[afnog] Virus/spyware eating up my bandwidth

Arnis Riekstins rieks at mikrotik.com
Mon May 16 11:07:12 EAT 2005


Create a firewall filter chain where you list 'bad' protocols and
ports, for example:
/ip firewall add name=virus
/ip firewall rule virus
add protocol=tcp dst-port=135-139 action=drop comment="Drop Blaster Worm"
add protocol=udp dst-port=135-139 action=drop comment="Drop Messenger Worm"
add protocol=tcp dst-port=445 action=drop comment="Drop Blaster Worm"
add protocol=udp dst-port=445 action=drop comment="Drop Blaster Worm"
... and so on. Build your own list. Use torch tool to see what might
need to be blocked.

Then make your forward chain start as follows:
/ip firewall rule forward
add connection-state=invalid action=drop comment="Drop invalid connections"
add connection-state=established comment="Established connections"
add connection-state=related comment="Related connections"
add action=jump jump-target=virus comment="!!! Check for well-known viruses !!!"

All new connections going through the router will be checked within
the 'bad' protocol/port list.

Sincerely,
Arnis
www.mikrotik.com


Saturday, May 14, 2005, 11:54:28 PM, you wrote:

> Dear all

> I appear to be having a virus attack or spywares
> eating up my bandwidth. Can someone out there help me
> how to go about the problem.

> I am using MIKROTIK RouterOS for my network. Could
> there be a setup on the router to help filter this
> bandwidth eating activity.

> regards

> Robert


		
> ___________________________________________________________ 
> How much free photo storage do you get? Store your holiday 
> snaps for FREE with Yahoo! Photos http://uk.photos.yahoo.com

> _______________________________________________
> afnog mailing list




More information about the afnog mailing list