Bypass traceroute traffic

Pada mesin modern, aplikasi traceroute biasa mempergunakan protokol UDP dari pada ICMP.

Oleh karena itu bila admin sudah membaypass icmp, maka yang di dapat ping time akan stabil pada saat utilitas traffic full.

Tapi pada saat kondisi yang sama bila dilakukan traceroute, hasilnya berbeda signifikan.

Setelah menganalisa paket traceroute dengan tcpdump dan panduan dari wiki, didapat pada saat aktifitas traceroute berjalan, dia membuka sesi udp menuju port 33434 incremental pada setiap hop yang dilalui.
Read more »

Burst for each TCP connection

Diambil dari http://forum.mikrotik.com/viewtopic.php?t=12870

This is little how-to create manual burst using queue tree.

As it is bandwidth control using queue tree first we need to mangle traffic

first i mangle all connections, then i mark first 2Mbytes then i mark the rest of packets

/ip firewall mangle add chain=forward protocol=tcp \
action=mark-connection \
new-connection-mark=new_conn passthrough=yes \
comment="mark all new connections" disabled=no

/ip firewall mangle add chain=forward protocol=tcp  \
connection-mark=new_conn \
connection-bytes=0-2000000 action=mark-packet \
new-packet-mark=new_packet passthrough=no \
comment="mark packets" disabled=no

/ip firewall mangle add chain=forward protocol=tcp \
connection-mark=new_conn action=mark-packet \
new-packet-mark=old_packets passthrough=no \
comment="marking old packets" disabled=no

Read more »

How to stop (smtp) viruses !!

Diambil dari http://forum.mikrotik.com/viewtopic.php?t=11474

Hi, i created these 2 simple rules for firewall forward and this work very fine…… do not say it to anybody ;) :D

2 ;;; BLOCK SPAMMERS OR INFECTED USERS
chain=forward protocol=tcp dst-port=25 \
src-address-list=spammer action=drop

3 ;;; Detect and add-list SMTP virus or spammers
chain=forward protocol=tcp dst-port=25 connection-limit=30,32 \
limit=50,5 src-address-list=!spammer action=add-src-to-address-list \
address-list=spammer address-list-timeout=1d

When detect an infected user with a worm or doing spamming this rule add this user to a spammer list and block the SMTP outgoing for 1 day ;)

Regards!
Alessio

How to convert a MT box in an Anti Spam server with v2.9

Diambil dari http://forum.mikrotik.com/viewtopic.php?t=15721

Hi there, for months I have the idea how to transform one Mikrotik OS in an Anti Spam server. After more than 20 days applying few scripts, firewall rules and address list, I have achieved reduce from 45.000 mails per day to only 11.000/12.000 without many complaints from my customers.

Before continuing, some details about this:

Yes, I know that exists others solutions.
Yes, I know with Linux can obtain the same results.
Yes, I know that it seems a crazy solution.
Yes, I know (in the practice) that this solutions generate a moderate cpu usage. I have a Pentium IV with 75% of cpu usage (this can change with new features from MT… see scripts explanation) and we are a little ISP.
Yes, yes, yes…
but
I use MT from six years ago (when John Tully & Arnis Riekstins answered the company mails themselves) and always I try to resolve any networking necessity whit MT.
I had the trust that can resolve this whit MT.
and after thinking about this, I can’t never sleep all night from many days, so, for my health and wife I made it !!!

Read more »

Bypass icmp via htb.init

Kalau pakai script htb.init biasa kita bisa membaypass icmp supaya ping time kecil.

Selama ini saya berpikir untuk membaypass harus pakai teknik mangle di firewall.

Ternyata hal itu tidak sepenuhnya benar.

Setelah di ajari oleh master-nya noc isp di semarang baru tahu saya, kalau itu bisa tanpa mangle.

Procedurenya :

buka file htb.init di /var/cache

tambahkan baris ini di bawah baris

/sbin/tc qdisc del dev eth0 root
/sbin/tc qdisc add dev eth0 root handle 1 htb default 0 r2q 100

/sbin/tc qdisc del dev eth1 root
/sbin/tc qdisc add dev eth1 root handle 1 htb default 0 r2q 100
/sbin/tc class add dev eth0 parent 1: classid 1:2 htb rate 128kbit
/sbin/tc class add dev eth1 parent 1: classid 1:2 htb rate 128kbit
/sbin/tc filter add dev eth0 parent 1: protocol ip prio 1 u32 match ip protocol 1 0xff flowid 1:2
/sbin/tc filter add dev eth1 parent 1: protocol ip prio 1 u32 match ip protocol 1 0xff flowid 1:2

How to prevent NATed access

Sesuai dengan judul diatas,
inti dari kasus ini adalah penyedia jasa tidak ingin BW yang diberikan kepada user di sharing lagi mempergunakan nat-router.

Ilmu baru buat saya, dengan memberikan TTL=1 ?, mmmm aneh sekali.
Read more »