Bom dia e Paz para todo,
Amigos tenho uma duvida e acho que os colegas ja tem uma solução ou tem alguma sugestão. Criei uma Chain VIRUS onde por um Jump eu verifico as portas dos virus, na realidade esta regras esta em todos so MK que vejo por ai, mas agora preciso identifica os ips que estão suportamente infectados para poder oferecer aos meu clientes um serviço de manutenção, a minha ideia e criar uma marcação e e colcoar o ip do cliente infectado na lista de ips com a marca virus, mas estou sem uma ideia de como fazer isso as regras que tenho são as seguintes:
/ ip firewall filter
add chain=input action=drop connection-state=invalid comment="Dropa invalidas" disabled=yes
add chain=input action=drop src-address-list=bloqueados comment="" disabled=yesadd chain=input action=add-src-to-address-list dst-port=4321 protocol=tcp address-list=temp address-list-timeout=15s comment="" disabled=yes
add chain=input action=add-src-to-address-list dst-port=1234 protocol=tcp src-address-list=temp address-list=liberado address-list-timeout=1d comment="" disabled=yes
add chain=input action=accept dst-port=8291 protocol=tcp src-address-list=liberado comment="" disabled=yes
add chain=input action=drop dst-port=8291 protocol=tcp comment="" disabled=yes
add chain=input action=add-src-to-address-list protocol=tcp connection-limit=10,32 address-list=atacantes address-list-timeout=0s comment="" disabled=yes
add chain=input action=tarpit protocol=tcp src-address-list=atacantes comment="" disabled=yes
add chain=input action=jump jump-target=VIRUS comment="Salata para o canal VIRUS" disabled=yes
add chain=input action=jump jump-target=BOGON comment="Bogon" disabled=yes
add chain=input action=accept connection-state=established protocol=tcp comment="aceita estabelecidas" disabled=yes
add chain=input action=accept connection-state=related protocol=tcp comment="aceita realacionadas" disabled=yes
add chain=input action=accept src-address=192.168.100.0/24 comment="aceita rede interna" disabled=yes
add chain=input action=accept src-address=10.10.100.0/24 comment="aceita rede interna" disabled=yes
add chain=input action=accept dst-port=8291 protocol=tcp comment="aceita winbox da rede externa" disabled=yes
add chain=input action=accept dst-port=22-23 protocol=tcp comment="aceita SSH e Telnet" disabled=yes
add chain=input action=drop comment="DROPA Restante" disabled=yes
add chain=forward action=drop connection-state=invalid comment="Descarta invalidas" disabled=yes
add chain=forward action=drop tcp-flags=syn dst-port=1024-65535 protocol=tcp connection-limit=20,32 comment="Descarta mais que 20 conexoes por IP" disabled=yes
add chain=forward action=drop in-interface=!ether3 src-address-list=bloqueados comment="DROPA Bloqueados" disabled=yes
add chain=forward action=jump jump-target=ICMP protocol=icmp comment="jump para ICMP" disabled=yes
add chain=forward action=jump jump-target=VIRUS comment="VIRUS" disabled=yes
add chain=forward action=jump jump-target=BOGON comment="Bogon" disabled=yes
add chain=forward action=accept connection-state=established protocol=tcp comment="Aceita Estabelecidas" disabled=yes
add chain=forward action=accept connection-state=related protocol=tcp comment="Aceita Relacionadas" disabled=yes
add chain=VIRUS action=drop src-port=445 protocol=tcp comment="" disabled=yes
