Berbagi pengalaman dengan teman2 nih.
Berpedoman pada info di http://www.glocksoft.com/trojan_port.htm, saya membuat di filter mikrotik agar mudah diadmin oleh kita.
Trojan port ini dipisahkan antara yang tcp port and udp port dengan tujuan jika ada penambahan atau pengurangan akan memudahkan untuk mencari dan menemukannya.. apalagi kalau yang bikin sudah check-out :-D
Dan juga didefinisikan dari arah mana kita mau ngeblok dari arah LAN atau internet.
Sebelumnya, harap diperhatikan bahwa buka tutup port sangat ditentukan kebutuhan kita akan port yang kita pakai. Jadi tutorial ini bukan harga mati untuk menutup port2 jika ada port yang dibutuhkan.. tinggal di adjust on purpose lah.
Pertama2 kita mendefinisikan untuk yang TCP port
Code:
/ip firewall filter
add action=drop chain=tcp-viruses comment="Socks Des Troie, Death" disabled=\
no dst-port=1-2 protocol=tcp
add action=drop chain=tcp-viruses comment=\
"Agent 31, Hacker's Paradise, Agent 40421" disabled=no dst-port=30-31 \
protocol=tcp
add action=drop chain=tcp-viruses comment=\
"More than 3 known worms and trojans use this port" disabled=no dst-port=\
37 protocol=tcp
add action=drop chain=tcp-viruses comment="Deep Throat Fore play" disabled=no \
dst-port=41 protocol=tcp
add action=drop chain=tcp-viruses comment=DRAT disabled=no dst-port=48 \
protocol=tcp
add action=drop chain=tcp-viruses comment=DRAT disabled=no dst-port=50 \
protocol=tcp
add action=drop chain=tcp-viruses comment="DM Setup" disabled=no dst-port=\
58-59 protocol=tcp
add action=drop chain=tcp-viruses comment=W32.Evala.Worm disabled=no \
dst-port=69-70 protocol=tcp
add action=drop chain=tcp-viruses comment="CDK, Firehotcker" disabled=no \
dst-port=79 protocol=tcp
add action=drop chain=tcp-viruses comment="Beagle.S RemoconChubo" disabled=no \
dst-port=81 protocol=tcp
add action=drop chain=tcp-viruses comment=\
"More than 3 known worms and trojans use this port" disabled=no dst-port=\
85-90 protocol=tcp
add action=drop chain=tcp-viruses comment=\
"Common Port for phishing scam sites, Hiddenport, NCX" disabled=no \
dst-port=99 protocol=tcp
add action=drop chain=tcp-viruses comment="More than 3 known worms and trojans\
usethis port , Invisible Identd Deamon, Kazimas" disabled=no dst-port=\
113 protocol=tcp
add action=drop chain=tcp-viruses comment=Happy99 disabled=no dst-port=119 \
protocol=tcp
add action=drop chain=tcp-viruses comment=\
"Jammer Killah, Attack Bot, God Message" disabled=no dst-port=121 \
protocol=tcp
add action=drop chain=tcp-viruses comment="Password Generator Protocol" \
disabled=no dst-port=129 protocol=tcp
add action=drop chain=tcp-viruses comment=Farnaz disabled=no dst-port=133 \
protocol=tcp
add action=drop chain=tcp-viruses comment=\
"More than 3 known worms and trojans use this port" disabled=no dst-port=\
135-139 protocol=tcp
add action=drop chain=tcp-viruses comment=NetTaxi disabled=no dst-port=142 \
protocol=tcp
add action=drop chain=tcp-viruses comment="Infector 1.3" disabled=no \
dst-port=146 protocol=tcp
add action=drop chain=tcp-viruses comment=A.Trojan disabled=no dst-port=170 \
protocol=tcp
add action=drop chain=tcp-viruses comment=W32.Rotor disabled=no dst-port=382 \
protocol=tcp
add action=drop chain=tcp-viruses comment=Backage disabled=no dst-port=334 \
protocol=tcp
add action=drop chain=tcp-viruses comment=Backage disabled=no dst-port=411 \
protocol=tcp
add action=drop chain=tcp-viruses comment=\
"W32.kibuv.b, Breach, Incognito, tcp Wrappers" disabled=no dst-port=\
420-421 protocol=tcp
add action=drop chain=tcp-viruses comment=\
"More than 3 known worms and trojans use this port" disabled=no dst-port=\
445 in-interface=!ether-local protocol=tcp src-address-list=!pura-local
add action=drop chain=tcp-viruses comment=\
"Fatal Connections - Hacker's Paradise" disabled=no dst-port=455-456 \
protocol=tcp
add action=drop chain=tcp-viruses comment="Hacker's Paradise" disabled=no \
dst-port=456 protocol=tcp
add action=drop chain=tcp-viruses comment="Grlogin, RPC backDoor" disabled=no \
dst-port=513-514 protocol=tcp
add action=drop chain=tcp-viruses comment=W32.kibuv.worm disabled=no \
dst-port=530 protocol=tcp
add action=drop chain=tcp-viruses comment="Rasmin, Net666" disabled=no \
dst-port=531 protocol=tcp
add action=drop chain=tcp-viruses comment=\
"Stealth Spy, Phaze, 7-11 Trojan, Ini-Killer, Phase Zero, Phase-0" \
disabled=no dst-port=555 protocol=tcp
add action=drop chain=tcp-viruses comment=\
"More than 3 known worms and trojans use this port" disabled=no dst-port=\
559 protocol=tcp
add action=drop chain=tcp-viruses comment="Sober worm Variants" disabled=no \
dst-port=587 protocol=tcp
add action=drop chain=tcp-viruses comment="W.32.Sasser worm" disabled=no \
dst-port=593 protocol=tcp
add action=drop chain=tcp-viruses comment="Secret Service" disabled=no \
dst-port=605 protocol=tcp
add action=drop chain=tcp-viruses comment=\
"Attack FTP, Back Construction, BLA Trojan, NokNok, satans" disabled=no \
dst-port=666 protocol=tcp
add action=drop chain=tcp-viruses comment=SnipperNet disabled=no dst-port=667 \
protocol=tcp
add action=drop chain=tcp-viruses comment="Dp Trojan" disabled=no dst-port=\
669 protocol=tcp
add action=drop chain=tcp-viruses comment=GayOL disabled=no dst-port=692 \
protocol=tcp
add action=drop chain=tcp-viruses comment="BackDoor.Netcrack.B - AimSpy" \
disabled=no dst-port=777-778 protocol=tcp
add action=drop chain=tcp-viruses comment=WinHole disabled=no dst-port=808 \
protocol=tcp
add action=drop chain=tcp-viruses comment=\
"Common Port for phishing scam sites" disabled=no dst-port=880 protocol=\
tcp
add action=drop chain=tcp-viruses comment=Backdoor.Devil disabled=no \
dst-port=901-902 protocol=tcp
add action=drop chain=tcp-viruses comment="Dark Shadow" disabled=no dst-port=\
911 protocol=tcp
add action=drop chain=tcp-viruses comment=\
"More than 3 known worms and trojans use this port" disabled=no dst-port=\
999-1001 protocol=tcp
add action=drop chain=tcp-viruses comment="Doly Trojan" disabled=no dst-port=\
1011-1016 protocol=tcp
add action=drop chain=tcp-viruses comment=Vampire disabled=no dst-port=1020 \
protocol=tcp
add action=drop chain=tcp-viruses comment=Backdoor.lingosky disabled=no \
dst-port=1024-1025 protocol=tcp
add action=drop chain=tcp-viruses comment="NetSpy, Multidropper" disabled=no \
dst-port=1033-1035 protocol=tcp
add action=drop chain=tcp-viruses comment=Bla disabled=no dst-port=1042 \
protocol=tcp
add action=drop chain=tcp-viruses comment=Rasmin disabled=no dst-port=1045 \
protocol=tcp
