Community discussions

MUM Europe 2020
 
nirmal
newbie
Topic Author
Posts: 44
Joined: Fri May 24, 2013 10:15 am

Stopping of open proxy servers with Mikro Tik

Tue Aug 06, 2013 2:54 pm

Dear Sir/Madam,
As you may be aware that we are tracking open proxy servers running in India. During the period 07 July 2013, it has been observed that following IP allocated to your organisation are running as open proxy.
IP Timestamp
202.140.48.34 7/7/2013 11:00:26 PM
As is well known that such open proxies are not desirable as they can be a source of any Computer offence/crime and may have economic implications. Also such type of security breach attracts penalties under IT Act,2000.
You are requested to kindly take immediate steps to stop these hosts functioning as open proxy. We greatly appreciate your prompt attention to this matter. Please intimate us about action taken in this matter at the earliest.
If you are not the appropriate staff to handle this matter, you are requested to immediately escalate this matter to the attention of concerned authority.

The above information I got from the - Indian Computer Emergency Response Team (CERT-In),Department of Information Technology
Ministry of Communications & Information Technology,Government of India.

In this place I am running my network with Mikro Tik router So how can i stop this?
 
deejayq
Member Candidate
Member Candidate
Posts: 195
Joined: Wed Feb 23, 2011 8:33 am

Re: Stopping of open proxy servers with Mikro Tik

Tue Aug 06, 2013 5:36 pm

You can start by blocking incoming connections to your network on tcp ports 80, 1080, 3128 and 8080. It's only. a temporary solution. A more resource exhaustive solution would be to set up a layer7 filter but you have to know what data is being exchanged when somebody initialises a connection to one of your network computers hosting an open proxy
 
CelticComms
Forum Guru
Forum Guru
Posts: 1766
Joined: Wed May 02, 2012 5:48 am

Re: Stopping of open proxy servers with Mikro Tik

Wed Aug 07, 2013 2:49 am

Firstly you should block all traffic to the router from the WAN interface(s) (drop all rule(s) in input filters) then permit the specific traffic that should be allowed to access the router (specific accept rule(s) in input filters).
Interlynx | Networking and Information Security Consultants & Trainers | Email: routerlynx@gmail.com
BGP | EIGRP | OSPF | MPLS | Firewall | VPN | IPsec | Multicast | QOS | IPv4/6 | STP | VLAN | PON | AE | M2M | and more!

 
User avatar
IPANetEngineer
Trainer
Trainer
Posts: 1164
Joined: Fri Aug 10, 2012 6:46 am
Location: Jackson, MS, USA
Contact:

Re: Stopping of open proxy servers with Mikro Tik

Wed Aug 07, 2013 4:17 am

Have you validated this communication is legitimate? That would be my first step.

If it proves to be legit, are open proxy servers against your AUP? If so, throttle their bandwidth back to 64k until they comply with the AUP
Global - MikroTik Support & Consulting - English | Francais | Español | Portuguese +1 855-645-7684
https://iparchitechs.com/services/mikro ... l-support/ mikrotiksupport@iparchitechs.com
 
nirmal
newbie
Topic Author
Posts: 44
Joined: Fri May 24, 2013 10:15 am

Re: Stopping of open proxy servers with Mikro Tik

Wed Aug 07, 2013 8:28 am

Hi all,

Can you Please explain how to do it?
 
nirmal
newbie
Topic Author
Posts: 44
Joined: Fri May 24, 2013 10:15 am

Re: Stopping of open proxy servers with Mikro Tik

Wed Aug 07, 2013 10:38 am

Hi all,

Is that below commands will help to close this

add chain=input connection-state=established comment="Accept established connections"
add chain=input connection-state=related comment="Accept related connections"
add chain=input connection-state=invalid action=drop comment="Drop invalid connections"
add chain=input protocol=udp action=accept comment="UDP" disabled=no
add chain=input protocol=icmp limit=50/5s,2 comment="Allow limited pings"
add chain=input protocol=icmp action=drop comment="Drop excess pings"
add chain=input protocol=tcp dst-port=22 comment="SSH for secure shell"
add chain=input protocol=tcp dst-port=8291 comment="winbox"
# Edit these rules to reflect your actual IP addresses! #
add chain=input src-address=159.148.172.192/28 comment="From Mikrotikls network"
add chain=input src-address=10.0.0.0/8 comment="From our private LAN"
# End of Edit #
add chain=input action=log log-prefix="DROP INPUT" comment="Log everything else"
add chain=input action=drop comment="Drop everything else"

Who is online

Users browsing this forum: No registered users and 41 guests