add chain=VIRUS action=drop dst-port=445 protocol=tcp comment="" disabled=yes
add chain=VIRUS action=drop src-port=445 protocol=udp comment="Drop Blaster Worm" disabled=yes
add chain=VIRUS action=drop dst-port=445 protocol=udp comment="Drop Blaster Worm" disabled=yes
add chain=VIRUS action=drop src-port=135-139 protocol=tcp comment="" disabled=yes
add chain=VIRUS action=drop src-port=135-139 protocol=udp comment="" disabled=yes
add chain=VIRUS action=drop dst-port=135-139 protocol=tcp comment="" disabled=yes
add chain=VIRUS action=drop dst-port=135-139 protocol=udp comment="" disabled=yes
add chain=VIRUS action=drop dst-port=593 protocol=tcp comment="________" disabled=yes
add chain=VIRUS action=drop dst-port=1024-1030 protocol=tcp comment="________" disabled=yes
add chain=VIRUS action=drop dst-port=1080 protocol=tcp comment="Drop MyDoom" disabled=yes
add chain=VIRUS action=drop dst-port=1214 protocol=tcp comment="________" disabled=yes
add chain=VIRUS action=drop dst-port=1363 protocol=tcp comment="ndm requester" disabled=yes
add chain=VIRUS action=drop dst-port=1364 protocol=tcp comment="ndm server" disabled=yes
add chain=VIRUS action=drop dst-port=1368 protocol=tcp comment="screen cast" disabled=yes
add chain=VIRUS action=drop dst-port=1373 protocol=tcp comment="hromgrafx" disabled=yes
add chain=VIRUS action=drop dst-port=1377 protocol=tcp comment="cichlid" disabled=yes
add chain=VIRUS action=drop dst-port=1433-1434 protocol=tcp comment="Worm" disabled=yes
add chain=VIRUS action=drop dst-port=2745 protocol=tcp comment="Bagle VIRUS" disabled=yes
add chain=VIRUS action=drop dst-port=2283 protocol=tcp comment="Drop Dumaru.Y" disabled=yes
add chain=VIRUS action=drop dst-port=2535 protocol=tcp comment="Drop Beagle" disabled=yes
add chain=VIRUS action=drop dst-port=2745 protocol=tcp comment="Drop Beagle.C-K" disabled=yes
add chain=VIRUS action=drop dst-port=3127 protocol=tcp comment="Drop MyDoom" disabled=yes
add chain=VIRUS action=drop dst-port=3410 protocol=tcp comment="Drop Backdoor OptixPro" disabled=yes
add chain=VIRUS action=drop dst-port=4444 protocol=tcp comment="Worm" disabled=yes
add chain=VIRUS action=drop dst-port=4444 protocol=udp comment="Worm" disabled=yes
add chain=VIRUS action=drop dst-port=5554 protocol=tcp comment="Drop Sasser" disabled=yes
add chain=VIRUS action=drop dst-port=8866 protocol=tcp comment="Drop Beagle.B" disabled=yes
add chain=VIRUS action=drop dst-port=9898 protocol=tcp comment="Drop Dabber.A-B" disabled=yes
add chain=VIRUS action=drop dst-port=10000 protocol=tcp comment="Drop Dumaru.Y" disabled=yes
add chain=VIRUS action=drop dst-port=10080 protocol=tcp comment="Drop MyDoom.B" disabled=yes
add chain=VIRUS action=drop dst-port=12345 protocol=tcp comment="Drop NetBus" disabled=yes
add chain=VIRUS action=drop dst-port=17300 protocol=tcp comment="Drop Kuang2" disabled=yes
add chain=VIRUS action=drop dst-port=27374 protocol=tcp comment="Drop SubSeven" disabled=yes
add chain=VIRUS action=drop dst-port=65506 protocol=tcp comment="Drop PhatBot, Agobot, Gaobot" disabled=yes
add chain=VIRUS action=drop dst-port=513 protocol=tcp comment="" disabled=yes
add chain=VIRUS action=drop dst-port=513 protocol=udp comment="" disabled=yes