add action=drop chain=tcp-viruses comment="/sbin/initd - MiniCommand" \
disabled=no dst-port=1049-1050 protocol=tcp
add action=drop chain=tcp-viruses comment="The Thief, AckCmd" disabled=no \
dst-port=1053-1054 protocol=tcp
add action=drop chain=tcp-viruses comment="Backdoor.Zagaban, WinHole" \
disabled=no dst-port=1080-1083 protocol=tcp
add action=drop chain=tcp-viruses comment=Xtreme disabled=no dst-port=1090 \
protocol=tcp
add action=drop chain=tcp-viruses comment="RAT, Blood Fest Evoltion" \
disabled=no dst-port=1095-1099 protocol=tcp
add action=drop chain=tcp-viruses comment=\
"More than 3 known worms and trojans use this port" disabled=no dst-port=\
1111 protocol=tcp
add action=drop chain=tcp-viruses comment=Orion disabled=no dst-port=\
1150-1151 protocol=tcp
add action=drop chain=tcp-viruses comment="Psyber Stream Server" disabled=no \
dst-port=1170 protocol=tcp
add action=drop chain=tcp-viruses comment=SoftWAR,Infector disabled=no \
dst-port=1207-1208 protocol=tcp
add action=drop chain=tcp-viruses comment=Kaos disabled=no dst-port=1212 \
protocol=tcp
add action=drop chain=tcp-viruses comment=Backdoor.Sazo disabled=no dst-port=\
1218 protocol=tcp
add action=drop chain=tcp-viruses comment=\
"More than 3 known worms and trojans use this port" disabled=no dst-port=\
1234 protocol=tcp
add action=drop chain=tcp-viruses comment="Sub Seven" disabled=no dst-port=\
1243 protocol=tcp
add action=drop chain=tcp-viruses comment="VooDoo Doll" disabled=no dst-port=\
1245 protocol=tcp
add action=drop chain=tcp-viruses comment="Scarab, Project next" disabled=no \
dst-port=1255-1256 protocol=tcp
add action=drop chain=tcp-viruses comment="Maverick's Matrix" disabled=no \
dst-port=1269 protocol=tcp
add action=drop chain=tcp-viruses comment="The Matrix" disabled=no dst-port=\
1272 protocol=tcp
add action=drop chain=tcp-viruses comment=NETrojan disabled=no dst-port=1313 \
protocol=tcp
add action=drop chain=tcp-viruses comment="Millenium Worm" disabled=no \
dst-port=1338 protocol=tcp
add action=drop chain=tcp-viruses comment="Bo dll" disabled=no dst-port=1349 \
protocol=tcp
add action=drop chain=tcp-viruses comment="GoFriller, Backdoor G-1" disabled=\
no dst-port=1394 protocol=tcp
add action=drop chain=tcp-viruses comment=w32.spybot.ofn disabled=no \
dst-port=1433 protocol=tcp
add action=drop chain=tcp-viruses comment="remote Storm" disabled=no \
dst-port=1441 protocol=tcp
add action=drop chain=tcp-viruses comment=FTP99CMP disabled=no dst-port=1492 \
protocol=tcp
add action=drop chain=tcp-viruses comment="FunkProxy " disabled=no dst-port=\
1505 protocol=tcp
add action=drop chain=tcp-viruses comment="Psyber Streaming server" disabled=\
no dst-port=1509 protocol=tcp
add action=drop chain=tcp-viruses comment=Trinoo disabled=no dst-port=1524 \
protocol=tcp
add action=drop chain=tcp-viruses comment="Remote Hack" disabled=no dst-port=\
1568 protocol=tcp
add action=drop chain=tcp-viruses comment="Backdoor.Miffice, Bize.Worm" \
disabled=no dst-port=1533-1534 protocol=tcp
add action=drop chain=tcp-viruses comment="Shivka-Burka, Direct Connection" \
disabled=no dst-port=1600 protocol=tcp
add action=drop chain=tcp-viruses comment="ICA Browser" disabled=no dst-port=\
1604 protocol=tcp
add action=drop chain=tcp-viruses comment=Exploiter disabled=no dst-port=1703 \
protocol=tcp
add action=drop chain=tcp-viruses comment=Scarab disabled=no dst-port=1777 \
protocol=tcp
add action=drop chain=tcp-viruses comment=Loxbot.d disabled=no dst-port=1751 \
protocol=tcp
add action=drop chain=tcp-viruses comment=Backdoor.NetControle disabled=no \
dst-port=1772 protocol=tcp
add action=drop chain=tcp-viruses comment=SpySender disabled=no dst-port=1807 \
protocol=tcp
add action=drop chain=tcp-viruses comment=\
"More than 3 known worms and trojans use this port" disabled=no dst-port=\
1863 protocol=tcp
add action=drop chain=tcp-viruses comment="Fake FTP. WM FTP Server" disabled=\
no dst-port=1966-1967 protocol=tcp
add action=drop chain=tcp-viruses comment="Shockrave, Bowl" disabled=no \
dst-port=1981 protocol=tcp
add action=drop chain=tcp-viruses comment="OpC BO" disabled=no dst-port=1969 \
protocol=tcp
add action=drop chain=tcp-viruses comment=\
"More than 3 known worms and trojans use this port" disabled=no dst-port=\
1999-2005 protocol=tcp
add action=drop chain=tcp-viruses comment=Ripper disabled=no dst-port=2023 \
protocol=tcp
add action=drop chain=tcp-viruses comment=W32.korgo.a disabled=no dst-port=\
2041 protocol=tcp
add action=drop chain=tcp-viruses comment="Backdoor.TJServ - WinHole" \
disabled=no dst-port=2080 protocol=tcp
add action=drop chain=tcp-viruses comment=Backdoor.Expjan disabled=no \
dst-port=2090 protocol=tcp
add action=drop chain=tcp-viruses comment=Bugs disabled=no dst-port=2115 \
protocol=tcp
add action=drop chain=tcp-viruses comment="Deep Throat" disabled=no dst-port=\
2140 protocol=tcp
add action=drop chain=tcp-viruses comment="Illusion Mailer" disabled=no \
dst-port=2155 protocol=tcp
add action=drop chain=tcp-viruses comment=Nirvana disabled=no dst-port=2255 \
protocol=tcp
add action=drop chain=tcp-viruses comment="Hvl RAT, Dumaru" disabled=no \
dst-port=2283 protocol=tcp
add action=drop chain=tcp-viruses comment=Xplorer disabled=no dst-port=2300 \
protocol=tcp
add action=drop chain=tcp-viruses comment="Studio 54" disabled=no dst-port=\
2311 protocol=tcp
add action=drop chain=tcp-viruses comment=backdoor.shellbot disabled=no \
dst-port=2322 protocol=tcp
add action=drop chain=tcp-viruses comment=\
"backdoor.shellbot, Eyeveg.worm.c, contact" disabled=no dst-port=\
2330-2339 protocol=tcp
add action=drop chain=tcp-viruses comment=vbs.shania disabled=no dst-port=\
2414 protocol=tcp
add action=drop chain=tcp-viruses comment=Beagle.N disabled=no dst-port=2556 \
protocol=tcp
add action=drop chain=tcp-viruses comment=Striker disabled=no dst-port=2565 \
protocol=tcp
add action=drop chain=tcp-viruses comment=WinCrash disabled=no dst-port=2583 \
protocol=tcp
add action=drop chain=tcp-viruses comment="The Prayer 1.2 -1.3" disabled=no \
dst-port=2716 protocol=tcp
add action=drop chain=tcp-viruses comment="Phase Zero" disabled=no dst-port=\
2721 protocol=tcp
add action=drop chain=tcp-viruses comment=Beagle.J disabled=no dst-port=2745 \
protocol=tcp
add action=drop chain=tcp-viruses comment=W32.hllw.deadhat.b disabled=no \
dst-port=2766 protocol=tcp
add action=drop chain=tcp-viruses comment=SubSeven disabled=no dst-port=\
2773-2774 protocol=tcp
add action=drop chain=tcp-viruses comment="Phineas Phucker" disabled=no \
