total secutity commands for blocking ports virus and more2.9

RouterOS General
1

go to new terminal in winbox then type
ip firewall filter then paste all of these line you need to edit proxy lines ports and ip you will be secure 95% and will be no loading in ur internet from your clients

add chain=forward dst-port=445 protocol=tcp action=drop comment="Drop Blaster Worm." 
add chain=forward dst-port=445 protocol=udp action=drop comment="Drop Blaster Worm." 
add chain=forward dst-port=593 protocol=tcp action=drop comment=".........." 
add chain=forward dst-port=1024-1030 protocol=tcp action=drop comment=".........." 
add chain=forward dst-port=1080 protocol=tcp action=drop comment="Drop MyDoom" 
add chain=forward dst-port=1214 protocol=tcp action=drop comment=".........." 
add chain=forward dst-port=1363 protocol=tcp action=drop comment="ndm requester" 
add chain=forward dst-port=1364 protocol=tcp action=drop comment="ndm server" 
add chain=forward dst-port=1368 protocol=tcp action=drop comment="screen cast" 
add chain=forward dst-port=1373 protocol=tcp action=drop comment="hromgrafx" 
add chain=forward dst-port=1377 protocol=tcp action=drop comment="cichlid" 
add chain=forward dst-port=1433-1434 protocol=tcp action=drop comment="Worm" 
add chain=forward dst-port=2745 protocol=tcp action=drop comment="Bagle Virus" 
add chain=forward dst-port=2283 protocol=tcp action=drop comment="Drop Dumaru.Y" 
add chain=forward dst-port=2535 protocol=tcp action=drop comment="Drop Beagle" 
add chain=forward dst-port=3127-3128 protocol=tcp action=drop comment="Drop MyDoom" 
add chain=forward dst-port=3410 protocol=tcp action=drop comment="Drop Backdoor OptixPro" 
add chain=forward dst-port=4444 protocol=tcp action=drop comment="Worm" 
add chain=forward dst-port=4444 protocol=udp action=drop comment="Worm" 
add chain=forward dst-port=5554 protocol=tcp action=drop comment="Drop Sasser" 
add chain=forward dst-port=8866 protocol=tcp action=drop comment="Drop Beagle.B" 
add chain=forward dst-port=10000 protocol=tcp action=drop comment="Drop Dumaru.Y" 
add chain=forward dst-port=10080 protocol=tcp action=drop comment="Drop MyDoom.B" 
add chain=forward dst-port=12345 protocol=tcp action=drop comment="Drop NetBus" 
add chain=forward dst-port=17300 protocol=tcp action=drop comment="Drop Kuang2" 
add chain=forward dst-port=27374 protocol=tcp action=drop comment="Drop SubSeven" 
add chain=forward dst-port=65506 protocol=tcp action=drop comment="Drop PhatBot, Agobot, Gaobot

add chain=input connection-state=invalid action=drop \
	comment="Drop invalid connections"
add chain=input connection-state=established \
	comment="Allow established connections"
add chain=input connection-state=related \
	comment="Allow related connections"
add chain=input protocol=udp comment="Allow UDP"
add chain=input protocol=icmp comment="Allow ICMP Ping"
src-address=10.5.50.0/24 \
	comment="Allow access from our local network. Edit this!"
add chain=input src-address=10.5.50.0/24 protocol=tcp dst-port=8080 \
	comment="This is web proxy service for our customers. Edit this!"
add chain=input protocol=tcp dst-port=8001
add chain=input action=drop log=yes \
	comment="Log and drop everything else"

