Queue tree exe & dat extesions

salytwo · May 11, 2011, 2:05pm

Hello all,

I have setup hotspot and queue tree but I have extensions exe and dat not stop downloading and no user is download such these file type I am sure.
I feel that a virus or my network have hacked so can I block malicious thread by mikrotik?

I running 3.2

thanks

normis · May 12, 2011, 1:01pm

upgrade to v5.2
what is the problem exactly? post some picture and post your config

salytwo · May 14, 2011, 5:47am

I have these queue tree

[admin@MikroTik] /queue tree> print
Flags: X - disabled, I - invalid
0 name=“youtube” parent=global-out packet-mark=youtube limit-at=0 queue=default-small priority=8 max-limit=1000 burst-limit=0
burst-threshold=0 burst-time=0s

1 name=“zip file” parent=global-out packet-mark=zip limit-at=0 queue=default-small priority=8 max-limit=16000 burst-limit=0
burst-threshold=0 burst-time=0s

2 name=“rar” parent=global-out packet-mark=rar limit-at=0 queue=default-small priority=8 max-limit=8000 burst-limit=0 burst-threshold=0
burst-time=0s

3 name=“avi” parent=global-out packet-mark=avi limit-at=0 queue=default-small priority=8 max-limit=1000 burst-limit=0 burst-threshold=0
burst-time=0s

4 name=“7z” parent=global-out packet-mark=7z limit-at=0 queue=default-small priority=8 max-limit=3000 burst-limit=0 burst-threshold=0
burst-time=0s

5 name=“asf” parent=global-out packet-mark=asf limit-at=0 queue=default-small priority=8 max-limit=16000 burst-limit=0 burst-threshold=0
burst-time=0s

6 name=“bin” parent=global-out packet-mark=bin limit-at=0 queue=default-small priority=8 max-limit=16000 burst-limit=0 burst-threshold=0
burst-time=0s

7 name=“flv” parent=global-out packet-mark=flv limit-at=0 queue=default-small priority=8 max-limit=1000 burst-limit=0 burst-threshold=0
burst-time=0s

8 name=“iso” parent=global-out packet-mark=iso limit-at=0 queue=default-small priority=8 max-limit=16000 burst-limit=0 burst-threshold=0
burst-time=0s

9 name=“mkv” parent=global-out packet-mark=mkv limit-at=0 queue=default-small priority=8 max-limit=16000 burst-limit=0 burst-threshold=0
burst-time=0s

10 name=“exe” parent=global-out packet-mark=exe limit-at=0 queue=default-small priority=8 max-limit=1000 burst-limit=0 burst-threshold=0
burst-time=0s

11 name=“mov” parent=global-out packet-mark=mov limit-at=0 queue=default-small priority=8 max-limit=16000 burst-limit=0 burst-threshold=0
burst-time=0s

12 name=“mp3” parent=global-out packet-mark=mp3 limit-at=0 queue=default-small priority=8 max-limit=16000 burst-limit=0 burst-threshold=0
burst-time=0s

13 name=“mp4” parent=global-out packet-mark=mp4 limit-at=0 queue=default-small priority=8 max-limit=1000 burst-limit=0 burst-threshold=0
burst-time=0s

14 name=“mpeg” parent=global-out packet-mark=mpeg limit-at=0 queue=default-small priority=8 max-limit=16000 burst-limit=0 burst-threshold=>
burst-time=0s

ETC…

I have also

[admin@MikroTik] /queue type> print
0 name=“default” kind=pfifo pfifo-limit=50

1 name=“ethernet-default” kind=pfifo pfifo-limit=50

2 name=“wireless-default” kind=sfq sfq-perturb=5 sfq-allot=1514

3 name=“synchronous-default” kind=red red-limit=60 red-min-threshold=10 red-max-threshold=50 red-burst=20 red-avg-packet=1000

4 name=“hotspot-default” kind=sfq sfq-perturb=5 sfq-allot=1514

5 name=“default-small” kind=pcq pcq-rate=0 pcq-limit=50 pcq-classifier=src-address,dst-address,src-port,dst-port pcq-total-limit=2000

I have layer 7 protocols

0 YouTube Download 1 Extension " .exe " 2 Extension " .rar " 3 Extension " .zip " 4 Extension " .7z " 5 Extension " .bin " 6 Extension " .ram " 7 Extension " .rmvb " 8 Extension " .asf " 9 Extension " .mov " 10 Extension " .wmv " 11 Extension " .mpg " 12 Extension " .mpeg " 13 Extension " .mkv " 14 Extension " .avi " 15 Extension " .flv " 16 Extension " .pdf " 17 Extension " .iso " 18 Extension " .nrg " 19 Extension " .wav " 20 Extension " .rm " 21 Extension " .mp3 " 22 Extension " .mp4 " 23 Extension " .wma " 24 Extension " .daa " 25 Extension " .dat " 26 Extension " .vcd " 27 Extension " .cab " 28 Extension " .3gp " 29 livestreem

