Community discussions

 
dannyboy
Member Candidate
Member Candidate
Topic Author
Posts: 195
Joined: Fri Sep 16, 2005 4:21 am
Location: Nicaragua/USA
Contact:

how to stop viruses !!

Mon Oct 16, 2006 7:41 pm

Hello,
How can I make my MT stop viruses from coming into my network? There are some hardware that do this but are very expensive. Can MT do this? Check and stop viruses?

thanks
 
User avatar
Alessio Garavano
Member Candidate
Member Candidate
Posts: 299
Joined: Sat May 29, 2004 12:49 am
Location: Corrientes, Argentina
Contact:

Tue Oct 17, 2006 2:40 am

Hi, i created these 2 simple rules for firewall forward and this work very fine...... do not say it to anybody ;) :D

2 ;;; BLOCK SPAMMERS OR INFECTED USERS
chain=forward protocol=tcp dst-port=25 src-address-list=spammer
action=drop

3 ;;; Detect and add-list SMTP virus or spammers
chain=forward protocol=tcp dst-port=25 connection-limit=30,32 limit=50,5 src-address-list=!spammer action=add-src-to-address-list
address-list=spammer address-list-timeout=1d

When detect an infected user with a worm or doing spamming this rule add this user to a spammer list and block the STMP outgoing for 1 day ;)

Regards!
Alessio
Alessio Garavano
http://www.isparg.com.ar
 
User avatar
janisk
MikroTik Support
MikroTik Support
Posts: 6267
Joined: Tue Feb 14, 2006 9:46 am
Location: Riga, Latvia

Tue Oct 17, 2006 12:55 pm

you can drop common ports, that are used bu viruses.
you have to chekc new connections only.

and you can never be sure - if one of your customers is infected?

only thing that can be done - educate your users.
 
User avatar
acim
Member
Member
Posts: 424
Joined: Mon Sep 12, 2005 12:26 am
Location: Serbia
Contact:

Re: how to stop viruses !!

Sat Dec 15, 2007 1:19 am

Do you get "innocent" users to your black list? I know some of my users and I know their computers are clean of viruses, but some of the still get on the black list sometimes. Is it just a aggresive mail clients or what? Is it maybe possible to tweak these parameters better? I mean number of connections and packets per socond.
 
trottolino1970
Member Candidate
Member Candidate
Posts: 192
Joined: Thu May 17, 2007 4:25 pm
Contact:

Re:

Tue Mar 18, 2008 12:05 pm

Hi, i created these 2 simple rules for firewall forward and this work very fine...... do not say it to anybody ;) :D

2 ;;; BLOCK SPAMMERS OR INFECTED USERS
chain=forward protocol=tcp dst-port=25 src-address-list=spammer
action=drop

3 ;;; Detect and add-list SMTP virus or spammers
chain=forward protocol=tcp dst-port=25 connection-limit=30,32 limit=50,5 src-address-list=!spammer action=add-src-to-address-list
address-list=spammer address-list-timeout=1d

When detect an infected user with a worm or doing spamming this rule add this user to a spammer list and block the STMP outgoing for 1 day ;)

Regards!
Alessio

this rule work very well?

Who is online

Users browsing this forum: No registered users and 58 guests