SN Blog - Berikut beberapa cara Blok Ransomware WannaCry Pada Mikrotik:
Filter Rule
Metode dengan firewall rule bekerja pada traffic dimana host berada berada dalam subnet/segment ip berbeda, baik antar koneksi lokal maupun dari publik/internet
/ip firewall filter add chain=forward protocol=tcp \
dst-port=137-139,445,3389 action=drop disabled=no comment="Drop Ransomware WannaCry"
/ip firewall filter add chain=forward protocol=udp \
dst-port=137-139,445,3389 action=drop disabled=no comment="Drop Ransomware WannaCry"
Bridge Filter
Metode ini dapat diterapkan pada kondisi semua host berada dalam subnet/segment ip yang sama dan dalam kondisi bridging.
/interface bridge filter add chain=forward in-interface=ether1 \
mac-protocol=ip dst-port=137-139 ip-protocol=tcp action=drop disabled=no comment="Drop Ransomware WannaCry"
/interface bridge filter add chain=forward in-interface=ether1 \
mac-protocol=ip dst-port=137-139 ip-protocol=udp action=drop disabled=no comment="Drop Ransomware WannaCry"
/interface bridge filter add chain=forward in-interface=ether1 \
mac-protocol=ip dst-port=445 ip-protocol=tcp action=drop disabled=no comment="Drop Ransomware WannaCry"
/interface bridge filter add chain=forward in-interface=ether1 \
mac-protocol=ip dst-port=445 ip-protocol=udp action=drop disabled=no comment="Drop Ransomware WannaCry"
/interface bridge filter add chain=forward in-interface=ether1 \
mac-protocol=ip dst-port=3389 ip-protocol=tcp action=drop disabled=no comment="Drop Ransomware WannaCry"
/interface bridge filter add chain=forward in-interface=ether1 \
mac-protocol=ip dst-port=3389 ip-protocol=udp action=drop disabled=no comment="Drop Ransomware WannaCry"
Thanks to: http://www.mikrotik.co.id/artikel_lihat.php?id=250
Mohon gunakan bahasa yang sopan dan santun. Terimakasih
EmoticonEmoticon