dst-port=2801 protocol=tcp
add action=drop chain=tcp-viruses comment=Backdoor.Brador.A disabled=no \
dst-port=2989 protocol=tcp
add action=drop chain=tcp-viruses comment="Remote Shut" disabled=no dst-port=\
3000 protocol=tcp
[sambungan 2]
Code:
add action=drop chain=tcp-viruses comment=WinCrash disabled=no dst-port=3024 \
protocol=tcp
add action=drop chain=tcp-viruses comment=Backdoor.Wortbot disabled=no \
dst-port=3028 protocol=tcp
add action=drop chain=tcp-viruses comment="W32.Mytob.cz@mm, MicroSpy" \
disabled=no dst-port=3030-3031 protocol=tcp
add action=drop chain=tcp-viruses comment=W32.korgo.a disabled=no dst-port=\
3067 protocol=tcp
add action=drop chain=tcp-viruses comment=\
"More than 3 known worms and trojans use this port" disabled=no dst-port=\
3127-3198 protocol=tcp
add action=drop chain=tcp-viruses comment=W32.HLLW.Dax disabled=no dst-port=\
3256 protocol=tcp
add action=drop chain=tcp-viruses comment=Backdoor.Nemog.D disabled=no \
dst-port=3306 protocol=tcp
add action=drop chain=tcp-viruses comment=\
"More than 3 known worms and trojans use this port" disabled=no dst-port=\
3332 protocol=tcp
add action=drop chain=tcp-viruses comment=w32.Mytob.kp@MM disabled=no \
dst-port=3385 protocol=tcp
add action=drop chain=tcp-viruses comment=W32.mockbot.a.worm disabled=no \
dst-port=3410 protocol=tcp
add action=drop chain=tcp-viruses comment="Backdoor.Fearic, Terror Trojan" \
disabled=no dst-port=3456 protocol=tcp
add action=drop chain=tcp-viruses comment="Eclipse 2000" disabled=no \
dst-port=3459 protocol=tcp
add action=drop chain=tcp-viruses comment=Backdoor.Amitis.B disabled=no \
dst-port=3547 protocol=tcp
add action=drop chain=tcp-viruses comment="Portal of Doom" disabled=no \
dst-port=3700 protocol=tcp
add action=drop chain=tcp-viruses comment=Backdoor.helios disabled=no \
dst-port=3737 protocol=tcp
add action=drop chain=tcp-viruses comment=PsychWard disabled=no dst-port=3777 \
protocol=tcp
add action=drop chain=tcp-viruses comment=Eclypse disabled=no dst-port=3791 \
protocol=tcp
add action=drop chain=tcp-viruses comment=Eclypse disabled=no dst-port=3801 \
protocol=tcp
add action=drop chain=tcp-viruses comment=SkyDance,Backdoor.OptixPro.13.C \
disabled=no dst-port=4000-4001 protocol=tcp
add action=drop chain=tcp-viruses comment=WinCrash disabled=no dst-port=4092 \
protocol=tcp
add action=drop chain=tcp-viruses comment=Backdoor.rcserv disabled=no \
dst-port=4128 protocol=tcp
add action=drop chain=tcp-viruses comment=\
"Backdoor.Nemog.D - Virtual Hacking Machine" disabled=no dst-port=4242 \
protocol=tcp
add action=drop chain=tcp-viruses comment=Backdoor.smokodoor disabled=no \
dst-port=4300 protocol=tcp
add action=drop chain=tcp-viruses comment=BoBo disabled=no dst-port=4321 \
protocol=tcp
add action=drop chain=tcp-viruses comment=Phatbot disabled=no dst-port=4387 \
protocol=tcp
add action=drop chain=tcp-viruses comment=\
"More than 3 known worms and trojans use this port" disabled=no dst-port=\
4444 protocol=tcp
add action=drop chain=tcp-viruses comment=W32.mytob.db disabled=no dst-port=\
4512 protocol=tcp
add action=drop chain=tcp-viruses comment="File Nail" disabled=no dst-port=\
4567 protocol=tcp
add action=drop chain=tcp-viruses comment="ICQ Trojan" disabled=no dst-port=\
4590 protocol=tcp
add action=drop chain=tcp-viruses comment=Backdoor.Nemog.D disabled=no \
dst-port=4646 protocol=tcp
add action=drop chain=tcp-viruses comment=Backdoor.Nemog.D disabled=no \
dst-port=4661 protocol=tcp
add action=drop chain=tcp-viruses comment=Beagle.U disabled=no dst-port=4751 \
protocol=tcp
add action=drop chain=tcp-viruses comment=Backdoor.tuxder disabled=no \
dst-port=4820 protocol=tcp
add action=drop chain=tcp-viruses comment=W32.Opanki disabled=no dst-port=\
4888 protocol=tcp
add action=drop chain=tcp-viruses comment=W32.RaHack disabled=no dst-port=\
4899 protocol=tcp
add action=drop chain=tcp-viruses comment=\
"Common Port for phishing scam sites" disabled=no dst-port=4903 protocol=\
tcp
add action=drop chain=tcp-viruses comment="ICQ Trogen" disabled=no dst-port=\
4950 protocol=tcp
add action=drop chain=tcp-viruses comment="Sokets de Trois v1./Bubbel, cd00r" \
disabled=no dst-port=5000-5002 protocol=tcp
add action=drop chain=tcp-viruses comment=Solo,Ootlt disabled=no dst-port=\
5010-5011 protocol=tcp
add action=drop chain=tcp-viruses comment="WM Remote Keylogger" disabled=no \
dst-port=5025 protocol=tcp
add action=drop chain=tcp-viruses comment="Net Metropolitan 1.0" disabled=no \
dst-port=5031-5032 protocol=tcp
add action=drop chain=tcp-viruses comment=Backdoor.laphex.client disabled=no \
dst-port=5152 protocol=tcp
add action=drop chain=tcp-viruses comment=\
"More than 3 known worms and trojans use this port" disabled=no dst-port=\
5190 protocol=tcp
add action=drop chain=tcp-viruses comment=Firehotcker disabled=no dst-port=\
5321 protocol=tcp
add action=drop chain=tcp-viruses comment=Baackage,NetDemon disabled=no \
dst-port=5333 protocol=tcp
add action=drop chain=tcp-viruses comment="WC Remote Administration Tool" \
disabled=no dst-port=5343 protocol=tcp
add action=drop chain=tcp-viruses comment="Blade Runner" disabled=no \
dst-port=5400-5402 protocol=tcp
add action=drop chain=tcp-viruses comment=\
"Backdoor.DarkSky.B, Backconstruction" disabled=no dst-port=5418-5419 \
protocol=tcp
add action=drop chain=tcp-viruses comment="Xtcp, Illusion Mailer" disabled=no \
dst-port=5512 protocol=tcp
add action=drop chain=tcp-viruses comment="The Flu" disabled=no dst-port=5534 \
protocol=tcp
add action=drop chain=tcp-viruses comment=\
"More than 3 known worms and trojans use this port " disabled=no \
dst-port=5550-5558 protocol=tcp
add action=drop chain=tcp-viruses comment=Robo-Hack disabled=no dst-port=5569 \
protocol=tcp
add action=drop chain=tcp-viruses comment=Backdoor.EasyServ disabled=no \
dst-port=5588 protocol=tcp
[sambungan 3]
Code:
add action=drop chain=tcp-viruses comment="PC Crasher" disabled=no dst-port=\
5637-5638 protocol=tcp
add action=drop chain=tcp-viruses comment=WinCrash disabled=no dst-port=5714 \
protocol=tcp
add action=drop chain=tcp-viruses comment=WinCrash disabled=no dst-port=\
5741-5742 protocol=tcp
add action=drop chain=tcp-viruses comment="Portmap Remote Root Linux Exploit" \
disabled=no dst-port=5760 protocol=tcp
add action=drop chain=tcp-viruses comment=Backdoor.Evivinc disabled=no \
dst-port=5800 protocol=tcp
add action=drop chain=tcp-viruses comment="Y3K RAT" disabled=no dst-port=5880 \
protocol=tcp
add action=drop chain=tcp-viruses comment="Y3K RAT" disabled=no dst-port=5882 \
