Community discussions

MikroTik App
 
dakky21
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 85
Joined: Sat Sep 17, 2005 8:26 pm
Location: Croatia

How to block bots?

Sat Oct 11, 2014 5:16 pm

My ISP blocked my account because a computer in the network is the part of the botnet, and it was used in a fast flux domain. Type of infection was sinkhole. I don't really know what all of that means, but can be something done on the Mikrotik itself to prevent that from happening in the future?

Thanks
 
jaykay2342
Member
Member
Posts: 336
Joined: Tue Dec 04, 2012 2:49 pm
Location: /Vigor/LocalGroup/Milky Way/Earth/Europe/Germany

Re: How to block bots?

Sat Oct 18, 2014 1:49 pm

There is no general solution to block bots/trojans/etc. They are all different. You can install an IDS to detect suspicious botnet/CnC traffic. There are also couple of lists with known Botnet CnC server ip addresses. For example www.abuse.ch is providing backlists for Zeus/spyeye/palevo/feodo malware.

Hunting for compromised hosts is a ongoing task and can not easily done with some generic firewall rules.
 
PortalNET
Member Candidate
Member Candidate
Posts: 126
Joined: Sun Apr 02, 2017 7:24 pm

Re: How to block bots?

Wed Jan 12, 2022 9:52 pm

Hi guys
interesting topic i came across, i have setup a monitoring tool to monitor all our traffic and recently we are seeing alot of traffic from certain IPs.. named bot-smokeloader, bot-ponyloader trying to connect on our ASN network.

i was wondering if there is any way to block this traffic manually based on the IDS like its showing on the monitoring tool cymru.

Any ideas on how this is done on the mikrotik?
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19109
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: How to block bots?

Wed Jan 12, 2022 10:50 pm

Well the issues.
a. you give access to the internet to users.
b. they click/phish/visit sites and get infected.

Now all that bad traffic is allowed outbound and the computer is now toast!
How to stop bad outbound traffic within all the regular allowed internet traffic is your question I guess.

Check out this as a potential answer because they do all the legwork for you to help detect and stop such activities within the capabilities of the router.
https://itexpertoncall.com/promotional/moab.html

Who is online

Users browsing this forum: Bing [Bot], GoogleOther [Bot], migod, mysz0n, tangent, vbkp and 92 guests