[afnog] Virus/spyware eating up my bandwidth
Arnis Riekstins
rieks at mikrotik.com
Mon May 16 11:07:12 EAT 2005
Create a firewall filter chain where you list 'bad' protocols and
ports, for example:
/ip firewall add name=virus
/ip firewall rule virus
add protocol=tcp dst-port=135-139 action=drop comment="Drop Blaster Worm"
add protocol=udp dst-port=135-139 action=drop comment="Drop Messenger Worm"
add protocol=tcp dst-port=445 action=drop comment="Drop Blaster Worm"
add protocol=udp dst-port=445 action=drop comment="Drop Blaster Worm"
... and so on. Build your own list. Use torch tool to see what might
need to be blocked.
Then make your forward chain start as follows:
/ip firewall rule forward
add connection-state=invalid action=drop comment="Drop invalid connections"
add connection-state=established comment="Established connections"
add connection-state=related comment="Related connections"
add action=jump jump-target=virus comment="!!! Check for well-known viruses !!!"
All new connections going through the router will be checked within
the 'bad' protocol/port list.
Sincerely,
Arnis
www.mikrotik.com
Saturday, May 14, 2005, 11:54:28 PM, you wrote:
> Dear all
> I appear to be having a virus attack or spywares
> eating up my bandwidth. Can someone out there help me
> how to go about the problem.
> I am using MIKROTIK RouterOS for my network. Could
> there be a setup on the router to help filter this
> bandwidth eating activity.
> regards
> Robert
> ___________________________________________________________
> How much free photo storage do you get? Store your holiday
> snaps for FREE with Yahoo! Photos http://uk.photos.yahoo.com
> _______________________________________________
> afnog mailing list
More information about the afnog
mailing list