protocol=tcp
add action=drop chain=tcp-viruses comment="Y3K RAT" disabled=no dst-port=\
5888-5889 protocol=tcp
add action=drop chain=tcp-viruses comment=Backdoor.Evivinc disabled=no \
dst-port=5900 protocol=tcp
add action=drop chain=tcp-viruses comment=LovGate.ak disabled=no dst-port=\
6000 protocol=tcp
add action=drop chain=tcp-viruses comment="Bad Blood" disabled=no dst-port=\
6006 protocol=tcp
add action=drop chain=tcp-viruses comment=W32.mockbot.a.worm disabled=no \
dst-port=6129 protocol=tcp
add action=drop chain=tcp-viruses comment=\
"Common Port for phishing scam sites" disabled=no dst-port=6180 protocol=\
tcp
add action=drop chain=tcp-viruses comment=Trojan.Tilser disabled=no dst-port=\
6187 protocol=tcp
add action=drop chain=tcp-viruses comment="Secret Service" disabled=no \
dst-port=6272 protocol=tcp
add action=drop chain=tcp-viruses comment="The Thing" disabled=no dst-port=\
6400 protocol=tcp
add action=drop chain=tcp-viruses comment=Backdoor.Nemog.D disabled=no \
dst-port=6565 protocol=tcp
add action=drop chain=tcp-viruses comment=backdoor.sdbot.ag disabled=no \
dst-port=6631 protocol=tcp
add action=drop chain=tcp-viruses comment="TEMan, Weia-Meia" disabled=no \
dst-port=6661 protocol=tcp
add action=drop chain=tcp-viruses comment=\
"Netbus Worm, winSATAN, Dark FTP, Schedule Agent" disabled=no dst-port=\
6666-6667 protocol=tcp
add action=drop chain=tcp-viruses comment="Vampyre, Deep Throat" disabled=no \
dst-port=6669-6671 protocol=tcp
add action=drop chain=tcp-viruses comment="Sub Seven, Backdoor.G" disabled=no \
dst-port=6711-6713 protocol=tcp
add action=drop chain=tcp-viruses comment="Mstream attack-handler" disabled=\
no dst-port=6723 protocol=tcp
add action=drop chain=tcp-viruses comment="Deep Throat" disabled=no dst-port=\
6771 protocol=tcp
add action=drop chain=tcp-viruses comment=\
"Sub Seven, Backdoor.G, W32/Bagle@MM" disabled=no dst-port=6776-6777 \
protocol=tcp
add action=drop chain=tcp-viruses comment=NetSky.U disabled=no dst-port=6789 \
protocol=tcp
add action=drop chain=tcp-viruses comment="Delta source DarkStar" disabled=no \
dst-port=6883 protocol=tcp
add action=drop chain=tcp-viruses comment="Shxt Heap " disabled=no dst-port=\
6912 protocol=tcp
add action=drop chain=tcp-viruses comment=Indoctrination disabled=no \
dst-port=6939 protocol=tcp
add action=drop chain=tcp-viruses comment=\
"More than 3 known worms and trojans use this port" disabled=no dst-port=\
6969 protocol=tcp
add action=drop chain=tcp-viruses comment="Gate Crasher" disabled=no \
dst-port=6970 protocol=tcp
add action=drop chain=tcp-viruses comment="w32.mytob.mx@mm, Remote Grab, explo\
it translation server, kazimas, remote grab" disabled=no dst-port=\
7000-7001 protocol=tcp
add action=drop chain=tcp-viruses comment="Unknown Trojan" disabled=no \
dst-port=7028 protocol=tcp
add action=drop chain=tcp-viruses comment=W32.Spybot.ycl disabled=no \
dst-port=7043 protocol=tcp
add action=drop chain=tcp-viruses comment=SubSeven disabled=no dst-port=7215 \
protocol=tcp
add action=drop chain=tcp-viruses comment="Net Monitor" disabled=no dst-port=\
7300-7308 protocol=tcp
add action=drop chain=tcp-viruses comment=Backdoor.netshadow disabled=no \
dst-port=7329 protocol=tcp
add action=drop chain=tcp-viruses comment=Backdoor.phoenix disabled=no \
dst-port=7410 protocol=tcp
add action=drop chain=tcp-viruses comment="Host Control" disabled=no \
dst-port=7424 protocol=tcp
add action=drop chain=tcp-viruses comment="QaZ -Remote Access Trojan" \
disabled=no dst-port=7597 protocol=tcp
add action=drop chain=tcp-viruses comment=Backdoor.GRM disabled=no dst-port=\
7614 protocol=tcp
add action=drop chain=tcp-viruses comment=Glacier disabled=no dst-port=7626 \
protocol=tcp
add action=drop chain=tcp-viruses comment=backdoor.nodelm disabled=no \
dst-port=7740-7749 protocol=tcp
add action=drop chain=tcp-viruses comment="GodMessaage, Tini" disabled=no \
dst-port=7777 protocol=tcp
add action=drop chain=tcp-viruses comment=ICKiller disabled=no dst-port=7789 \
protocol=tcp
add action=drop chain=tcp-viruses comment=Backdoor.Amitis.B disabled=no \
dst-port=7823 protocol=tcp
add action=drop chain=tcp-viruses comment="The ReVeNgEr" disabled=no \
dst-port=7891 protocol=tcp
add action=drop chain=tcp-viruses comment=W32.kibuv.b disabled=no dst-port=\
7955 protocol=tcp
add action=drop chain=tcp-viruses comment=Mstream disabled=no dst-port=7983 \
protocol=tcp
add action=drop chain=tcp-viruses comment=w32.mytob.lz@mm disabled=no \
dst-port=7999-8000 protocol=tcp
add action=drop chain=tcp-viruses comment=Backdoor.Ptakks.b disabled=no \
dst-port=8012 protocol=tcp
add action=drop chain=tcp-viruses comment="W32.Spybot.pen " disabled=no \
dst-port=8076 protocol=tcp
add action=drop chain=tcp-viruses comment=\
"More than 3 known worms and trojans use this port" disabled=no dst-port=\
8081 protocol=tcp
add action=drop chain=tcp-viruses comment=Backdoor.Asniffer disabled=no \
dst-port=8090 protocol=tcp
add action=drop chain=tcp-viruses comment=W32.PejayBot disabled=no dst-port=\
8126 protocol=tcp
add action=drop chain=tcp-viruses comment="BackOrifice 2000" disabled=no \
dst-port=8787 protocol=tcp
add action=drop chain=tcp-viruses comment=Backdoor.Monator disabled=no \
dst-port=8811 protocol=tcp
add action=drop chain=tcp-viruses comment=Beagle.B@mm disabled=no dst-port=\
8866 protocol=tcp
add action=drop chain=tcp-viruses comment="BackOrifice 2000" disabled=no \
dst-port=8879 protocol=tcp
add action=drop chain=tcp-viruses comment=W32.Axatak disabled=no dst-port=\
8888-8889 protocol=tcp
add action=drop chain=tcp-viruses comment="BackHack - Rcon, Recon, Xcon" \
disabled=no dst-port=8988-8989 protocol=tcp
add action=drop chain=tcp-viruses comment="W32.randex.ccf - netministrator" \
disabled=no dst-port=9000 protocol=tcp
add action=drop chain=tcp-viruses comment=Backdoor.nibu.k disabled=no \
dst-port=9125 protocol=tcp
add action=drop chain=tcp-viruses comment=InCommand disabled=no dst-port=9400 \
protocol=tcp
add action=drop chain=tcp-viruses comment=W32.kibuv.worm disabled=no \
dst-port=9604 protocol=tcp
add action=drop chain=tcp-viruses comment=Backdoor.gholame disabled=no \
dst-port=9696-9697 protocol=tcp
add action=drop chain=tcp-viruses comment="BackDoor.RC3.B, Portal of Doom" \
disabled=no dst-port=9872-9878 protocol=tcp
add action=drop chain=tcp-viruses comment=\
"More than 3 known worms and trojans use this port" disabled=no dst-port=\
9898-10002 protocol=tcp
add action=drop chain=tcp-viruses comment=iNi-Killer disabled=no dst-port=\
