=!192.168.0.0/24 protocol=tcp dst-port=3128 action=drop comment="Bloqueia uso web proxy por redes externas" disabled=no 
 
add chain=input src-address=!192.168.0.0/24 protocol=tcp dst-port=8080 action=drop comment="Bloquea uso do thunder por redes externas" disabled=no 
 
add chain=input src-address=!192.168.0.0/24 src-address-list="Tentativas SSH" action=drop comment="Bloquear Lista SSH" disabled=no 
 
add chain=input src-address=!192.168.0.0/24 src-address-list="Lista Telnet" action=drop comment="Bloqueia Lista Telnet" disabled=no 
 
add chain=input src-address=!192.168.0.0/24 src-address-list="Bloqueio de Invalidos Router" action=drop comment="Bloqueio Lista de Invalidos" disabled=no 
 
add chain=input src-address=!192.168.0.0/24 src-address-list="Entradas por FTP" action=drop comment="Bloquear Lista FTP" disabled=no 
 
 
add chain=input protocol=tcp dst-port=21 action=add-src-to-address-list address-list="Entradas por FTP" address-list-timeout=0s comment="Cria Lista de IPs que entran no FTP" disabled=no 
 
add chain=input protocol=tcp dst-port=21 action=drop comment="Aceitar Conexões FTP" disabled=no 
 
add chain=input protocol=tcp dst-port=80 action=add-src-to-address-list address-list="Acesos Via Web" address-list-timeout=0s comment="Cria Lista de IPs que vem WebBox" disabled=no 
 
add chain=input protocol=tcp dst-port=80 action=drop comment="Aceita WebBox" disabled=no 
add chain=input protocol=udp action=accept comment="UDP" disabled=no 
add chain=input protocol=icmp limit=50/5s,2 action=accept comment="Aceitar pings limitados" disabled=no 
add chain=input protocol=icmp action=drop comment="Recusar pings exedidos" disabled=no 
add chain=input protocol=tcp dst-port=23 action=add-src-to-address-list address-list="Lista Telnet" address-list-timeout=0s comment="Lista Telnet" disabled=no 
add chain=input protocol=tcp dst-port=23 action=drop comment="Aceita Telnet" disabled=no 
add chain=input protocol=tcp dst-port=22 action=add-src-to-address-list address-list="Tentativas SSH" address-list-timeout=0s comment="Cria Lista de Entradas SSH" disabled=no 
 
add chain=input protocol=tcp dst-port=22 action=drop comment="SSH" disabled=no 
add chain=input src-address=192.168.x.0/24 action=accept comment="Conexões da Rede Local" disabled=no 
add chain=input protocol=tcp dst-port=8291 action=add-src-to-address-list address-list=Winbox address-list-timeout=0s comment="Agrega IPs Que entram pelo Winbox" disabled=no 
 
add chain=input protocol=udp dst-port=53 limit=2400/1m,5 action=accept comment="limited dns" disabled=no 
add chain=input protocol=udp dst-port=53 action=drop comment="all others go to hell" disabled=no 
add chain=input protocol=tcp dst-port=8291 action=accept comment="winbox" disabled=no 
add chain=forward protocol=tcp dst-port=25 src-address-list=Spamm action=drop comment="Anti Spam" disabled=no 
add chain=forward protocol=tcp dst-port=25 connection-limit=10,32 limit=50,5 action=add-src-to-address-list address-list=Spamm address-list-timeout=2h comment="" disabled=no 
add chain=sanity-check packet-mark=nat-traversal action=drop comment="Deny illegal NAT traversal" disabled=no 
add chain=forward action=jump jump-target=sanity-check comment="Sanity Check" disabled=no 
add chain=sanity-check dst-address-type=broadcast,multicast action=jump jump-target=drop comment="Dropea todo 0 trafego que Vem das direções multicast o broadcast" disabled=no 
add chain=sanity-check src-address-type=broadcast,multicast action=jump jump-target=drop comment="Dropeia o trafego dirigido a direções multicast o broadcast" disabled=no 
add chain=drop action=log log-prefix="DROPPEDD" comment="" disabled=no 
add chain=drop action=drop comment="" disabled=no 
add chain=forward action=accept comment="" disabled=no 
add chain=input connection-state=invalid action=drop comment="conexões invalidas" disabled=no 
add chain=SERVICIOS protocol=tcp dst-port=23 action=drop comment="Bloqueia o ingreso por Telnet" disabled=no 
add chain=input src-address-list=black_list action=drop comment="DROP BLACK-LISTED USERS" disabled=no 
add chain=input protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack action=add-src-to-address-list address-list=black_list address-list-timeout=1h comment="Bloquea TCP Null scan" disabled=no 
 
add chain=input protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg action=add-src-to-address-list address-list=black_list address-list-timeout=1h comment="Bloquea TCP Xmas scan" disabled=no 
 
add chain=input protocol=tcp connection-limit=10,32 action=add-src-to-address-list address-list=black_list address-list-timeout=1h comment="Detecta Dois Attack" disabled=no 
 
add chain=input protocol=tcp psd=21,3s,3,1 action=add-src-to-address-list address-list=black_list address-list-timeout=1h comment="Detecta port scan" disabled=no 
 
add chain=input action=jump jump-target=SERVICIOS comment="SERVIÇOS" disabled=no
 
 
/ip firewall filter add chain=forward dst-address=180.76.2.25 action=drop comment=BAIDU
/ip firewall filter add chain=forward dst-address=63.217.158.78 action=drop comment=############################# BLOQUEIO DO BAIDU PC FASTER#############################
 
