Community discussions

MikroTik App

Search found 23 matches

by scap
Sun Oct 21, 2018 8:39 pm
Forum: General
Topic: --algo kmp --hex-string
Replies: 13
Views: 1145

Re: --algo kmp --hex-string

I think package come with checksum value. Because other packages come with checksum value. Only this package come without checksum.

Also iptables rule catch empty checksum packages. If iptables able to do this also Mikrotik able to do it, I think. Am I wrong?
by scap
Sun Oct 21, 2018 8:29 pm
Forum: General
Topic: --algo kmp --hex-string
Replies: 13
Views: 1145

Re: --algo kmp --hex-string

https://prnt.sc/l8odz8

I try to catch this package.
by scap
Sun Oct 21, 2018 8:07 pm
Forum: General
Topic: --algo kmp --hex-string
Replies: 13
Views: 1145

Re: --algo kmp --hex-string

What is the correct layer7 Regex for finding "bad checksum" or "empty checksum" packages with Mikrotik Rule?

for empty checksum I found this.
-m u32 --u32 "24&0xffff=0x0000"

and how to set 00 00 ?
0000ffffffff54
by scap
Fri Sep 07, 2018 12:29 am
Forum: General
Topic: Already connected connection
Replies: 3
Views: 335

Re: Already connected connection

May before xx seconds I able to mark connection for recover connection before mikrotik routing process.

Than pass this marked connection from firewall rules.

But can't find any schema about this idea. Do you have any?

OR is there any way to accept all traffic to a destination for xx seconds?
by scap
Thu Sep 06, 2018 10:38 pm
Forum: General
Topic: Already connected connection
Replies: 3
Views: 335

Already connected connection

When I route some IP address to Mikrotik, it starts all packet with NEW state. Clients are already connected with server and state is not NEW but Mikrotik thinks it is ne because not seen in connection table.

How do I pass already connected connection for mikrotik don't marked with NEW?
by scap
Mon Sep 03, 2018 1:20 pm
Forum: General
Topic: --algo kmp --hex-string
Replies: 13
Views: 1145

Re: --algo kmp --hex-string

Is it true 3 string? Lastone is for wildcard for the rest.

\\xff\\xff\\xff\\xff\\x54\\x53\\x6f\\x75\\x72\\x63\\x65\\x20\\x45\\x6e\\x67\\x69\\x6e\\x65\\x20\\x51\\x75\\x65\\x72\\x79.*
\\xff\\xff\\xff\\xff\\x67\\x65\\x74\\x63\\x68\\x61\\x6c\\x6c\\x65\\x6e\\x67\\x65\\x20
\\x55\\xff\\xff\\xff\\xff.*
by scap
Mon Sep 03, 2018 12:48 pm
Forum: General
Topic: --algo kmp --hex-string
Replies: 13
Views: 1145

Re: --algo kmp --hex-string

ip firewall layer7-protocol add name=match-55ffffff regexp="\\x55\\xff\\xff\\xff"
Really thanks for your help.

and my last question is packet going with other hex how can I wildcard it?

ffffffff55872ede29

[\\x55\\xff\\xff\\xff\\~] ?
by scap
Mon Sep 03, 2018 10:45 am
Forum: General
Topic: --algo kmp --hex-string
Replies: 13
Views: 1145

Re: --algo kmp --hex-string

hex-string "|55ffffffff|"

how to set with layer7 filter?
by scap
Mon Sep 03, 2018 4:33 am
Forum: General
Topic: --algo kmp --hex-string
Replies: 13
Views: 1145

--algo kmp --hex-string

How can I set a rule for checking also and hex-string like linux iptables?

I want to write a rule to cacth this package

-m string --algo kmp --hex-string "|55ffffffff|"
by scap
Thu Mar 12, 2015 12:17 am
Forum: Forwarding Protocols
Topic: no-nexthop-change
Replies: 5
Views: 1759

Re: no-nexthop-change

Nope, I tested with all but it always send self. [admin@MikroTik] /routing bgp advertisements> print PEER PREFIX NEXTHOP AS-PATH ORIGIN LOCAL-PREF peer1 192.168.1.4/32 10.4.4.9 incomplete 100 origin incomplete is suspicious. Are you using redistribute to get routes into BGP? (this is usually bad pr...
by scap
Wed Mar 11, 2015 11:26 pm
Forum: Forwarding Protocols
Topic: no-nexthop-change
Replies: 5
Views: 1759