9989 protocol=tcp
add action=drop chain=tcp-viruses comment="W.32.Sasser Worm" disabled=no \
dst-port=9996 protocol=tcp
add action=drop chain=tcp-viruses comment="The Prayer" disabled=no dst-port=\
9999 protocol=tcp
add action=drop chain=tcp-viruses comment=OpwinTRojan disabled=no dst-port=\
10000 protocol=tcp
add action=drop chain=tcp-viruses comment=OpwinTRojan disabled=no dst-port=\
10005 protocol=tcp
add action=drop chain=tcp-viruses comment="Cheese worm" disabled=no dst-port=\
10008 protocol=tcp
add action=drop chain=tcp-viruses comment=w32.mytob.jw@mm disabled=no \
dst-port=10027 protocol=tcp
add action=drop chain=tcp-viruses comment="Portal of Doom" disabled=no \
dst-port=10067 protocol=tcp
add action=drop chain=tcp-viruses comment=Mydoom.B disabled=no dst-port=10080 \
protocol=tcp
add action=drop chain=tcp-viruses comment="backdoor.ranky.o, backdoor.staprew,\
backdoor.tuimer, gift trojan, brainspy, silencer" disabled=no dst-port=\
10100-10103 protocol=tcp
add action=drop chain=tcp-viruses comment="Acid Shivers" disabled=no \
dst-port=10520 protocol=tcp
add action=drop chain=tcp-viruses comment=Coma disabled=no dst-port=10607 \
protocol=tcp
[sambungan 4]
Code:
add action=drop chain=tcp-viruses comment=Ambush disabled=no dst-port=10666 \
protocol=tcp
add action=drop chain=tcp-viruses comment="Senna Spy" disabled=no dst-port=\
11000 protocol=tcp
add action=drop chain=tcp-viruses comment="Host Control" disabled=no \
dst-port=11050-11051 protocol=tcp
add action=drop chain=tcp-viruses comment="Progenic Trojan - Secret Agent" \
disabled=no dst-port=11223 protocol=tcp
add action=drop chain=tcp-viruses comment="Dipnet / oddBob Trojan" disabled=\
no dst-port=11768 protocol=tcp
add action=drop chain=tcp-viruses comment="Latinus Server" disabled=no \
dst-port=11831 protocol=tcp
add action=drop chain=tcp-viruses comment=Backdoor.Satancrew disabled=no \
dst-port=12000 protocol=tcp
add action=drop chain=tcp-viruses comment=Backdoor.Berbew.j disabled=no \
dst-port=12065 protocol=tcp
add action=drop chain=tcp-viruses comment=GJamer disabled=no dst-port=12076 \
protocol=tcp
add action=drop chain=tcp-viruses comment="Hack'99, KeyLogger" disabled=no \
dst-port=12223 protocol=tcp
add action=drop chain=tcp-viruses comment="Netbus, Ultor's Trojan" disabled=\
no dst-port=12345-12346 protocol=tcp
add action=drop chain=tcp-viruses comment=Whack-a-Mole disabled=no dst-port=\
12361-12363 protocol=tcp
add action=drop chain=tcp-viruses comment=NetBus disabled=no dst-port=12456 \
protocol=tcp
add action=drop chain=tcp-viruses comment="Whack Job" disabled=no dst-port=\
12631 protocol=tcp
add action=drop chain=tcp-viruses comment="Eclypse 2000" disabled=no \
dst-port=12701 protocol=tcp
add action=drop chain=tcp-viruses comment="Mstream attack-handler" disabled=\
no dst-port=12754 protocol=tcp
add action=drop chain=tcp-viruses comment="Senna Spy" disabled=no dst-port=\
13000 protocol=tcp
add action=drop chain=tcp-viruses comment=Backdoor.Amitis.B disabled=no \
dst-port=13173 protocol=tcp
add action=drop chain=tcp-viruses comment=W32.Sober.D disabled=no dst-port=\
13468 protocol=tcp
add action=drop chain=tcp-viruses comment="Kuang2 the Virus" disabled=no \
dst-port=13700 protocol=tcp
add action=drop chain=tcp-viruses comment=Trojan.Mitglieder.h disabled=no \
dst-port=14247 protocol=tcp
add action=drop chain=tcp-viruses comment="Mstream attack-handler" disabled=\
no dst-port=15104 protocol=tcp
add action=drop chain=tcp-viruses comment="Dipnet / oddBob Trojan" disabled=\
no dst-port=15118 protocol=tcp
add action=drop chain=tcp-viruses comment=Backdoor.Cyn disabled=no dst-port=\
15432 protocol=tcp
add action=drop chain=tcp-viruses comment=Backdoor.Lastdoor disabled=no \
dst-port=16322 protocol=tcp
add action=drop chain=tcp-viruses comment=Mosucker disabled=no dst-port=16484 \
protocol=tcp
add action=drop chain=tcp-viruses comment="Backdoor.Haxdoor.D - Stacheldraht" \
disabled=no dst-port=16660-16661 protocol=tcp
add action=drop chain=tcp-viruses comment=\
"More than 3 known worms and trojans use this port" disabled=no dst-port=\
16959 protocol=tcp
add action=drop chain=tcp-viruses comment="Kuang2.B Trojan" disabled=no \
dst-port=17300 protocol=tcp
add action=drop chain=tcp-viruses comment=W32.Imav.a disabled=no dst-port=\
17940 protocol=tcp
add action=drop chain=tcp-viruses comment=Backdoor.Gaster disabled=no \
dst-port=19937 protocol=tcp
add action=drop chain=tcp-viruses comment="Millennium - AcidkoR" disabled=no \
dst-port=20000-20002 protocol=tcp
add action=drop chain=tcp-viruses comment="NetBus 2 Pro" disabled=no \
dst-port=20034 protocol=tcp
add action=drop chain=tcp-viruses comment=Chupacabra disabled=no dst-port=\
20203 protocol=tcp
add action=drop chain=tcp-viruses comment="Bla Trojan" disabled=no dst-port=\
20331 protocol=tcp
add action=drop chain=tcp-viruses comment="Shaft Client to handlers" \
disabled=no dst-port=20432-20433 protocol=tcp
add action=drop chain=tcp-viruses comment=Trojan.Adnap disabled=no dst-port=\
20480 protocol=tcp
add action=drop chain=tcp-viruses comment=Trojan.Mitglieder.E disabled=no \
dst-port=20742 protocol=tcp
add action=drop chain=tcp-viruses comment=W32.dasher.b disabled=no dst-port=\
21211 protocol=tcp
add action=drop chain=tcp-viruses comment=\
"Exploiter - Kid Terror - Schwndler - Winsp00fer" disabled=no dst-port=\
21554 protocol=tcp
add action=drop chain=tcp-viruses comment=\
"Prosiak - Ruler - Donald Dick - RUX The TIc.K" disabled=no dst-port=\
22222 protocol=tcp
add action=drop chain=tcp-viruses comment=Backdoor.Simali disabled=no \
dst-port=22311 protocol=tcp
add action=drop chain=tcp-viruses comment=Backdoor-ADM disabled=no dst-port=\
22784 protocol=tcp
add action=drop chain=tcp-viruses comment=W32.hllw.nettrash disabled=no \
dst-port=23005-23006 protocol=tcp
add action=drop chain=tcp-viruses comment=backdoor.berbew.j disabled=no \
dst-port=23232 protocol=tcp
add action=drop chain=tcp-viruses comment=Trojan.Framar disabled=no dst-port=\
23435 protocol=tcp
add action=drop chain=tcp-viruses comment="Donald Dick" disabled=no dst-port=\
23476-23477 protocol=tcp
add action=drop chain=tcp-viruses comment=w32.mytob.km@mm disabled=no \
dst-port=23523 protocol=tcp
add action=drop chain=tcp-viruses comment="Delta Source" disabled=no \
dst-port=26274 protocol=tcp
add action=drop chain=tcp-viruses comment=Backdoor.optix.04 disabled=no \
dst-port=27379 protocol=tcp
add action=drop chain=tcp-viruses comment="Sub-7 2.1" disabled=no dst-port=\