add chain=forward dst-port=135-139 protocol=tcp action=drop comment="Drop Blaster Worm." 
 add chain=forward dst-port=135-139 protocol=udp action=drop comment="Drop Messenger Worm." 
add chain=input dst-port=445 protocol=tcp action=drop comment="Drop Blaster Worm." 
add chain=input dst-port=445 protocol=udp action=drop comment="Drop Blaster Worm." 
add chain=input dst-port=593 protocol=tcp action=drop comment=".........." 
add chain=input dst-port=1024-1030 protocol=tcp action=drop comment=".........." 
add chain=input dst-port=1080 protocol=tcp action=drop comment="Drop MyDoom" 
add chain=input dst-port=1214 protocol=tcp action=drop comment=".........." 
add chain=input dst-port=1363 protocol=tcp action=drop comment="ndm requester" 
add chain=input dst-port=1364 protocol=tcp action=drop comment="ndm server" 
add chain=input dst-port=1368 protocol=tcp action=drop comment="screen cast" 
add chain=input dst-port=1373 protocol=tcp action=drop comment="hromgrafx" 
add chain=input dst-port=1377 protocol=tcp action=drop comment="cichlid" 
add chain=input dst-port=1433-1434 protocol=tcp action=drop comment="Worm" 
add chain=input dst-port=2745 protocol=tcp action=drop comment="Bagle Virus" 
add chain=input dst-port=2283 protocol=tcp action=drop comment="Drop Dumaru.Y" 
add chain=input dst-port=2535 protocol=tcp action=drop comment="Drop Beagle" 
add chain=input dst-port=3127-3128 protocol=tcp action=drop comment="Drop MyDoom" 
add chain=input dst-port=3410 protocol=tcp action=drop comment="Drop Backdoor OptixPro"                                    
add chain=input dst-port=4444 protocol=tcp action=drop comment="Worm" 
add chain=input dst-port=4444 protocol=udp action=drop comment="Worm" 
add chain=input dst-port=5554 protocol=tcp action=drop comment="Drop Sasser" 
add chain=input dst-port=8866 protocol=tcp action=drop comment="Drop Beagle.B" 
add chain=input dst-port=10000 protocol=tcp action=drop comment="Drop Dumaru.Y" 
add chain=input dst-port=10080 protocol=tcp action=drop comment="Drop MyDoom.B" 
add chain=input dst-port=12345 protocol=tcp action=drop comment="Drop NetBus" 
add chain=input dst-port=17300 protocol=tcp action=drop comment="Drop Kuang2" 
add chain=input dst-port=27374 protocol=tcp action=drop comment="Drop SubSeven" 
add chain=input dst-port=65506 protocol=tcp action=drop comment="Drop PhatBot, Agobot, Gaobot
2

I suggest removing the duplicated lines by putting them all into a chain called ‘virus’ or something. Then use jumps from the input and forward chains. That keeps your editing down to 1 location.

Also, I’m not 100% positive, but you should be dropping those ports only on new connections. If you drop all types of packets on those ports then normal connections will have issues every once in a while.

add chain=forward dst-port=445 protocol=tcp action=drop comment=“Drop Blaster Worm.” connection-state=new ???

Just my 2 cents.

Sam

3

go to new terminal in winbox then type
ip firewall filter then paste all of these line you need to edit proxy lines
ports and ip you will be secure 95% and will be no loading in ur internet
from your clients


95% secure ?! You must be kidding. Did you ever hear of seven layers of OSI model?


Also, if you put these port blockings into your firewall, that TOTALLY DOES NOT protect your clients from getting viruses. They still can open nasty webpages like crack and porno sites and they WILL receive viruses thru Java, ActiveX etc. For serious protection, you need to have

a) properly (!!) configured firewall on each client
b) properly set (!!!) secure OS with security patches / hotfixes applied. Empty admin passwords and unneeded services running are one simpliest examples.
c) on Windows : antivirus software, they are all not the same, some are better than the others
d) on Windows : anti-spyware software, again they are all not the same
e) anti-trojan software, this will protect you in near future. There are just a few worth mentioning.
f) hosts file hi-jacking protection
g) some other low-level stuff protecting against general weak OS layers
h) the most difficult part : knowledgeable users. If they are monkeys (and yes they are), you can trash all your protection.

There are reasons why Internet looks like it looks like today.

bye, mp3turbo.

4

thanks for the tips
but i test it it works great no problems at all
regarding secure issue when you have scanning based worms and virus that will reduced your trraffic to the internet and it will keep protecting your bandwidth and ur clients from direct attack at least ip to ip attact i didnt mean keep scanning ur all incomeing and outcoming trrafic even if you are scannning it if its SSL you cant :slight_smile:
at least we try to protoect what we can throw our MT
btw can you add the the ful code for the virus and jump thing it will be great