i have this
Code: Select all
add action=drop chain=forward comment="drop ares" disabled=no p2p=warezanybody have the same?
Max
http://mikrotikexpert.com
http://maxid.com.ar
mikrotik doesn't drop ares on v3.11
Mikrotik doesn't drop the ares on mikrotik v3.11
i have this
on the top, the rule doesn't count and the ares can connect. I see it on the connection list.
anybody have the same?
Max
http://mikrotikexpert.com
http://maxid.com.ar
i have this
anybody have the same?
Max
http://mikrotikexpert.com
http://maxid.com.ar
MKE Solutions > Professional Support IT (Spanish / English)
FastNetMon / FNM Manager: DDoS Detection Tools.
FastNetMon / FNM Manager: DDoS Detection Tools.
Re: mikrotik doesn't drop ares on v3.11
Well i guess this is the same on the older releases, even on 2.9.x. I have figured out that after some time of router being up, 1-2 days, it successfully drops all ares connections. You don't have to be worried so much because even if the router is not up for more than 2 days it limits very much ares.
One other way you can do is figure out which is the listen port for incoming connections of ares of your clients ip's. You can do this by first loging and then droping the warez connections. So the log rule is before drop. And then monitor on your pc with syslog.
Here's an example im using!
One other way you can do is figure out which is the listen port for incoming connections of ares of your clients ip's. You can do this by first loging and then droping the warez connections. So the log rule is before drop. And then monitor on your pc with syslog.
Here's an example im using!
Code: Select all
add chain=forward src-address=192.168.0.5 protocol=tcp dst-port=28247 action=log log-prefix="GNUTELLA DROP" \
comment="log and drop gnutella listen port for 192.168.0.5 \(tcp\)" disabled=no
add chain=forward src-address=192.168.0.5 protocol=tcp dst-port=28247 action=drop comment="" disabled=no
add chain=forward src-address=192.168.0.5 protocol=udp dst-port=28247 action=log log-prefix="GNUTELLA DROP" \
comment="log and drop gnutella listen port for 192.168.0.5 \(udp\)" disabled=no
add chain=forward src-address=192.168.0.5protocol=udp dst-port=28247 action=drop comment="" disabled=no
add chain=forward p2p=warez action=log log-prefix="WAREZ" comment="log and drop warez" \
disabled=no
add chain=forward p2p=warez action=drop comment="" disabled=no
add chain=forward p2p=gnutella action=log log-prefix="GNUTELLA" comment="log and drop \
gnutella" disabled=no
add chain=forward p2p=gnutella action=drop comment="" disabled=no
Re: mikrotik doesn't drop ares on v3.11
how about L7, Maxi? Did you try that?
No answer to your question? How to write posts
Re: mikrotik doesn't drop ares on v3.11
I try with 2 different pattern but is not working fine. I don't know how the another solution like netenforce have layer7 for ares.
Max
http://maxid.com.ar
http://mikrotikexpert.com
Max
http://maxid.com.ar
http://mikrotikexpert.com
MKE Solutions > Professional Support IT (Spanish / English)
FastNetMon / FNM Manager: DDoS Detection Tools.
FastNetMon / FNM Manager: DDoS Detection Tools.
Re: mikrotik doesn't drop ares on v3.11
i think this type of traffic doesnt stop easy, because it uses randon ports and mt only knows wich kind of traffic after the second packet stablishement or something like that, can anybody hear it or explain it?
Cuando la ignorancia se impone, la razon cordialmente cede el paso.
Re: mikrotik doesn't drop ares on v3.11
port doesn't matter. routeros is inspecting packets and looking for familiar patterns. apparently ares uses encryption which makes this complicatedi think this type of traffic doesnt stop easy, because it uses randon ports and mt only knows wich kind of traffic after the second packet stablishement or something like that, can anybody hear it or explain it?
No answer to your question? How to write posts
Who is online
Users browsing this forum: Baidu [Spider] and 87 guests