Community discussions

MikroTik App
 
User avatar
maximan
Trainer
Trainer
Topic Author
Posts: 549
Joined: Sat May 29, 2004 12:10 am
Location: Rio Cuarto, Argentina
Contact:

mikrotik doesn't drop ares on v3.11

Fri Jul 18, 2008 9:26 pm

Mikrotik doesn't drop the ares on mikrotik v3.11
i have this
add action=drop chain=forward comment="drop ares" disabled=no p2p=warez
on the top, the rule doesn't count and the ares can connect. I see it on the connection list.

anybody have the same?

Max
http://mikrotikexpert.com
http://maxid.com.ar
MKE Solutions > Professional Support IT (Spanish / English)
FastNetMon / FNM Manager: DDoS Detection Tools.
 
User avatar
n2m
newbie
Posts: 47
Joined: Mon Feb 25, 2008 8:48 am

Re: mikrotik doesn't drop ares on v3.11

Sat Jul 19, 2008 10:34 am

Well i guess this is the same on the older releases, even on 2.9.x. I have figured out that after some time of router being up, 1-2 days, it successfully drops all ares connections. You don't have to be worried so much because even if the router is not up for more than 2 days it limits very much ares.

One other way you can do is figure out which is the listen port for incoming connections of ares of your clients ip's. You can do this by first loging and then droping the warez connections. So the log rule is before drop. And then monitor on your pc with syslog.

Here's an example im using!
add chain=forward src-address=192.168.0.5 protocol=tcp dst-port=28247 action=log log-prefix="GNUTELLA DROP" \
    comment="log and drop gnutella listen port for 192.168.0.5 \(tcp\)" disabled=no 
add chain=forward src-address=192.168.0.5 protocol=tcp dst-port=28247 action=drop comment="" disabled=no
 
add chain=forward src-address=192.168.0.5 protocol=udp dst-port=28247 action=log log-prefix="GNUTELLA DROP" \
    comment="log and drop gnutella listen port for 192.168.0.5 \(udp\)" disabled=no 
add chain=forward src-address=192.168.0.5protocol=udp dst-port=28247 action=drop comment="" disabled=no
 
add chain=forward p2p=warez action=log log-prefix="WAREZ" comment="log and drop warez" \
    disabled=no 
add chain=forward p2p=warez action=drop comment="" disabled=no
 
add chain=forward p2p=gnutella action=log log-prefix="GNUTELLA" comment="log and drop \
    gnutella" disabled=no 
add chain=forward p2p=gnutella action=drop comment="" disabled=no
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 24749
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: mikrotik doesn't drop ares on v3.11

Mon Jul 21, 2008 2:15 pm

how about L7, Maxi? Did you try that?
No answer to your question? How to write posts
 
User avatar
maximan
Trainer
Trainer
Topic Author
Posts: 549
Joined: Sat May 29, 2004 12:10 am
Location: Rio Cuarto, Argentina
Contact:

Re: mikrotik doesn't drop ares on v3.11

Wed Jul 23, 2008 3:26 am

I try with 2 different pattern but is not working fine. I don't know how the another solution like netenforce have layer7 for ares.

Max
http://maxid.com.ar
http://mikrotikexpert.com
MKE Solutions > Professional Support IT (Spanish / English)
FastNetMon / FNM Manager: DDoS Detection Tools.
 
User avatar
sandov63
newbie
Posts: 34
Joined: Mon Jun 25, 2007 9:15 pm
Location: Villa del rosario perija zulia, venezuela

Re: mikrotik doesn't drop ares on v3.11

Tue Aug 19, 2008 7:13 pm

i think this type of traffic doesnt stop easy, because it uses randon ports and mt only knows wich kind of traffic after the second packet stablishement or something like that, can anybody hear it or explain it?
Cuando la ignorancia se impone, la razon cordialmente cede el paso.
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 24749
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: mikrotik doesn't drop ares on v3.11

Wed Aug 20, 2008 10:46 am

i think this type of traffic doesnt stop easy, because it uses randon ports and mt only knows wich kind of traffic after the second packet stablishement or something like that, can anybody hear it or explain it?
port doesn't matter. routeros is inspecting packets and looking for familiar patterns. apparently ares uses encryption which makes this complicated
No answer to your question? How to write posts

Who is online

Users browsing this forum: Baidu [Spider] and 87 guests