Mitigasi Exploit di RouterOS

Beberapa bulan ini banyak beberapa routerOS yang terkena serangan exploit..

Saya akan memberikan rule default yang lumayan ampuh untuk mencegah serangan tersebut.













/ip firewall filter
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept ICMP" dst-port=8291 protocol=tcp
add action=accept chain=input comment="defconf: accept ICMP" dst-port=8291 protocol=udp
add action=accept chain=input comment="defconf: accept established,related" connection-state=established,related
add action=drop chain=input comment="defconf: drop all from WAN" in-interface="pppoe-out1"
add action=accept chain=forward comment="defconf: accept established,related" connection-state=established,related
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf:  drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface="pppoe-out1"

Notes : sesuaikan interface WAN kalian

Kemudian kita juga bisa menerapkan ACL berdasarkan subnet local, silahkan tambahkan sendiri jika network kalian tidak termasuk dibawah ini.

/ip service

set telnet address=192.168.0.0/16 disabled=no

set ftp address=192.168.0.0/16 disabled=no

set www address=192.168.0.0/16 disabled=no

set ssh address=192.168.0.0/16 disabled=no

set www-ssl address=192.168.0.0/16 disabled=no

set api address=192.168.0.0/16 disabled=no

set winbox address=192.168.0.0/16 disabled=no

set api-ssl address=192.168.0.0/16 disabled=no

Kemudian kita bisa juga menggunakan metode port knocking, atau yang disebut metode ketuk pintu, silahkan baca disini

Apabila orang nya masih nakal, scan port kita, kita drop saja menggunakan PSD , tutorial nya disini

Kemudian jangan lupa untuk mengupgrade RouterOS + Firmware terbaru 

Saran saya gunakan 6.40.8 versi bugfix

Share this post