Community discussions

MikroTik App
 
ajmal
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 58
Joined: Mon Jan 31, 2005 8:38 pm
Location: IN

spyware problem

Fri Apr 01, 2005 6:26 pm

hi all
I am using MT 2.8.22 ald have blocked some known viruses port.But i am very tiered with spyware. Is there any way to block spywares through the router. Please help the needy...
 
User avatar
sergejs
MikroTik Support
MikroTik Support
Posts: 6623
Joined: Thu Mar 31, 2005 3:33 pm
Location: Riga, Latvia
Contact:

Sun Apr 03, 2005 12:46 am

yo can try system like i made in my routers,

to deny everything, and left only ports which are needed by applications (which are used for worK).

off course, there will be problems with users, because thay will protest, why some programs don't work.

but there is a good solving of some spyware programs, which don't use ports like 80 or 25. :P
 
spire2z
Long time Member
Long time Member
Posts: 517
Joined: Mon Feb 14, 2005 2:48 am

Wed Apr 06, 2005 2:40 pm

Most spyware gets onto users computers by simply viewing webpages and using security flaws in internet explorer installs on the users system or it's bundled with free software they download or get free on a magazine. I don't think you can fully block spyware at all with the router unless you block all websites know to contain spyware which would be a mamouth task! You just need to ensure your users are up to speed on winxp updates and all have antivirus and spyware scanners installed.
 
bfair
just joined
Posts: 15
Joined: Fri Feb 04, 2005 8:35 pm
Location: Oklahoma

Thu Apr 07, 2005 8:22 pm

You can get a list of known ad serving hosts/ip addresses and change their domain name resolution locally. Thats what I do. Of course, you will want to be careful not to block any that could cause issues with major search engines (overture?)
 
gianluca
Member Candidate
Member Candidate
Posts: 258
Joined: Sun Aug 08, 2004 11:00 pm
Location: Italy - Spain - USA

Thu Apr 07, 2005 9:13 pm

ajmal, can you publish the filter you use for virus?
thanks
 
spire2z
Long time Member
Long time Member
Posts: 517
Joined: Mon Feb 14, 2005 2:48 am

Fri Apr 08, 2005 9:29 pm

you can use a connection limit if the spyware is too aggressive for the router. Then at least internet performance won't suffer and the users will have to be responsable for their pc's rather than you having to block them.
 
mp3turbo2
Member Candidate
Member Candidate
Posts: 196
Joined: Wed Jun 02, 2004 9:15 am

Sat Apr 09, 2005 2:22 pm

spire2z, will you provide some example of connection limit ?
 
spire2z
Long time Member
Long time Member
Posts: 517
Joined: Mon Feb 14, 2005 2:48 am

Sun Apr 10, 2005 4:26 pm

well some isp's set a limit on TCP connections. If spyware and virus traffic is opening many connections to do whatever damage it does to whatever server. this can cause loss of internet access to other users when the limit is reached. You can specify a limit to each user and it will help to stop this problem. see the manal on firewall filters for more info.

I would have a link for you but the Mikrotik Documentattion links seem to be down right now so you will have to search yourself.
 
gianluca
Member Candidate
Member Candidate
Posts: 258
Joined: Sun Aug 08, 2004 11:00 pm
Location: Italy - Spain - USA

Sun Apr 10, 2005 6:50 pm

exactly. it is a good thing to set limit connection to a certain level. we limit to 250 the tcp connection per user.

this is the instruction:
add src-address=130.117.160.0/24 protocol=tcp action=drop \
connection-limit=250 comment="" disabled=no

this helps a lot when a customer has a virus. we have all customers on pppoe, so to generate traffic to other users thay have to pass thrugh the access concentrator. There then some rules to be put in place to block or shape/limit user to user connections. this depends on your needs.

Who is online

Users browsing this forum: Google [Bot] and 104 guests