Selasa, 16 Mei 2017

Blok Ransomware WannaCry Pada Mikrotik

Seven - Berikut beberapa cara Blok Ransomware WannaCry Pada Mikrotik:

Filter Rule

Metode dengan firewall rule bekerja pada traffic dimana host berada berada dalam subnet/segment ip berbeda, baik antar koneksi lokal maupun dari publik/internet

/ip firewall filter add chain=forward protocol=tcp \
dst-port=137-139,445,3389 action=drop disabled=no comment="Drop Ransomware WannaCry" 
/ip firewall filter add chain=forward protocol=udp \
dst-port=137-139,445,3389 action=drop disabled=no comment="Drop Ransomware WannaCry"

Bridge Filter

Metode ini dapat diterapkan pada kondisi semua host berada dalam subnet/segment ip yang sama dan dalam kondisi bridging.

/interface bridge filter add chain=forward in-interface=ether1 \
mac-protocol=ip dst-port=137-139 ip-protocol=tcp action=drop disabled=no comment="Drop Ransomware WannaCry" 
/interface bridge filter add chain=forward in-interface=ether1 \
mac-protocol=ip dst-port=137-139 ip-protocol=udp action=drop disabled=no comment="Drop Ransomware WannaCry" 
/interface bridge filter add chain=forward in-interface=ether1 \
mac-protocol=ip dst-port=445 ip-protocol=tcp action=drop disabled=no comment="Drop Ransomware WannaCry" 
/interface bridge filter add chain=forward in-interface=ether1 \
mac-protocol=ip dst-port=445 ip-protocol=udp action=drop disabled=no comment="Drop Ransomware WannaCry"
/interface bridge filter add chain=forward in-interface=ether1 \
mac-protocol=ip dst-port=3389 ip-protocol=tcp action=drop disabled=no comment="Drop Ransomware WannaCry" 
/interface bridge filter add chain=forward in-interface=ether1 \
mac-protocol=ip dst-port=3389 ip-protocol=udp action=drop disabled=no comment="Drop Ransomware WannaCry"

Thanks to: http://www.mikrotik.co.id/artikel_lihat.php?id=250