Re: no-nexthop-change

As Juniper side we can set no-nexthop-change and BGP always send nexthop which same routing table. But when I set-up BGP with Mikrotik, it always send local IP address to neighbor for next hop How do I set-up BGP to send route table same as routing table? For a BGP peer configuration, there is an o...
by scap
Wed Mar 11, 2015 9:38 pm
Forum: Forwarding Protocols
Topic: no-nexthop-change
Replies: 5
Views: 1759

no-nexthop-change

As Juniper side we can set no-nexthop-change and BGP always send nexthop which same routing table. But when I set-up BGP with Mikrotik, it always send local IP address to neighbor for next hop

How do I set-up BGP to send route table same as routing table?
by scap
Fri Mar 08, 2013 4:11 pm
Forum: General
Topic: RouterOS v6rc11
Replies: 115
Views: 37412

Re: RouterOS v6rc11

Thanks for download links. I upgrade CCR with that packages. I hope all problems will be fixed in short time.
by scap
Fri Mar 08, 2013 2:15 pm
Forum: General
Topic: RouterOS v6rc11
Replies: 115
Views: 37412

Re: RouterOS v6rc11

Try pre-release rc12. A lot of fixes for ccr
Where do I find pre-release rc12 for download ?
by scap
Sun Mar 03, 2013 1:40 am
Forum: General
Topic: RouterOS v6rc11
Replies: 115
Views: 37412

Re: RouterOS v6rc11

When fast logging CCR1036-12G-4S has been crashed and not accesible. I changed logging Disk to Ram and other alternative but all same. Same logging working with 5.11 with x86 PC without any problem but at CCR1036 with RouterOS v6rc11 device has been gone when too much logging about any firewall acti...
by scap
Tue Sep 22, 2009 2:54 pm
Forum: General
Topic: Can't see Calea menu at Winbox
Replies: 0
Views: 464

Can't see Calea menu at Winbox

I installed Calea package. Now I can give command from terminal but I can't see any calea settings from Winbox. I searched Calea on wiki (http://wiki.mikrotik.com/wiki/Calea) give some command and see a data directory has been opened in FTP but still can't see in winbox? Do you have any solution to ...
by scap
Wed Sep 06, 2006 2:06 am
Forum: General
Topic: Protect customer network from DDos, Flood, UDP attack
Replies: 1
Views: 2059

Protect customer network from DDos, Flood, UDP attack

I have rule for syn attacks.

TCP,SYN connection limit 31,32 drop

Do you have any other rule for protect customer network ?
And how do I stop UDP attack. What is the correct value and rule for this?

:roll:
by scap
Wed Jul 12, 2006 3:33 pm
Forum: General
Topic: ip group
Replies: 1
Views: 686

ip group

My customer have 73 to 119 ip addresses.
I need to add this ips to queue list. I don't have vlan so I need limit this ip groups . Problem is I don't add more than 29 ip address to simple queue with mikrotik winbox v2.9.25. do I add ip address via telnet screan?
by scap
Thu Mar 09, 2006 9:32 pm
Forum: Scripting
Topic: Auto ban script
Replies: 3
Views: 2277

Attackers request an address from server (port 80). I write a rule to mikrotik. It fixed server load ,little. Do you offer diffrent way to stop this?

General
TCP

Advanced
TCP Flags SYN

Extra
Rate 1/sec
Burst 2
limit by src and dst addresses
Expire 40000 ms
by scap
Thu Mar 09, 2006 11:31 am
Forum: Scripting
Topic: Auto ban script
Replies: 3
Views: 2277

Auto ban script

I need auto ban script for mikrotik. My server under attack from too many ip addreses. I know which ips are attacker's ips but I need mikrotik download one text file and block that ip addresses. how can I do this? server can give plain text file ever line one ip address mikrotik first flush old ips ...
by scap
Sat Feb 11, 2006 1:56 am
Forum: General
Topic: help for web proxy
Replies: 5
Views: 1371

I installed weproxy service on Mikrotik, but I did'nt find how can I do content filtering with Mikrotik web proxy service. I want to do content filtering for my webserver. I think to activate mikrotik webproxy service on port 80 with web server ip address. After do it, mikrotik'll look all web reque...
by scap
Thu Feb 09, 2006 9:42 am
Forum: General
Topic: help for web proxy
Replies: 5
Views: 1371

Don't need caching. Block some URL requests or URL requests that contain a certain string from getting to your web-server.
by scap
Thu Feb 09, 2006 12:46 am
Forum: General
Topic: help for web proxy
Replies: 5
Views: 1371

help for web proxy

Internet User > Internet > Mikrotik > Webserver port 8080 (static server) I need setup webproxy on Microtik .Microtik webproxy'll work on port 80 and filter some url request for my server. Now I'm doing this with squid on same server. But I think I can do this From Microtik. Can you give me a sample...