 
/ip firewall filter add chain=forward dst-address=220.181.111.86 action=drop
/ip firewall filter add chain=forward dst-address=46.28.209.15 action=drop comment=PC-PERFORMER-DRIVER-SCANNER
/ip firewall filter add chain=forward dst-address=96.45.82.5 action=drop
/ip firewall filter add chain=forward dst-address=208.94.116.112 action=drop comment=DEALPLY
/ip firewall filter add chain=forward dst-address=66.77.197.179 action=drop comment=DELTA-TOOL-BAR
/ip firewall filter add chain=forward dst-address=69.28.58.74 action=drop comment=22FIND
/ip firewall filter add chain=forward dst-address=95.130.75.74 action=drop comment=IMINENT
/ip firewall filter add chain=forward dst-address=50.23.103.20 action=drop comment=FUNMOODS
/ip firewall filter add chain=forward dst-address=173.255.138.100 action=drop
/ip firewall filter add chain=forward dst-address=174.37.174.84 action=drop
/ip firewall filter add chain=forward dst-address=174.127.102.228 action=drop
/ip firewall filter add chain=forward dst-address=66.235.120.127 action=drop comment=ASK-TOOL-BAR
/ip firewall filter add chain=forward dst-address=63.217.158.0/24 action=drop comment=Hao123


    Pega tudo que vem na porta 80 na faixa de ip 180.76.0.0 ate 180.76.255.255 e redireciona para o site do google


    Código :
    /ip firewall nat
add action=dst-nat chain=dstnat comment=baidu disabled=no dst-address=180.76.0.0/16 dst-port=80 protocol=tcp to-addresses=173.194.118.255 to-ports=80
    Última edição por ab5x2; 21-10-2014 às 12:40.
    Citação Citação
  2. 21-10-2014, 12:34 #2
    Fael
    Fael está desconectado
    Avatar de Fael
    Ingresso
    Jun 2014
    Posts
    596

    Padrão Re: Regras para ter um pouco mais de segurança em Sistema Mikrokit é necessario?

    Na Minha Humilde Opinião é Gambiarra...
    O Provedor não deve Influir bloqueando essas pragas pro usuário final a nível de Firewall, além de gerar processamento em sua rb você pode acabar prejudicando outro serviço com essa BlackList, as regras de Acesso a sua rb pode até ser valida, mais essa de virus/Spyware não valem a pena (Minha Opinião).
    Incentive seu Cliente a Usar Adblock/FlashBlock, Use a versão do OpenDns que bloqueia grande parte de sites indesejados que já é um caminho nada "forçado".
    Citação Citação
  3. 22-10-2014, 01:28 #3
    marcioelias
    marcioelias está desconectado
    Avatar de marcioelias
    Ingresso
    Jul 2013
    Localização
    Araranguá, Brazil
    Posts
    689

    Padrão Re: Regras para ter um pouco mais de segurança em Sistema Mikrokit é necessario?

    @stevefox, @Arthur Bernardes concordo em gênero, número e grau com vcs.
    @ccbsumare, eu investiria em algumas poucas regras de firewall para proteger o seu equipamento, evitar o acesso específico a sua RB nos serviços nela rodando, ssh, Winbox, HTTP, etc. Bloqueando todos os pacotes vindo de qualquer lugar que não seja sua rede de gerencia em direção a sua RB.

    Do resto, cada um planta o que colhe, se o cliente entrou em um determinado site, ou clicou em um determinado link, ou sei lá o que, não é problema seu. Alias, deve existir uma regra no seu contrato com o cliente que deixe claro que a empresa (vc) isenta-se de quaisquer responsabilidades pelo mal uso do serviço de SCM por parte do cliente, seja para se auto-prejudicar e/ou prejudicar a terceiros, voluntaria ou involuntariamente.
    Citação Citação
  4. 22-10-2014, 09:40 #4
    ccbsumare
    ccbsumare está desconectado
    Avatar de ccbsumare
    Ingresso
    May 2014
    Posts
    408

    Padrão Re: Regras para ter um pouco mais de segurança em Sistema Mikrokit é necessario?

    Ok pessoal obrigado pela opniões.

    Abraço
    Citação Citação



« Tópico Anterior | Próximo Tópico »