MikroTik : Scrip Drop Virus Conficker dll – protecting your customers


button_cr.png

/ip firewall filter
add chain=forward connection-state=established comment=”allow established connections”
add chain=forward connection-state=related comment=”allow related connections”
add chain=forward connection-state=invalid action=drop comment=”drop invalid connections”
add chain=forward action=jump jump-target=virus comment=”jump to the virus chain”
add chain=forward action=accept protocol=tcp dst-port=80 comment=”Allow HTTP”
add chain=forward action=accept protocol=tcp dst-port=25 comment=”Allow SMTP”
add chain=virus protocol=tcp dst-port=135-139 action=drop comment=”Drop Blaster Worm”
add chain=virus protocol=udp dst-port=135-139 action=drop comment=”Drop Messenger Worm”
add chain=virus protocol=tcp dst-port=445 action=drop comment=”Drop Blaster Worm”
add chain=virus protocol=udp dst-port=445 action=drop comment=”Drop Blaster Worm”
add chain=virus protocol=tcp dst-port=593 action=drop comment=”________”
add chain=virus protocol=tcp dst-port=1024-1030 action=drop comment=”________”
add chain=virus protocol=tcp dst-port=1080 action=drop comment=”Drop MyDoom”
add chain=virus protocol=tcp dst-port=1214 action=drop comment=”___kendari-undergorund_____”
add chain=virus protocol=tcp dst-port=1363 action=drop comment=”ndm requester”
add chain=virus protocol=tcp dst-port=1364 action=drop comment=”ndm server”
add chain=virus protocol=tcp dst-port=1368 action=drop comment=”screen cast”
add chain=virus protocol=tcp dst-port=1373 action=drop comment=”hromgrafx”
add chain=virus protocol=tcp dst-port=1377 action=drop comment=”cichlid”
add chain=virus protocol=tcp dst-port=1433-1434 action=drop comment=”Worm”
add chain=virus protocol=tcp dst-port=2745 action=drop comment=”Bagle Virus”
add chain=virus protocol=tcp dst-port=2283 action=drop comment=”Drop Dumaru.Y”
add chain=virus protocol=tcp dst-port=2535 action=drop comment=”Drop Beagle”
add chain=virus protocol=tcp dst-port=2745 action=drop comment=”Drop Beagle.C-K”
add chain=virus protocol=tcp dst-port=3127-3128 action=drop comment=”Drop MyDoom”
add chain=virus protocol=tcp dst-port=3410 action=drop comment=”Drop Backdoor OptixPro”
add chain=virus protocol=tcp dst-port=4444 action=drop comment=”Worm”
add chain=virus protocol=udp dst-port=4444 action=drop comment=”Worm”
add chain=virus protocol=tcp dst-port=5554 action=drop comment=”Drop Sasser”
add chain=virus protocol=tcp dst-port=8866 action=drop comment=”Drop Beagle.B”
add chain=virus protocol=tcp dst-port=9898 action=drop comment=”Drop Dabber.A-B”
add chain=virus protocol=tcp dst-port=10000 action=drop comment=”Drop Dumaru.Y”
add chain=virus protocol=tcp dst-port=10080 action=drop comment=”Drop MyDoom.B”
add chain=virus protocol=tcp dst-port=12345 action=drop comment=”Drop NetBus”
add chain=virus protocol=tcp dst-port=17300 action=drop comment=”Drop Kuang2″
add chain=virus protocol=tcp dst-port=27374 action=drop comment=”Drop SubSeven”
add chain=virus protocol=tcp dst-port=65506 action=drop comment=”Drop PhatBot, Agobot, Gaobot”

tambahan
add chain=virus protocol=tcp dst-port=6776 action=drop comment=”2000 Cracks”
add chain=virus protocol=tcp dst-port=32418 action=drop comment=”Acid Battery”
add chain=virus protocol=tcp dst-port=2000 action=drop comment=”Acid Battery”
add chain=virus protocol=tcp dst-port=52317 action=drop comment=”Acid Battery”
add chain=virus protocol=tcp dst-port=10520 action=drop comment=”Acid Shivers”
add chain=virus protocol=tcp dst-port=31 action=drop comment=”Agent”
add chain=virus protocol=tcp dst-port=40421 action=drop comment=”Agent”
add chain=virus protocol=tcp dst-port=777 action=drop comment=”Aim Spy”
add chain=virus protocol=tcp dst-port=25 action=drop comment=”Ajan&AntiGen”
add chain=virus protocol=udp dst-port=10666 action=drop comment=”Ambush”
add chain=virus protocol=tcp dst-port=30029 action=drop comment=”AOL Trojan”

