Cara ini bisa anda terapkan di warnet, hotspot, rt/rw, kantor , dll
Pencegahan malware WannaCry dengan menggunakan mikrotik dengan teknik memblok port SMB dan RDP. Untuk port SMB sendiri adalah : UDP 137,138 dan TCP 137,139, 445, sedangkan port RDP adalah 3389
Silahkan Copas script di bawah ini di terminal mikrotik anda
Di Firewall Filter
/ip firewall filter
add action=drop chain=input comment="=== WannaCry===" in-interface="" protocol=tcp src-port=137-139,445,3389
add action=drop chain=input in-interface="Internet" protocol=udp src-port=137-139,445,3389
add action=drop chain=input dst-port=137-139,445,3389 in-interface="Internet" protocol=tcp
add action=drop chain=input dst-port=137-139,445,3389 in-interface="Internet" protocol=udp
add action=drop chain=forward in-interface="Internet" protocol=tcp src-port=137-139,445,3389
add action=drop chain=forward in-interface="Internet" protocol=udp src-port=137-139,445,3389
add action=drop chain=forward dst-port=137-139,445,3389 in-interface="Internet" protocol=tcp
add action=drop chain=forward dst-port=137-139,445,3389 in-interface="Internet" protocol=udp
add action=drop chain=input comment="=== WannaCry===" in-interface="" protocol=tcp src-port=137-139,445,3389
add action=drop chain=input in-interface="Internet" protocol=udp src-port=137-139,445,3389
add action=drop chain=input dst-port=137-139,445,3389 in-interface="Internet" protocol=tcp
add action=drop chain=input dst-port=137-139,445,3389 in-interface="Internet" protocol=udp
add action=drop chain=forward in-interface="Internet" protocol=tcp src-port=137-139,445,3389
add action=drop chain=forward in-interface="Internet" protocol=udp src-port=137-139,445,3389
add action=drop chain=forward dst-port=137-139,445,3389 in-interface="Internet" protocol=tcp
add action=drop chain=forward dst-port=137-139,445,3389 in-interface="Internet" protocol=udp
Di bridge filter
/interface bridge filter
add action=drop chain=forward dst-port=137-139 in-interface=ether1-Internet ip-protocol=tcp mac-protocol=ip
add action=drop chain=forward dst-port=137-139 in-interface=ether1-Internet ip-protocol=udp mac-protocol=ip
add action=drop chain=forward dst-port=445 in-interface=ether1-Internet ip-protocol=tcp mac-protocol=ip
add action=drop chain=forward dst-port=445 in-interface=ether1-Internet ip-protocol=udp mac-protocol=ip
add action=drop chain=forward dst-port=3389 in-interface=ether1-Internet ip-protocol=tcp mac-protocol=ip
add action=drop chain=forward dst-port=3389 in-interface=ether1-Internet ip-protocol=udp mac-protocol=ip
add action=drop chain=forward dst-port=137-139 in-interface=ether1-Internet ip-protocol=tcp mac-protocol=ip
add action=drop chain=forward dst-port=137-139 in-interface=ether1-Internet ip-protocol=udp mac-protocol=ip
add action=drop chain=forward dst-port=445 in-interface=ether1-Internet ip-protocol=tcp mac-protocol=ip
add action=drop chain=forward dst-port=445 in-interface=ether1-Internet ip-protocol=udp mac-protocol=ip
add action=drop chain=forward dst-port=3389 in-interface=ether1-Internet ip-protocol=tcp mac-protocol=ip
add action=drop chain=forward dst-port=3389 in-interface=ether1-Internet ip-protocol=udp mac-protocol=ip
Fungsi di frewall filter adalah mencegah lalu lintas data di port SMB, sedangkan di bridge filter bisa berfungsi dengan kondisi internet dan jaringan dalam mode bridge dan satu segment ip dan subnet.
Sumber : mikrotik.co.id
0 Response to "Cegah Malware WannaCry di Mikrotik"
Post a Comment