Community discussions

MUM Europe 2020
 
mrirh
just joined
Topic Author
Posts: 24
Joined: Fri Jul 09, 2004 10:54 pm

securing the Mikrotik router

Wed Dec 28, 2005 3:52 am

Hello,

I had to rebuild my router and after many searches through the documention I can't find the useful howto on securing the router. I found it once, but not again. In the howto I saw, it had a section that you could cut & paste the info into the router terminal (very useful) and had two chain examples where you can drop any address if they attempted to port scan the router.

Does anyone recall where that info is located?

Many, many thanks in advance.

~James
 
cibernet
Long time Member
Long time Member
Posts: 610
Joined: Fri Jan 28, 2005 7:22 pm
Location: Marcos Juárez, Córdoba, Argentina
Contact:

Re: securing the Mikrotik router

Wed Dec 28, 2005 6:13 am

Hello,

I had to rebuild my router and after many searches through the documention I can't find the useful howto on securing the router. I found it once, but not again. In the howto I saw, it had a section that you could cut & paste the info into the router terminal (very useful) and had two chain examples where you can drop any address if they attempted to port scan the router.

Does anyone recall where that info is located?

Many, many thanks in advance.

~James
Hi, here is a gerenic firewall configuration you can copy and paste on a terminal, note you have to put a drop rule in the every chain in firewall, you have to allow your internal network on it before the drop rule.

