Community discussions

MikroTik App
 
singh
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 72
Joined: Sat Apr 04, 2009 11:57 am

Spamming

Sat Jun 11, 2011 10:22 am

Hi,
My ISP blocked my IP saying that it is spamming and I ensure that all my computers have an antivirus and should scan them.
Since I am using the hotspot there is now way I can ensure that anybody who connects to the hostpot has an antivirus or is not spamming.
Is there a way I can go about it from my RouterOS, blocking spam or something of that sort.
 
User avatar
alexandro
just joined
Posts: 24
Joined: Mon Jun 06, 2011 11:03 am
Location: Lebanon
Contact:

Re: Spamming

Sat Jun 11, 2011 11:06 pm

Ok Bro Use these and pray for me


/ip firewall filter

add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input comment="Port scanners to list " disabled=no protocol=tcp psd=21,3s,3,1
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input comment="NMAP FIN Stealth scan" disabled=no protocol=tcp tcp-flags=\
fin,!syn,!rst,!psh,!ack,!urg
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input comment="SYN/FIN scan" disabled=no protocol=tcp tcp-flags=fin,syn
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input comment="SYN/RST scan" disabled=no protocol=tcp tcp-flags=syn,rst
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input comment="FIN/PSH/URG scan" disabled=no protocol=tcp tcp-flags=\
fin,psh,urg,!syn,!rst,!ack
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input comment="ALL/ALL scan" disabled=no protocol=tcp tcp-flags=\
fin,syn,rst,psh,ack,urg
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input comment="NMAP NULL scan" disabled=no protocol=tcp tcp-flags=\
!fin,!syn,!rst,!psh,!ack,!urg
add action=drop chain=input comment="dropping port scanners" disabled=no src-address-list="port scanners"
add action=drop chain=input comment="drop ftp brute forcers" disabled=no dst-port=21 protocol=tcp src-address-list=ftp_blacklist
add action=accept chain=output content="530 Login incorrect" disabled=no dst-limit=1/1m,9,dst-address/1m protocol=tcp
add action=add-dst-to-address-list address-list=ftp_blacklist address-list-timeout=3h chain=output content="530 Login incorrect" disabled=no protocol=tcp
add action=drop chain=input comment="drop ssh brute forcers" disabled=no dst-port=22 protocol=tcp src-address-list=ssh_blacklist
add action=add-src-to-address-list address-list=ssh_blacklist address-list-timeout=1w3d chain=input connection-state=new disabled=no dst-port=22 protocol=tcp src-address-list=\
ssh_stage3
add action=add-src-to-address-list address-list=ssh_stage3 address-list-timeout=1m chain=input connection-state=new disabled=no dst-port=22 protocol=tcp src-address-list=\
ssh_stage2
add action=add-src-to-address-list address-list=ssh_stage2 address-list-timeout=1m chain=input connection-state=new disabled=no dst-port=22 protocol=tcp src-address-list=\
ssh_stage1
add action=add-src-to-address-list address-list=ssh_stage1 address-list-timeout=1m chain=input connection-state=new disabled=no dst-port=22 protocol=tcp
add action=drop chain=forward comment="drop ssh brute downstream" disabled=no dst-port=22 protocol=tcp src-address-list=ssh_blacklist


TC :)
Don't Give the man a fish but learn the man how to fish
 
bburley
Frequent Visitor
Frequent Visitor
Posts: 81
Joined: Thu Nov 18, 2010 7:22 am
Location: Alberta, Canada

Re: Spamming

Mon Jun 13, 2011 12:16 pm

The above firewall rules seem to be for incoming attack filtering.

Perhaps this is what you were looking for

http://wiki.mikrotik.com/wiki/How_to_au ... MTP_output

Who is online

Users browsing this forum: bandoravic, Google [Bot], jorgeti, PCML, Sanalturkey, tdw and 175 guests