Melindungi mikrotik dari serangan DDOS...


ketik perintah...
================================================== ====
[cHan@MutMicrotik] /ip firewall filter> print
Flags: X - disabled, I - invalid, D - dynamic
[cHan@MutMicrotik] /ip firewall filter> add chain=input protocol=icmp action=
drop
[cHan@MutMicrotik] /ip firewall filter> print
Flags: X - disabled, I - invalid, D - dynamic
0 chain=input action=drop protocol=icmp
================================================== ====
Nah saya tambahkan lagi...
biasanya attacker mencari IP yang sesungguhnya...
IP Publicnya sudah kita sembunyikan dengan settingan NAT...

dan sekarang matikan semua service yang terbuka :
================================================== =====
[cHan@MutMicrotik] /ip service> set telnet disabled=yes
[cHan@MutMicrotik] /ip service> set ftp disabled=yes
[cHan@MutMicrotik] /ip service> set www disabled=yes
[cHan@MutMicrotik] /ip service> print
Flags: X - disabled, I - invalid
# NAME PORT ADDRESS CERTIFICATE
0 X telnet 23 0.0.0.0/0
1 X ftp 21 0.0.0.0/0
2 X www 80 0.0.0.0/0
3 X www-ssl 443 0.0.0.0/0 none
4 X api 8728 0.0.0.0/0
5 winbox 8291 0.0.0.0/0
================================================== ======
Lihatlah sekarang saya akan mencoba untuk melakukan ping ke server server :
================================================== ======
:\Users\cHaN>ping 192.168.0.2

Pinging 192.168.0.2 with 32 bytes of data:

Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 192.168.0.2:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
================================================== =======
padahal server saya nyala dan web bisa tetap jalan lho....

Semoga server anda terlindungi dari ddos...

Semoga bermanfaat ...iss:

Recent Posts

comments powered by Disqus