27573 protocol=tcp
add action=drop chain=tcp-viruses comment="Trin00 DoS Attack" disabled=no \
dst-port=27665 protocol=tcp
add action=drop chain=tcp-viruses comment=Backdoor.Sdbot.ai disabled=no \
dst-port=29147 protocol=tcp
add action=drop chain=tcp-viruses comment=Backdoor.NTHack disabled=no \
dst-port=29292 protocol=tcp
add action=drop chain=tcp-viruses comment="Latinus Server" disabled=no \
dst-port=29559 protocol=tcp
add action=drop chain=tcp-viruses comment="The Unexplained" disabled=no \
dst-port=29891 protocol=tcp
add action=drop chain=tcp-viruses comment=Backdoor.Antilam.20 disabled=no \
dst-port=29999 protocol=tcp
add action=drop chain=tcp-viruses comment="AOL Trojan" disabled=no dst-port=\
30029 protocol=tcp
add action=drop chain=tcp-viruses comment=NetSphere disabled=no dst-port=\
30100-30103 protocol=tcp
add action=drop chain=tcp-viruses comment="NetSphere Final" disabled=no \
dst-port=30133 protocol=tcp
add action=drop chain=tcp-viruses comment="Sockets de Troi" disabled=no \
dst-port=30303 protocol=tcp
add action=drop chain=tcp-viruses comment=Kuang2 disabled=no dst-port=30999 \
protocol=tcp
add action=drop chain=tcp-viruses comment=\
"More than 3 known worms and trojans use this port" disabled=no dst-port=\
31335-31339 protocol=tcp
add action=drop chain=tcp-viruses comment=BOWhack disabled=no dst-port=31666 \
protocol=tcp
add action=drop chain=tcp-viruses comment="Hack'a'Tack" disabled=no dst-port=\
31785-31792 protocol=tcp
add action=drop chain=tcp-viruses comment=backdoor.berbew.j disabled=no \
dst-port=32121 protocol=tcp
add action=drop chain=tcp-viruses comment="Acid Battery" disabled=no \
dst-port=32418 protocol=tcp
add action=drop chain=tcp-viruses comment=Backdoor.Alets.B disabled=no \
dst-port=32440 protocol=tcp
add action=drop chain=tcp-viruses comment="Trinity Trojan" disabled=no \
dst-port=33270 protocol=tcp
add action=drop chain=tcp-viruses comment=trojan.lodeight.b disabled=no \
dst-port=33322 protocol=tcp
add action=drop chain=tcp-viruses comment=Prosiak disabled=no dst-port=33333 \
protocol=tcp
add action=drop chain=tcp-viruses comment="Spirit 2001 a" disabled=no \
dst-port=33911 protocol=tcp
add action=drop chain=tcp-viruses comment="BigGluck, TN" disabled=no \
dst-port=34324 protocol=tcp
add action=drop chain=tcp-viruses comment=Backdoor.Lifefournow disabled=no \
dst-port=36183 protocol=tcp
add action=drop chain=tcp-viruses comment="Yet Another Trojan" disabled=no \
dst-port=37651 protocol=tcp
add action=drop chain=tcp-viruses comment=\
"More than 3 known worms and trojans use this port" disabled=no dst-port=\
39999 protocol=tcp
add action=drop chain=tcp-viruses comment="The Spy" disabled=no dst-port=\
40412 protocol=tcp
add action=drop chain=tcp-viruses comment="Agent 40421 - Masters Paradise" \
disabled=no dst-port=40421-40426 protocol=tcp
add action=drop chain=tcp-viruses comment="Master's Paradise" disabled=no \
dst-port=43210 protocol=tcp
add action=drop chain=tcp-viruses comment=Backdoor.Amitis.B disabled=no \
dst-port=44280 protocol=tcp
add action=drop chain=tcp-viruses comment=Backdoor.Amitis.B disabled=no \
dst-port=44390 protocol=tcp
add action=drop chain=tcp-viruses comment="Delta Source" disabled=no \
dst-port=47252 protocol=tcp
add action=drop chain=tcp-viruses comment=Backdoor.Amitis.B disabled=no \
dst-port=47387 protocol=tcp
add action=drop chain=tcp-viruses comment=Backdoor.antilam.20 disabled=no \
dst-port=47891 protocol=tcp
add action=drop chain=tcp-viruses comment="Sokets de Trois v2." disabled=no \
dst-port=50505 protocol=tcp
add action=drop chain=tcp-viruses comment=Fore disabled=no dst-port=50776 \
protocol=tcp
add action=drop chain=tcp-viruses comment=Backdoor.Cyn disabled=no dst-port=\
51234 protocol=tcp
add action=drop chain=tcp-viruses comment=W32.kalel.a@mm disabled=no \
dst-port=51435 protocol=tcp
add action=drop chain=tcp-viruses comment="Remote Windows Shutdown" disabled=\
no dst-port=53001 protocol=tcp
add action=drop chain=tcp-viruses comment="subSeven -Subseven 2.1 Gold" \
disabled=no dst-port=54283 protocol=tcp
add action=drop chain=tcp-viruses comment=\
"More than 3 known worms and trojans use this port " disabled=no \
dst-port=54320-54321 protocol=tcp
add action=drop chain=tcp-viruses comment=\
"WM Trojan Generator - File manager Trojan" disabled=no dst-port=\
55165-55166 protocol=tcp
add action=drop chain=tcp-viruses comment=Backdoor.Osirdoor disabled=no \
dst-port=56565 protocol=tcp
add action=drop chain=tcp-viruses comment="NetRaider Trojan" disabled=no \
dst-port=57341 protocol=tcp
add action=drop chain=tcp-viruses comment=BackDoor.Tron disabled=no dst-port=\
58008-58009 protocol=tcp
add action=drop chain=tcp-viruses comment="Butt Funnel" disabled=no dst-port=\
58339 protocol=tcp
add action=drop chain=tcp-viruses comment=BackDoor.Redkod disabled=no \
dst-port=58666 protocol=tcp
add action=drop chain=tcp-viruses comment=BackDoor.DuckToy disabled=no \
dst-port=59211 protocol=tcp
add action=drop chain=tcp-viruses comment="Deep Throat" disabled=no dst-port=\
60000 protocol=tcp
add action=drop chain=tcp-viruses comment=Trinity disabled=no dst-port=60001 \
protocol=tcp
add action=drop chain=tcp-viruses comment=Trojan.Fulamer.25 disabled=no \
dst-port=60006 protocol=tcp
add action=drop chain=tcp-viruses comment="Xzip 6000068" disabled=no \
dst-port=60068 protocol=tcp
add action=drop chain=tcp-viruses comment=Connection disabled=no dst-port=\
60411 protocol=tcp
add action=drop chain=tcp-viruses comment=Backdoor.mite disabled=no dst-port=\
61000 protocol=tcp
add action=drop chain=tcp-viruses comment="Bunker-Hill Trojan" disabled=no \
dst-port=61348 protocol=tcp
add action=drop chain=tcp-viruses comment=Telecommando disabled=no dst-port=\
61466 protocol=tcp
add action=drop chain=tcp-viruses comment="Bunker-Hill Trojan" disabled=no \
dst-port=61603 protocol=tcp
add action=drop chain=tcp-viruses comment="Bunker-Hill Trojan" disabled=no \
dst-port=63485 protocol=tcp
add action=drop chain=tcp-viruses comment="Phatbot, W32.hllw.gaobot.dk" \
disabled=no dst-port=63808-63809 protocol=tcp
add action=drop chain=tcp-viruses comment=Taskmin disabled=no dst-port=64101 \
protocol=tcp
add action=drop chain=tcp-viruses comment=Backdoor.Amitis.B disabled=no \
dst-port=64429 protocol=tcp
add action=drop chain=tcp-viruses comment=\
"More than 3 known worms and trojans use this port" disabled=no dst-port=\
65000 protocol=tcp
add action=drop chain=tcp-viruses comment=Eclypse disabled=no dst-port=65390 \
protocol=tcp