patut disimak
Attack FTP 666 TCP

Back Construction 666/5400/5401 TCP
Back Door Setup 5000/5001/7789 TCP
Back Orifice 31337/31338 UDP
Back Orifice 2000 8787/54320/54321 TCP
Back Orifice DLL 1349 UDP
BackDoor 1999 TCP
BackDoor-G 1243/6776 TCP

BackDoor-QE 10452 TCP
BackDoor-QO 3332 TCP
BackDoor-QR 12973/12975 TCP
BackFire 31337 UDP
Baron Night 31337 TCP
Big Gluck (TN) 34324 TCP
BioNet 12349 TCP
Bla 1042/20331 TCP
Black Construction 21 TCP

Blade Runner 21/5400-5402 TCP
BO client 31337 TCP
BO Facil 5556/5557/31337 TCP
Bo Wack 31336 TCP
BoBo 4321 TCP
BOWhack 31666 TCP
BrainSpy 10101 TCP
Bubbel 5000 TCP
BugBear 36794 TCP
Bugs 2115 TCP

Bunker-Hill 61348/61603/63485 TCP
Cain e Abel 666 TCP
Chargen 9 UDP
Chupacabra 20203 TCP
Coma 10607 TCP
Cyber Attacker 9876 TCP
Dark Shadow 911 TCP
Death 2 TCP
Deep Back Orifice 31338 UDP
Deep Throat 41/2140/3150/6771 TCP

Deep Throat v2 2140/3150/6670/6711/60000 TCP
Deep Throat v3 6674 TCP
DeepBO 31337 UDP
DeepThroat 999 TCP
Delta Source 26274 UDP
Delta Source 47262 UDP
Der Spacher 3 1000/1001/2000/2001 TCP
Devil 65000 TCP

Digital RootBeer 2600 TCP
DMsetup 58/59 TCP
DNS 53 TCP
Doly Trojan 21/1010-1012/1015 TCP
Donald Dick 23476/23477 TCP
DRAT 48/50 TCP
DUN Control 12623 UDP
Eclipse 2000 3459 TCP
Eclypse 3801 UDP
Email Password Sender 25 TCP
Evil FTP 23456 TCP
Executer 80 TCP
File Nail 4567 TCP
Firehotcker 79/5321 TCP
Fore 21/50766 TCP
FTP – Trojan 21 TCP
FTP99cmp 1492 TCP
Gaban Bus 12345/12346 TCP
Gate Crasher 6969/6970 TCP
GirlFriend 21554 TCP

Gjamer 12076 TCP
Hack ’99 KeyLogger 12223 TCP
Hack ‘a’ Tack 31780/31785/31787-31789 TCP
Hack ‘a’ Tack 31791/31792 UDP
HackCity Ripper Pro 2023 TCP
Hackers Paradise 31/456 TCP
HackOffice 8897 TCP

Haebu Coceda 25 TCP
Happy 99 25/119 TCP
Hidden Port 99 TCP
Hooker 80 TCP
Host Control 6669/11050 TCP
HVL Rat5 2283 TCP
icKiller 7789 TCP
ICQ (ICQ.com – community, people search and messaging service!) 1027/1029/1032 TCP

ICQ Revenge 16772/19864 TCP
ICQ Trojan 4590 TCP
Illusion Mailer 2155/5512 TCP
InCommand 9400 TCP
Indoctrination 6939 TCP
Infector 146 TCP
Infector 146 UDP
iNi-Killer 555/9989 TCP
Insane Network 2000 TCP

Invisible FTP 21 TCP
IRC-3 6969 TCP
JammerKillah 121 TCP
Kazimas 113/7000 TCP
Kuang2 25/17300/30999 TCP
Larva 21 TCP
Logged 20203 TCP
Masters’ Paradise 31/3129/40421-40423/40425-40426 TCP
Mavericks Matrix 1269 TCP