Regards
/ ip firewall filter
#
# Cadena de Input
add chain=input connection-state=invalid action=drop comment="Rechaza conexiones Invalidas" disabled=no
add chain=input protocol=tcp psd=21,3s,3,1 action=drop comment="Detecta y rechaza Port Scans" disabled=no
add chain=input protocol=tcp dst-port=21 action=accept comment="Acceso a MT por FTP" disabled=no
add chain=input protocol=tcp dst-port=23 action=accept comment="Acceso a MT por Telnet" disabled=no
add chain=input protocol=tcp dst-port=24 action=accept comment="Acceso a MT por SSH" disabled=no
add chain=input protocol=tcp dst-port=80 action=accept comment="Acceso a MT por Winbox-Webbox" disabled=no
add chain=input protocol=tcp dst-port=8291 action=accept comment="Acceso a MT por Winbox" disabled=no
add chain=input connection-state=established action=accept comment="Permite las conexiones establecidas" disabled=no
add chain=input connection-state=related action=accept comment="Permite conexiones relativas" disabled=no
add chain=input protocol=udp action=accept comment="Permite conexiones UDP" disabled=no
add chain=input protocol=icmp limit=5,5 action=accept comment="Permite ping" disabled=no
#
# Cadena de Output
add chain=output connection-state=invalid action=drop comment="Rechaza conexiones Invalidas" disabled=no
#
# Cadena de Virus
add chain=Virus protocol=tcp dst-port=135-139 action=drop comment="Rechaza Gusano Blaster" disabled=no
add chain=Virus protocol=udp dst-port=135-139 action=drop comment="Rechaza Gusano Messenger" disabled=no
add chain=Virus protocol=tcp dst-port=445 action=drop comment="Rechaza Gusano Blaster" disabled=no
add chain=Virus protocol=udp dst-port=445 action=drop comment="Rechaza Gusano Blaster" disabled=no
add chain=Virus protocol=tcp dst-port=593 action=drop comment="________" disabled=no
add chain=Virus protocol=tcp dst-port=1024-1030 action=drop comment="RPC" disabled=no
add chain=Virus protocol=tcp dst-port=1080 action=drop comment="Rechaza MyDoom" disabled=no
add chain=Virus protocol=tcp dst-port=1363 action=drop comment="Rechaza Ndm Requester" disabled=no
add chain=Virus protocol=tcp dst-port=1364 action=drop comment="Rechaza Ndm Server" disabled=no
add chain=Virus protocol=tcp dst-port=1368 action=drop comment="Rechaza Screen Cast" disabled=no
add chain=Virus protocol=tcp dst-port=1373 action=drop comment="Rechaza Hromgrafx" disabled=no
add chain=Virus protocol=tcp dst-port=1377 action=drop comment="Rechaza Cichlid" disabled=no
add chain=Virus protocol=tcp dst-port=1433-1434 action=drop comment="Gusano" disabled=no
add chain=Virus protocol=tcp dst-port=2745 action=drop comment="Rechaza Bagle" disabled=no
add chain=Virus protocol=tcp dst-port=2283 action=drop comment="Rechaza Dumaru.Y" disabled=no
add chain=Virus protocol=tcp dst-port=2535 action=drop comment="Rechaza Beagle" disabled=no
add chain=Virus protocol=tcp dst-port=2735 action=drop comment="Rechaza Beagle.C-K" disabled=no
add chain=Virus protocol=tcp dst-port=3127-3128 action=drop comment="Rechaza MyDoom" disabled=no
add chain=Virus protocol=tcp dst-port=3410 action=drop comment="Rechaza Backdoor OptixPro" disabled=no
add chain=Virus protocol=tcp dst-port=4444 action=drop comment="Gusano" disabled=no
add chain=Virus protocol=udp dst-port=4444 action=drop comment="Gusano" disabled=no
add chain=Virus protocol=tcp dst-port=5554 action=drop comment="Rechaza Sasser" disabled=no
add chain=Virus protocol=tcp dst-port=8866 action=drop comment="Rechaza Beagle.B" disabled=no
add chain=Virus protocol=tcp dst-port=9898 action=drop comment="Rechaza Dabber.A-B" disabled=no
add chain=Virus protocol=tcp dst-port=10000 action=drop comment="Rechaza Dumaru.Y" disabled=no
add chain=Virus protocol=tcp dst-port=10080 action=drop comment="Rechaza MyDoom.B" disabled=no
add chain=Virus protocol=tcp dst-port=12345 action=drop comment="Rechaza NetBus" disabled=no
add chain=Virus protocol=tcp dst-port=17300 action=drop comment="Rechaza Kuang2" disabled=no
add chain=Virus protocol=tcp dst-port=27374 action=drop comment="Rechaza SubSeven" disabled=no
add chain=Virus protocol=tcp dst-port=65506 action=drop comment="Rechaza PhatBot, Gaobot" disabled=no
add chain=Virus action=return comment="Regresa a Forward" disabled=no
#
# Cadena de Bogon
add chain=Bogon src-address=0.0.0.0/8 action=drop comment="Rechaza IP Bogon" disabled=no
add chain=Bogon dst-address=0.0.0.0/8 action=drop comment="Rechaza IP Bogon" disabled=no
add chain=Bogon src-address=127.0.0.0/8 action=drop comment="Rechaza IP Bogon" disabled=no
add chain=Bogon dst-address=127.0.0.0/8 action=drop comment="Rechaza IP Bogon" disabled=no
add chain=Bogon src-address=224.0.0.0/3 action=drop comment="Rechaza IP Bogon" disabled=no
add chain=Bogon dst-address=224.0.0.0/3 action=drop comment="Rechaza IP Bogon" disabled=no
add chain=Bogon action=return comment="Regresa a Forward" disabled=no
# Cadena de Forward
add chain=forward connection-state=invalid action=drop comment="Rechaza conexiones Invalidas" disabled=no
add chain=forward connection-state=established action=accept comment="Permite las conexiones establecidas" disabled=no
add chain=forward connection-state=related action=accept comment="Permite conexiones relativas" disabled=no
add chain=forward protocol=udp action=accept comment="Permite conexiones UDP" disabled=no
add chain=forward protocol=icmp limit=5,5 action=accept comment="Permite ping" disabled=no
add chain=forward action=jump jump-target=Virus comment="Rechaza puertos de virus conocidos" disabled=no
add chain=forward action=jump jump-target=Bogon comment="Rechaza ip Bogon" disabled=no
#
 
Tonda
Member Candidate
Member Candidate
Posts: 164
Joined: Thu Jun 30, 2005 12:59 pm

Wed Dec 28, 2005 9:05 am

Look at demo.mt.lv (username demo, no password), there is demo router, configured by boys from Mikrotik, so you can use Winbox and review its configuration.
 
mrirh
just joined
Topic Author
Posts: 24
Joined: Fri Jul 09, 2004 10:54 pm

Wed Dec 28, 2005 8:47 pm

Hello,

Thank you for all of your replies. Very helpful.

On a similar topic, how can I drop 'port-scanning' packets? I had saw a fierwall filter that creats a list of any address that attempts to port-scan the router and a second chain that drop all packets from any address contained within that list. Has anyone seen where that is documented.

Again, thank you for your help.
 
User avatar
mag
Member
Member
Posts: 378
Joined: Thu Jul 01, 2004 12:32 pm
Location: Cologne, NRW, Germany
Contact:

Re: securing the Mikrotik router

Thu Dec 29, 2005 11:02 am

Does anyone recall where that info is located?
http://www.mikrotik.com/Documentation/HowTo.html

Who is online

Users browsing this forum: Alexandepz, Google [Bot], PwFactor and 101 guests