I have also mangel videoplayback
^.get.+.exe.$
^.get.+.rar.$
^.get.+.zip.$
^.get.+.7z.$
^.get.+.bin.$
^.get.+.ram.$
^.get.+.rmvb.$
^.get.+.asf.$
^.get.+.mov.$
^.get.+.wmv.$
^.get.+.mpg.$
^.get.+.mpeg.$
^.get.+.mkv.$
^.get.+.avi.$
^.get.+.flv.$
^.get.+.pdf.$
^.get.+.iso.$
^.get.+.nrg.$
^.get.+.wav.$
^.get.+.rm.$
^.get.+.mp3.$
^.get.+.mp4.$
^.get.+.wma.$
^.get.+.daa.$
^.get.+.dat.$
^.get.+.vcd.$
^.get.+.cab.$
^.get.+.3gp.$
www.livestation.com|channel

[admin@MikroTik] /ip firewall mangle> print
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; 7z DOWNS
chain=prerouting action=mark-connection new-connection-mark=7z DOWNS passthrough=yes protocol=tcp layer7-protocol=Extension " .7z "

1 chain=postrouting action=mark-packet new-packet-mark=7z passthrough=no protocol=tcp connection-mark=7z DOWNS

2 ;;; asf DOWNS
chain=prerouting action=mark-connection new-connection-mark=asf DOWNS passthrough=yes protocol=tcp layer7-protocol=Extension " .asf "

3 chain=postrouting action=mark-packet new-packet-mark=asf passthrough=no protocol=tcp connection-mark=asf DOWNS

4 ;;; avi DOWNS
chain=prerouting action=mark-connection new-connection-mark=avi DOWNS passthrough=yes protocol=tcp layer7-protocol=Extension " .avi "

5 chain=postrouting action=mark-packet new-packet-mark=avi passthrough=no protocol=tcp connection-mark=avi DOWNS

6 ;;; bin DOWNS
chain=prerouting action=mark-connection new-connection-mark=bin DOWNS passthrough=yes protocol=tcp layer7-protocol=Extension " .bin "

7 chain=postrouting action=mark-packet new-packet-mark=bin passthrough=no protocol=tcp connection-mark=bin DOWNS

8 ;;; flv DOWNS
chain=prerouting action=mark-connection new-connection-mark=flv DOWNS passthrough=yes protocol=tcp layer7-protocol=Extension " .flv "

9 chain=postrouting action=mark-packet new-packet-mark=flv passthrough=no protocol=tcp connection-mark=flv DOWNS

10 ;;; iso DOWNS
chain=prerouting action=mark-connection new-connection-mark=iso DOWNS passthrough=yes protocol=tcp layer7-protocol=Extension " .iso "

11 chain=postrouting action=mark-packet new-packet-mark=iso passthrough=no protocol=tcp connection-mark=iso DOWNS

12 ;;; mkv DOWNS
chain=prerouting action=mark-connection new-connection-mark=mkv DOWNS passthrough=yes protocol=tcp layer7-protocol=Extension " .mkv "

13 chain=postrouting action=mark-packet new-packet-mark=mkv passthrough=no protocol=tcp connection-mark=mkv DOWNS

14 ;;; exe DOWNS
chain=prerouting action=mark-connection new-connection-mark=exe DOWNS passthrough=yes protocol=tcp layer7-protocol=Extension " .exe "

15 chain=postrouting action=mark-packet new-packet-mark=exe passthrough=no protocol=tcp connection-mark=exe DOWNS

16 ;;; mov DOWNS
chain=prerouting action=mark-connection new-connection-mark=mov DOWNS passthrough=yes protocol=tcp layer7-protocol=Extension " .mov "

ETC…

Now My questions are :
1- EXE and DAT queue tree always running while no user is downloading such these files I am sure. this could be a virus or what I am very frustrating ?

2- If I want to block these extensions at all (not just limit ) how can I do?

3- If I add a new rule in firewall filter rules, no effect made for this. I mean if I want to block some traffic and drop it since it marked by mangle. How I can do?
I tried :
[admin@MikroTik] /ip firewall filter> print
Flags: X - disabled, I - invalid, D - dynamic
0 X ;;; place hotspot rules here
chain=unused-hs-chain action=passthrough

1 chain=forward action=drop out-interface=LAN packet-mark=rar

but not worked.

Sorry if I made my post very long. my intention to make every thing clear to you
I appr. your co-operating

thanks