Millenium 20000-20001 TCP
MiniCommand 1050 TCP
Mosucker 16484 TCP
Nephron 17777 TCP
Net Administrator 21/555 TCP
Net Controller 123 TCP
Netbios datagram (DoS Attack) 138 TCP
Netbios name (DoS Attack) 137 TCP

Netbios session (DoS Attack) 139 TCP
NetBus 12345-12346 TCP
NetBus Pro 20034 TCP
NetMetropolitan 5031 TCP
NetMonitor 7300-7301/7306-7308 TCP
NetRaider 57341 TCP
NETrojan 1313 TCP
NetSphere 30100-30103 TCP

NetSpy 1024/1033/31338-31339 TCP
NewApt 25 TCP
NoBackO 1200-1201 UDP
One of the Last Trojan (OOTLT) 5011 TCP
OpC BO 1969 TCP
PC Crasher 5637-5638 TCP
Phase Zero 555 TCP
Phineas Phucker 2801 TCP
Pie Bill Gates 12345 TCP

Portal of Doom 3700/9872-9875 TCP
Portal of Doom 10067/10167 UDP
Priority 6969/16969 TCP
Progenic 11223 TCP
ProMail Trojan 25/110 TCP
Prosiak 22222/33333 TCP
Psyber Stream Server 1024/1170/1509/4000 TCP

Rasmin 531/1045 TCP
RAT 1095/1097-1099/2989 TCP
RC 65535 TCP
Rcon 8989 TCP
Remote Grab 7000 TCP
Remote Windows Shutdown 53001 TCP
RingZero 80/3128/8080 TCP
Robo-Hack 5569 TCP
Satanz backDoor 666 TCP

ScheduleAgent 6667 TCP
School Bus 54321 TCP
Schwindler 21554/50766 TCP
Secret Agent 11223 TCP
Secret Service 605/6272 TCP
Senna Spy FTP Server 21/11000/13000 TCP
ServeMe 5555 TCP
ServeU 666 TCP
Shadow Phyre 666 TCP

Shit Heep 6912 TCP
ShockRave 1981 TCP
Shtirlitz 25 TCP
Sivka-Burka 1600 TCP
SK Silencer 1001 TCP
Socket25 30303 TCP
Sockets de Troie 5000-5001/30303/50505 TCP
SoftWAR 1207 TCP
Spirit 2001a 33911 TCP

SpySender 1807 TCP
Stealth 25 TCP
Stealth Spy 555 TCP
Streaming Audio trojan 1170 TCP
Striker 2565 TCP
SubSeven 1243/2773/6711-6713/6776/7000/7215
/27374/27573/54283 TCP
SubSeven Apocalypse 1243 TCP

Syphillis 10086 TCP
Tapiras 25 TCP
TCP Wrappers 421 TCP
TeleCommando 61466 TCP
Terminator 25 TCP
Terror Trojan 3456 TCP
The Invasor 2140/3150 TCP
The Prayer 2716/9999 TCP
The Spy 40412 TCP
The Thing 6000/6400 TCP

The Traitor 65432 TCP
The Traitor 65432 UDP
The Trojan Cow 2001 TCP
The Unexplained 29891 UDP
Tiny Telnet Server 23/34324 TCP
TransScout 1999-2005/9878 TCP
Trinoo 34555/35555 UDP
Truva Atl 23 TCP
Ugly FTP 23456 TCP
Ultor’s Trojan 1234 TCP
Vampire 1020 TCP
Vampyre 6669 TCP
Virtual Hacking Machine 4242 TCP
Voice 1024/1170/4000 TCP
Voodoo Doll 1245 TCP
Wack-a-mole 12361-12362 TCP
Web Ex 21/1001 TCP
WhackJob 12631/23456 TCP

WinCrash 21/2583/3024/4092/5714/5741-5742 TCP
WinGate (socks-proxy) 1080 TCP
WinHole 1080/1082 TCP
WinNuke 135/139 TCP
WinPC 25 TCP
WinSatan 999 TCP
WinSpy 25 TCP
X-bill 12345-12346 TCP
Xplorer 2300 TCP

Xtcp 5550 TCP
Xtreme 1090 TCP
YAT 37651

One Comment to “MikroTik : Scrip Drop Virus Conficker dll – protecting your customers”

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: