Community discussions

 
WeWiNet
Member Candidate
Member Candidate
Topic Author
Posts: 140
Joined: Thu Sep 27, 2018 4:11 pm

Mikrotik's demo system demo.mt.lv firewall Virus rules, worth using???

Fri Jan 11, 2019 10:51 am

Hi,

On Mikrotiks hosted RouterOS demo system (using demo.mt.lv as target in Winbox),
under Firewall there are a long list of "Virus" firewall entries which seems quit interesting, if they do work in real life
(see below).

Now in this demo system they don't get hit by any traffic, so I wonder if it would be worth using them
in my systems? Anyone tried something like that?

And if so, if Mikrotik could provide them in the Wiki pages somewhere ( I searched for it but did not see them).
[attachment=0]Mtik_example_firewall_rules.jpg[/attachment]
You do not have the required permissions to view the files attached to this post.
WeWiNet

**
MTCNA
hapac2, map, hap-lite, ltap-mini, RB4011 :-) !!!
 
User avatar
sebastia
Forum Guru
Forum Guru
Posts: 1512
Joined: Tue Oct 12, 2010 3:23 am
Location: Antwerp, BE

Re: Mikrotik's demo system demo.mt.lv firewall Virus rules, worth using???

Fri Jan 11, 2019 11:52 am

Hi

On input/output I always set default policy of drop/reject, and only allow selective & known traffic. On forward, inbound is denied by default, for outbound it can be tricky. If such a filter set was used for outbound, a hit could mean:
* an actual threat communicating out
* some valid application "reusing" / cycling through available ports. This could result in additional support: why don't it work...

If used, I would at least consolidate it, to ensure minimal impact on firewall throughput.
* if tcp and dst-port=x,xx,xxx,... drop
* if udp and dst-port=x,xx,xxx,... drop
 
nescafe2002
Long time Member
Long time Member
Posts: 594
Joined: Tue Aug 11, 2015 12:46 pm
Location: Netherlands

Re: Mikrotik's demo system demo.mt.lv firewall Virus rules, worth using???

Fri Jan 11, 2019 12:07 pm

You can ssh to demo.mt.lv and run export to fetch the running configuration.
 
anav
Forum Guru
Forum Guru
Posts: 2734
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada

Re: Mikrotik's demo system demo.mt.lv firewall Virus rules, worth using???

Fri Jan 11, 2019 2:42 pm

I have never used or noticed a chain called VIRUS?
Does anyone actually use this and for what purpose?
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
 
R1CH
Forum Veteran
Forum Veteran
Posts: 862
Joined: Sun Oct 01, 2006 11:44 pm

Re: Mikrotik's demo system demo.mt.lv firewall Virus rules, worth using???

Fri Jan 11, 2019 4:18 pm

For forward chain it maybe makes a bit of sense to block new connections to these ports, however most of these are no longer active threats and you risk blocking legitimate services (eg cloud services that pick ephemeral ports). The only ones I use on my network are blocking leaky SMB (137-139,445) from hitting WAN. For input you should be blocking all traffic by default so it's no use.
 
WeWiNet
Member Candidate
Member Candidate
Topic Author
Posts: 140
Joined: Thu Sep 27, 2018 4:11 pm

Re: Mikrotik's demo system demo.mt.lv firewall Virus rules, worth using???

Sun Jan 20, 2019 1:15 pm

Thanks all for your feedback and input.

I was hoping to get some feedback from Mikrotik on how useful THEY think those rules are
(as they don't publish rubbish normally, I would suppose those FW rules are done on purpose and not just for fun
and maybe they have them run on some real world servers?).

Unfortunately you can not (no longer?) export those rules, it says "not enough permissions" when logged in with SSH.
I just thought I could get them somewhere as text and give them a try in my systems, but as some of you say they
might be useless these days I won't waste my time on them for now.
WeWiNet

**
MTCNA
hapac2, map, hap-lite, ltap-mini, RB4011 :-) !!!
 
nescafe2002
Long time Member
Long time Member
Posts: 594
Joined: Tue Aug 11, 2015 12:46 pm
Location: Netherlands

Re: Mikrotik's demo system demo.mt.lv firewall Virus rules, worth using???

Sun Jan 20, 2019 1:52 pm

Here they are, using: $ ssh admin@demo.mt.lv "/export" > demo.mt.lv.rsc
You do not have the required permissions to view the files attached to this post.
 
WeWiNet
Member Candidate
Member Candidate
Topic Author
Posts: 140
Joined: Thu Sep 27, 2018 4:11 pm

Re: Mikrotik's demo system demo.mt.lv firewall Virus rules, worth using???

Tue Jan 22, 2019 1:01 pm

Thank you very much!
WeWiNet

**
MTCNA
hapac2, map, hap-lite, ltap-mini, RB4011 :-) !!!

Who is online

Users browsing this forum: No registered users and 38 guests