add chain=VIRUS action=drop dst-port=525 protocol=tcp comment="" disabled=yes
add chain=VIRUS action=drop dst-port=525 protocol=udp comment="" disabled=yes
add chain=VIRUS action=drop dst-port=568-569 protocol=tcp comment="" disabled=yes
add chain=VIRUS action=drop dst-port=568-569 protocol=udp comment="" disabled=yes
add chain=VIRUS action=drop dst-port=1512 protocol=tcp comment="" disabled=yes
add chain=VIRUS action=drop dst-port=1512 protocol=udp comment="" disabled=yes
add chain=VIRUS action=drop dst-port=396 protocol=tcp comment="" disabled=yes
add chain=VIRUS action=drop dst-port=396 protocol=udp comment="" disabled=yes
add chain=VIRUS action=drop dst-port=1366 protocol=tcp comment="" disabled=yes
add chain=VIRUS action=drop dst-port=1366 protocol=udp comment="" disabled=yes
add chain=VIRUS action=drop dst-port=1416 protocol=tcp comment="" disabled=yes
add chain=VIRUS action=drop dst-port=1416 protocol=udp comment="" disabled=yes
add chain=VIRUS action=drop dst-port=201-209 protocol=tcp comment="" disabled=yes
add chain=VIRUS action=drop dst-port=201-209 protocol=udp comment="" disabled=yes
add chain=VIRUS action=drop dst-port=545 protocol=tcp comment="" disabled=yes
add chain=VIRUS action=drop dst-port=545 protocol=udp comment="" disabled=yes
add chain=VIRUS action=drop dst-port=1381 protocol=tcp comment="" disabled=yes
add chain=VIRUS action=drop dst-port=1381 protocol=udp comment="" disabled=yes
add chain=VIRUS action=drop dst-port=3031 protocol=tcp comment="" disabled=yes
add chain=VIRUS action=drop dst-port=3031 protocol=udp comment="" disabled=yes
add chain=BOGON action=drop src-address=0.0.0.0/8 comment="" disabled=yes
add chain=BOGON action=drop dst-address=0.0.0.0/8 comment="" disabled=yes
add chain=BOGON action=drop src-address=127.0.0.0/8 comment="" disabled=yes
add chain=BOGON action=drop dst-address=127.0.0.0/8 comment="" disabled=yes
add chain=BOGON action=drop src-address=224.0.0.0/3 comment="" disabled=yes
add chain=BOGON action=drop dst-address=224.0.0.0/3 comment="" disabled=yes
add chain=ICMP action=accept protocol=icmp icmp-options=0:0 comment="" disabled=yes
add chain=ICMP action=accept protocol=icmp icmp-options=0:8 comment="" disabled=yes
add chain=ICMP action=accept protocol=icmp icmp-options=11:0 comment="" disabled=yes
add chain=ICMP action=accept protocol=icmp icmp-options=3:3 comment="" disabled=yes
add chain=ICMP action=accept protocol=icmp icmp-options=3:4 comment="" disabled=yes
add chain=ICMP action=drop protocol=icmp comment="" disabled=yes
Sugestões, agradeço !!
-
28-08-2008, 12:30 #1
- Ingresso
- Aug 2005
- Localização
- Cáceres-MT
- Posts
- 132
Identificar VIRUS por IP?
-
29-08-2008, 01:57 #2
Usar protocolo tcp, porta e na ação escolher add-src-to-address-list.
Última edição por Raniel; 29-08-2008 às 02:04.
-
29-08-2008, 02:03 #3
Um exemplo:
/ip firewall filter add chain=virus protocol=tcp dst-port=5554 action=add-src-to-address-list address-list="virus-tipo" disabled=no
-
04-09-2008, 17:28 #4
- Ingresso
- Aug 2005
- Localização
- Cáceres-MT
- Posts
- 132
Blz Funcionou, so que tive de criar uma regra marcando e colocando na lista virus para cada regra de firewall, agora vou criar uma regra bloqueando este IP que esta lista de Virus e agendar para limpar a lista de virus a cada 24 horas, vai ficar legal...
Citação
