Blocking Virus Conficker pada Mikrotik

Seperti yang kita ketahui, virus conficker memang benar-benar membuat pusing para teknisi warnet atau kantor-kantor yg komputer satu dengan yg lain terhubung LAN. Bagaimana tidak, virus ini cepat sekali berkembang biak dan menyebar ke seluruh komputer dalam LAN. Bagi jaringan yg share koneksi internet, virus ini menyebabkan penggunaan bandwidth menjadi penuh.

Trik untuk mencegah penyebaran virus conficker pada LAN dengan mikrotik sebagai berikut:

1. Buat dulu connection-mark pada mangle

/ip firewall mangle add chain=prerouting protocol=tcp dst-port=445 action=mark-connection new-connection-
mark=conficker-conn passthrough=yes disabled=no

/ip firewall mangle add chain=prerouting protocol=udp dst-port=445 action=mark-connection new-connection-
mark=conficker-conn passthrough=yes disabled=no

/ip firewall mangle add chain=prerouting protocol=tcp dst-port=135 action=mark-connection new-connection-
mark=conficker-conn passthrough=yes disabled=no

/ip firewall mangle add chain=prerouting protocol=udp dst-port=135 action=mark-connection new-connection-
mark=conficker-conn passthrough=yes disabled=no

/ip firewall mangle add chain=prerouting protocol=tcp dst-port=137 action=mark-connection new-connection-
mark=conficker-conn passthrough=yes disabled=no

/ip firewall mangle add chain=prerouting protocol=udp dst-port=137 action=mark-connection new-connection-
mark=conficker-conn passthrough=yes disabled=no

/ip firewall mangle add chain=prerouting protocol=tcp dst-port=138 action=mark-connection new-connection-
mark=conficker-conn passthrough=yes disabled=no

/ip firewall mangle add chain=prerouting protocol=udp dst-port=138 action=mark-connection new-connection-
mark=conficker-conn passthrough=yes disabled=no

/ip firewall mangle add chain=prerouting protocol=tcp dst-port=139 action=mark-connection new-connection-
mark=conficker-conn passthrough=yes disabled=no

/ip firewall mangle add chain=prerouting protocol=udp dst-port=139 action=mark-connection new-connection-
mark=conficker-conn passthrough=yes disabled=no

/ip firewall mangle add chain=prerouting protocol=tcp dst-port=4691 action=mark-connection new-connection-
mark=conficker-conn passthrough=yes disabled=no

/ip firewall mangle add chain=prerouting protocol=tcp dst-port=5933 action=mark-connection new-connection-
mark=conficker-conn passthrough=yes disabled=no

2. Buat packet-mark pada mangle

/ip firewall mangle add chain=prerouting connection-mark=conficker-conn action=mark-packet new-packet-mar
k=conficker-packet passthrough=no disabled=no

3. Buat action pada filter rules

/ip firewall filter add chain=forward packet-mark=conficker-packet action=drop disabled=no

Script di atas hanya digunakan untuk block penyebaran virus. Untuk membersihkan virus pada komputer, scan saja dengan anti virus dan patch windows anda.

semoga membantu…

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: