Tuesday, January 1, 2013

The Best Ways to Block Conficker Virus in Mikrotik


Powerful Ways to overcome Conficker Virus in Mikrotik

Conficker is a virus that is making dizzy the network administrator, the virus spread rapidly across the network. Conficker is actually capable in the detection by anti-virus like avira nod, kaspersky, smadav, but sometimes it comes back. Ping results were also very messy. On this occasion we would like to share our knowledge and experience applied in the network itself,. Well, let's check it out!:

Copy and paste it in Winbox via terminal or maybe via telnet directly, and just copy and paste it:

/ip firewall filter add chain=forward protocol= udp dst-port=135 action=drop comment=”Conficker” disabled=no
/ip firewall filter add chain=forward protocol= udp dst-port=137 action=drop comment=”Conficker” disabled=no
/ip firewall filter add chain=forward protocol= udp dst-port=138 action=drop comment=”Conficker” disabled=no
/ip firewall filter add chain=forward protocol= udp dst-port=445 action=drop comment=”Conficker” disabled=no
/ip firewall filter add chain=forward protocol= tcp dst-port=135 action=drop comment=”Conficker” disabled=no
/ip firewall filter add chain=forward protocol= tcp dst-port=139 action=drop comment=”Conficker” disabled=no
/ip firewall filter add chain=forward protocol= tcp dst-port=5933 action=drop comment=”Conficker” disabled=no
/ip firewall filter add chain=forward protocol= tcp dst-port=445 action=drop comment=”Conficker” disabled=no
/ip firewall filter add chain=forward protocol= tcp dst-port=4691 action=drop comment=”Conficker” disabled=no


Additional .. to strengthen your Mikrotik rule agains to confickers virus. you should also add the above ports entered in the Web Proxy Direct, as shown below :

well.. good luck

READ MORE - The Best Ways to Block Conficker Virus in Mikrotik

Sunday, November 13, 2011

Mikrotik: Blocking Unleased DHCP IP Address

The case this time is how we block users other than DHCP Client with Mikrotik Winbox, in the other word that users who use a static Ip Address instead of DHCP.

ip can not use our connections. Just who gets an IP address via DHCP Server mikrotik who can use the internet connection,

I asume that Your DHCP server in mikrotik router are already running well.
We only need to change some the existing settings. 
  1. Sign In to Your Mikrotik Via Winbox
  2. IP menu> DHCP Server click 2x on the DHCP server. And Check "Add ARP For Lease"
  3. Go to menu "Interfaces" click 2x on your local interface or an interface where you apply a DHCP Server And Replace option "ARP" to "reply-only '
DONE! Now you try to use a static IP on your computer at yourlocal network, connections to the router will not work unless you use the options "Obtain an IP Address Automaticaly" or DHCP on interfaces / ethernet your computer enabled.
READ MORE - Mikrotik: Blocking Unleased DHCP IP Address

Saturday, November 5, 2011

Quick Way to Setup Mikrotik with Proxy Enabled Using Terminal (Command Line)

5 step to configure the mikrotik


  1. IP Address
  2. Gateway
  3. DNS
  4. NAT
  5. Proxy + transparent rules

Step 1
[admin@MikroTik] > ip address add interface=ether1 address=”your public ip” \
disabled=no
[admin@MikroTik] > ip address add interface=ether2 address=”your lan ip” \
disabled=no

Step 2
[admin@MikroTik] > ip route add gateway=”your gateway ip” disabled=no

Step 3
[admin@MikroTik] > ip dns set primary-dns=”your isp primary dns” \
secondary-dns=”your isp secondary dns” \
allow-remote-requests=yes

Step 4
[admin@MikroTik] > ip firewall nat add chain=srcnat out-interface=ether1 \
action=masquerade disabled=no

Step 5
[admin@MikroTik] > ip web-proxy set port=8080 hostname=host.yourdomain.com \
transparent-proxy=yes \
cache-administrator=support@yourdomain.com enabled=yes
[admin@MikroTik] > ip firewall nat add chain=dstnat protocol=tcp dst-port=80 \
action=redirect to-ports=8080 disabled=no \
comment=”transparent proxy”
[admin@MikroTik] > ip firewall nat add chain=dstnat protocol=tcp dst-port=3128 \
action=redirect to-ports=8080 disabled=no
[admin@MikroTik] > ip firewall nat add chain=dstnat protocol=tcp dst-port=8080 \
action=redirect to-ports=8080 disabled=no
READ MORE - Quick Way to Setup Mikrotik with Proxy Enabled Using Terminal (Command Line)