add action=drop chain=tcp-viruses comment=Jade disabled=no dst-port=65421 \
protocol=tcp
add action=drop chain=tcp-viruses comment="The Traitor (th3tr41t0r)" \
disabled=no dst-port=65432 protocol=tcp
add action=drop chain=tcp-viruses comment=Phatbot disabled=no dst-port=65506 \
protocol=tcp
add action=drop chain=tcp-viruses comment=/sbin/init disabled=no dst-port=\
65534 protocol=tcp
add action=drop chain=tcp-viruses comment="Adore Worm/Linux - RC1 Trojan" \
disabled=no dst-port=65535 protocol=tcp
add action=drop chain=tcp-viruses comment=Cafeini disabled=no dst-port=51966 \
protocol=tcp
add action=drop chain=tcp-viruses comment="Acid baterry 2000" disabled=no \
dst-port=52317 protocol=tcp
[sambungan 5]
Code:
add action=drop chain=tcp-viruses comment=Enterprise disabled=no dst-port=\
50130 protocol=tcp
add action=drop chain=tcp-viruses comment="Online Keylogger" disabled=no \
dst-port=49301 protocol=tcp
add action=drop chain=tcp-viruses comment=Exploiter disabled=no dst-port=\
44575 protocol=tcp
add action=drop chain=tcp-viruses comment=Prosiak disabled=no dst-port=44444 \
protocol=tcp
add action=drop chain=tcp-viruses comment="Remote Boot Tool - RBT" disabled=\
no dst-port=41666 protocol=tcp
add action=drop chain=tcp-viruses comment=Storm disabled=no dst-port=41337 \
protocol=tcp
add action=drop chain=tcp-viruses comment=Mantis disabled=no dst-port=37237 \
protocol=tcp
add action=drop chain=tcp-viruses comment="Donald Dick" disabled=no dst-port=\
34444 protocol=tcp
add action=drop chain=tcp-viruses comment="Son of PsychWard" disabled=no \
dst-port=33577 protocol=tcp
add action=drop chain=tcp-viruses comment="Son of PsychWard" disabled=no \
dst-port=33777 protocol=tcp
add action=drop chain=tcp-viruses comment="Peanut Brittle, Project Next" \
disabled=no dst-port=32100 protocol=tcp
add action=drop chain=tcp-viruses comment="Donald Dick" disabled=no dst-port=\
32001 protocol=tcp
add action=drop chain=tcp-viruses comment="Hack'a'Tack" disabled=no dst-port=\
31785 protocol=tcp
add action=drop chain=tcp-viruses comment=Intruse disabled=no dst-port=30947 \
protocol=tcp
add action=drop chain=tcp-viruses comment="Lamers Death" disabled=no \
dst-port=30003 protocol=tcp
add action=drop chain=tcp-viruses comment="Infector - ErrOr32" disabled=no \
dst-port=30000-30001 protocol=tcp
add action=drop chain=tcp-viruses comment=ovasOn disabled=no dst-port=29369 \
protocol=tcp
add action=drop chain=tcp-viruses comment=NetTrojan disabled=no dst-port=\
29104 protocol=tcp
add action=drop chain=tcp-viruses comment=Exploiter disabled=no dst-port=\
28678 protocol=tcp
add action=drop chain=tcp-viruses comment="Bad Blood - Ramen - Seeker - SubSev\
en - SubSeven 2.1 Gold - Subseven 2.14 DefCon8 - SubSeven Muie - Ttfloader\
" disabled=no dst-port=27374 protocol=tcp
add action=drop chain=tcp-viruses comment=VoiceSpy disabled=no dst-port=26681 \
protocol=tcp
add action=drop chain=tcp-viruses comment=Moonpie disabled=no dst-port=25982 \
protocol=tcp
add action=drop chain=tcp-viruses comment=Moonpie disabled=no dst-port=\
25685-25686 protocol=tcp
add action=drop chain=tcp-viruses comment=Infector disabled=no dst-port=24000 \
protocol=tcp
add action=drop chain=tcp-viruses comment=InetSpy disabled=no dst-port=23777 \
protocol=tcp
add action=drop chain=tcp-viruses comment="Evil FTP - Ugly FTP - Whack Job" \
disabled=no dst-port=23456 protocol=tcp
add action=drop chain=tcp-viruses comment=Asylum disabled=no dst-port=23432 \
protocol=tcp
add action=drop chain=tcp-viruses comment=Amanda disabled=no dst-port=23032 \
protocol=tcp
add action=drop chain=tcp-viruses comment=Logged disabled=no dst-port=23232 \
protocol=tcp
add action=drop chain=tcp-viruses comment="Girl friend - Kid Error" disabled=\
no dst-port=21544 protocol=tcp
add action=drop chain=tcp-viruses comment="VP killer" disabled=no dst-port=\
20023 protocol=tcp
add action=drop chain=tcp-viruses comment=Mosucker disabled=no dst-port=20005 \
protocol=tcp
add action=drop chain=tcp-viruses comment="ICQ Revenge" disabled=no dst-port=\
19864 protocol=tcp
add action=drop chain=tcp-viruses comment=Nephron disabled=no dst-port=17777 \
protocol=tcp
add action=drop chain=tcp-viruses comment=Audiodoor disabled=no dst-port=\
17593 protocol=tcp
add action=drop chain=tcp-viruses comment=Infector disabled=no dst-port=17569 \
protocol=tcp
add action=drop chain=tcp-viruses comment=CrazzyNet disabled=no dst-port=\
17499-17500 protocol=tcp
add action=drop chain=tcp-viruses comment=KidTerror disabled=no dst-port=\
17449 protocol=tcp
add action=drop chain=tcp-viruses comment=Mosaic disabled=no dst-port=17166 \
protocol=tcp
add action=drop chain=tcp-viruses comment=Priority disabled=no dst-port=16969 \
protocol=tcp
add action=drop chain=tcp-viruses comment="ICQ Revenge" disabled=no dst-port=\
16772 protocol=tcp
add action=drop chain=tcp-viruses comment=CDK disabled=no dst-port=15858 \
protocol=tcp
add action=drop chain=tcp-viruses comment=SubZero disabled=no dst-port=15382 \
protocol=tcp
add action=drop chain=tcp-viruses comment="Host Control" disabled=no \
dst-port=15092 protocol=tcp
add action=drop chain=tcp-viruses comment=NetDemon disabled=no dst-port=15000 \
protocol=tcp
add action=drop chain=tcp-viruses comment="PC Invader" disabled=no dst-port=\
14500-14503 protocol=tcp
add action=drop chain=tcp-viruses comment=Chupacabra disabled=no dst-port=\
13473 protocol=tcp
add action=drop chain=tcp-viruses comment="Hack '99 KeyLogger" disabled=no \
dst-port=13223 protocol=tcp
add action=drop chain=tcp-viruses comment=PsychWard disabled=no dst-port=\
13013-13014 protocol=tcp
add action=drop chain=tcp-viruses comment="Hacker Brasil - HBR" disabled=no \
dst-port=13010 protocol=tcp
add action=drop chain=tcp-viruses comment=Buttman disabled=no dst-port=12624 \
protocol=tcp
add action=drop chain=tcp-viruses comment=BioNet disabled=no dst-port=12349 \
protocol=tcp
add action=drop chain=tcp-viruses comment="Host Control" disabled=no \
dst-port=10528 protocol=tcp
add action=drop chain=tcp-viruses comment=Syphilis disabled=no dst-port=\
10085-10086 protocol=tcp
add action=drop chain=tcp-viruses comment=\
"Brown Orifice - RemoConChubo - Reverse WWW Tunnel Backdoor - RingZero" \
disabled=no dst-port=8080 protocol=tcp
add action=drop chain=tcp-viruses comment=DigitalRootbeer disabled=no \
dst-port=2600 protocol=tcp
add action=drop chain=tcp-viruses comment="Doly Trojan" disabled=no dst-port=\
2345 protocol=tcp
add action=return chain=tcp-viruses comment="Back to previous menu" disabled=\
no
Code:
add action=drop chain=udp-viruses comment="Socks Des Troie, Death" disabled=\
no dst-port=1 protocol=udp
add action=drop chain=udp-viruses comment="Netbios - DoS attacks msinit" \
disabled=no dst-port=135-139 protocol=udp
add action=drop chain=udp-viruses comment=Infector disabled=no dst-port=146 \
protocol=udp
add action=drop chain=udp-viruses comment="N0kN0k Trojan" disabled=no \
dst-port=666 protocol=udp
add action=drop chain=udp-viruses comment=\
"Maverick's Matrix 1.2-2.0 - remote storm" disabled=no dst-port=1025 \
protocol=udp
add action=drop chain=udp-viruses comment=NoBackO disabled=no dst-port=\
1200-1201 protocol=udp
add action=drop chain=udp-viruses comment="BackOrifice DLL Comm" disabled=no \
dst-port=1349 protocol=udp
add action=drop chain=udp-viruses comment="FunkProxy " disabled=no dst-port=\
1505 protocol=udp
add action=drop chain=udp-viruses comment="ICA Browser" disabled=no dst-port=\
1604 protocol=udp
add action=drop chain=udp-viruses comment=BackDoor.Fearic disabled=no \
dst-port=2000 protocol=udp
add action=drop chain=udp-viruses comment="Mini Backlash" disabled=no \
dst-port=2130 protocol=udp
add action=drop chain=udp-viruses comment="Deep Throat" disabled=no dst-port=\
2140 protocol=udp
add action=drop chain=udp-viruses comment=BackDoor.Botex disabled=no \
dst-port=2222 protocol=udp
add action=drop chain=udp-viruses comment=voicespy disabled=no dst-port=2339 \
protocol=udp
add action=drop chain=udp-viruses comment=Rat disabled=no dst-port=2989 \
protocol=udp
add action=drop chain=udp-viruses comment=\
"Deep Throat - Foreplay - Mini Backflash" disabled=no dst-port=3150 \
protocol=udp
add action=drop chain=udp-viruses comment=Backdoor.Fearic disabled=no \
dst-port=3456 protocol=udp
add action=drop chain=udp-viruses comment=Eclypse disabled=no dst-port=3801 \
protocol=udp
add action=drop chain=udp-viruses comment="WityWorm - BlackICE/ISS" disabled=\
no dst-port=4000 protocol=udp
add action=drop chain=udp-viruses comment="Remote Shell Trojan" disabled=no \
dst-port=5503 protocol=udp
add action=drop chain=udp-viruses comment="Y3K RAT" disabled=no dst-port=5882 \
protocol=udp
add action=drop chain=udp-viruses comment="Y3K RAT" disabled=no dst-port=5888 \
protocol=udp
add action=drop chain=udp-viruses comment="Mstream Agent-handler" disabled=no \
dst-port=6838 protocol=udp
add action=drop chain=udp-viruses comment="Unknown Trojan" disabled=no \
dst-port=7028 protocol=udp
add action=drop chain=udp-viruses comment="Host Control" disabled=no \
dst-port=7424 protocol=udp
add action=drop chain=udp-viruses comment="MStream handler-agent" disabled=no \
dst-port=7983 protocol=udp
add action=drop chain=udp-viruses comment="BackOrifice 2000" disabled=no \
dst-port=8787 protocol=udp
add action=drop chain=udp-viruses comment="BackOrifice 2000" disabled=no \
dst-port=8879 protocol=udp
add action=drop chain=udp-viruses comment="MStream Agent-handler" disabled=no \
dst-port=9325 protocol=udp
add action=drop chain=udp-viruses comment="Portal of Doom" disabled=no \
dst-port=10067 protocol=udp
add action=drop chain=udp-viruses comment="Portal of Doom" disabled=no \
dst-port=10167 protocol=udp
add action=drop chain=udp-viruses comment="Mstream handler-agent" disabled=no \
dst-port=10498 protocol=udp
add action=drop chain=udp-viruses comment=Ambush disabled=no dst-port=10666 \
protocol=udp
add action=drop chain=udp-viruses comment="DUN Control" disabled=no dst-port=\
12623 protocol=udp
add action=drop chain=udp-viruses comment="Shaft handler to Agent" disabled=\
no dst-port=18753 protocol=udp
add action=drop chain=udp-viruses comment="Shaft handler to Agent" disabled=\
no dst-port=20433 protocol=udp
add action=drop chain=udp-viruses comment=GirlFriend disabled=no dst-port=\
21554 protocol=udp
add action=drop chain=udp-viruses comment="Donald Dick" disabled=no dst-port=\
23476 protocol=udp
add action=drop chain=udp-viruses comment="Delta Source" disabled=no \
dst-port=26274 protocol=udp
add action=drop chain=udp-viruses comment="Sub-7 2.1" disabled=no dst-port=\
27374 protocol=udp
add action=drop chain=udp-viruses comment=Trin00/TFN2K disabled=no dst-port=\
27444 protocol=udp
add action=drop chain=udp-viruses comment="Sub-7 2.1" disabled=no dst-port=\
27573 protocol=udp
add action=drop chain=udp-viruses comment=NetSphere disabled=no dst-port=\
30103 protocol=udp
add action=drop chain=udp-viruses comment=\
"More than 3 known worms and trojans use this port" disabled=no dst-port=\
31335-31338 protocol=udp
add action=drop chain=udp-viruses comment="Hack`a'Tack" disabled=no dst-port=\
31787-31791 protocol=udp
add action=drop chain=udp-viruses comment="Trin00 for windows" disabled=no \
dst-port=34555 protocol=udp
add action=drop chain=udp-viruses comment="Trin00 for windows" disabled=no \
dst-port=35555 protocol=udp
add action=drop chain=udp-viruses comment="Delta Source" disabled=no \
dst-port=47262 protocol=udp
add action=drop chain=udp-viruses comment="OnLine keyLogger" disabled=no \
dst-port=49301 protocol=udp
add action=drop chain=udp-viruses comment="Back Orifice" disabled=no \
dst-port=54320-54321 protocol=udp
add action=drop chain=udp-viruses comment="NetRaider Trojan" disabled=no \
dst-port=57341 protocol=udp
add action=drop chain=udp-viruses comment="The Traitor - th3tr41t0r" \
disabled=no dst-port=65432 protocol=udp
add action=return chain=udp-viruses comment="Back to previous menu" disabled=\
no
Code:
add action=jump chain=forward comment="PREVENT VIRUS COME FROM LOCAL NETWORK" \
disabled=no in-interface=ether-local jump-target=viruses
add action=jump chain=forward comment=\
"PREVENT VIRUS COME FROM PUBLIC INTERNET NETWORK" disabled=no \
in-interface=ether-public jump-target=viruses
add action=jump chain=input comment="PREVENT VIRUS COME FROM LAN" disabled=no \
in-interface=ether-local jump-target=viruses
add action=jump chain=input comment="PREVENT VIRUS COME FROM PUBLIC INTERNET" \
disabled=no in-interface=ether-public jump-target=viruses
add action=jump chain=viruses comment="Jump to handle virus from TCP port" \
disabled=no jump-target=tcp-viruses protocol=tcp
add action=jump chain=viruses comment="Jump to handle virus from UDP port" \
disabled=no jump-target=udp-viruses protocol=udp
add action=return chain=viruses comment="Back to previous rules" disabled=no
Kurang lebihnya mohon maaf dan semoga bermanfaat.
kalau ada yang butuh .rsc nya .. japri aja ya..
Wassalam...
http://www.forummikrotik.com/firewall/3044-handle-virus-trojan-port-mikrotik.html
0 komentar:
Posting Komentar