tag:blogger.com,1999:blog-61153628029773645712024-03-13T09:24:44.083-07:00AntarlangitArtikel, Tips Trik,Cheat, Game onlineAnonymoushttp://www.blogger.com/profile/00044515297900307150noreply@blogger.comBlogger12125tag:blogger.com,1999:blog-6115362802977364571.post-65988513087104549702017-08-05T07:29:00.000-07:002017-08-05T07:29:41.532-07:00Manual:Securing Your Router<h2 style="background: none rgb(255, 255, 255); border-bottom: 1px solid rgb(170, 170, 170); font-family: "Linux Libertine", Georgia, Times, serif; font-weight: normal; line-height: 1.3; margin: 1em 0px 0.25em; overflow: hidden; padding: 0px;">
<span class="mw-headline" id="Access_to_a_router">Access to a router</span></h2>
<h3 style="background: none rgb(255, 255, 255); border-bottom: none; font-family: sans-serif; line-height: 1.6; margin: 0.3em 0px 0px; overflow: hidden; padding-bottom: 0px; padding-top: 0.5em;">
<span class="mw-headline" id="Access_username">Access username</span></h3>
<div style="background-color: white; color: #252525; font-family: sans-serif; font-size: 14px; line-height: inherit; margin-bottom: 0.5em; margin-top: 0.5em;">
Change default username admin to different name, custom name helps to protect access to your rotuer, if anybody got direct access to your router.</div>
<pre style="background: rgba(255, 255, 238, 0.7); border-radius: 5px; border: 1px solid rgb(170, 170, 170); box-shadow: rgb(192, 192, 192) 0px 0px 12px; font-family: monospace, Courier; font-size: 14px; line-height: 1.3em; margin-left: 20px; padding: 1em; width: 997.266px;">/user print
/user set 0 name=myname</pre>
<h3 style="background: none rgb(255, 255, 255); border-bottom: none; font-family: sans-serif; line-height: 1.6; margin: 0.3em 0px 0px; overflow: hidden; padding-bottom: 0px; padding-top: 0.5em;">
<span class="mw-headline" id="Access_password">Access password</span></h3>
<div style="background-color: white; color: #252525; font-family: sans-serif; font-size: 14px; line-height: inherit; margin-bottom: 0.5em; margin-top: 0.5em;">
MikroTik routers requires password configuration, we suggest to use pwgen or other password generator tool to create secure and non-repeating passwords,</div>
<pre style="background: rgba(255, 255, 238, 0.7); border-radius: 5px; border: 1px solid rgb(170, 170, 170); box-shadow: rgb(192, 192, 192) 0px 0px 12px; font-family: monospace, Courier; font-size: 14px; line-height: 1.3em; margin-left: 20px; padding: 1em; width: 997.266px;">/user set 0 password="!={Ba3N!"40TуX+GvKBz?jTLIUcx/,"
</pre>
<div style="background-color: white; color: #252525; font-family: sans-serif; font-size: 14px; line-height: inherit; margin-bottom: 0.5em; margin-top: 0.5em;">
Another option to set a password,</div>
<pre style="background: rgba(255, 255, 238, 0.7); border-radius: 5px; border: 1px solid rgb(170, 170, 170); box-shadow: rgb(192, 192, 192) 0px 0px 12px; font-family: monospace, Courier; font-size: 14px; line-height: 1.3em; margin-left: 20px; padding: 1em; width: 997.266px;">/password </pre>
<div style="background-color: white; color: #252525; font-family: sans-serif; font-size: 14px; line-height: inherit; margin-bottom: 0.5em; margin-top: 0.5em;">
We strongly suggest to use second method or Winbox interface to apply new password for your router, just to keep it safe from other unauthorised access.</div>
<h3 style="background: none rgb(255, 255, 255); border-bottom: none; font-family: sans-serif; line-height: 1.6; margin: 0.3em 0px 0px; overflow: hidden; padding-bottom: 0px; padding-top: 0.5em;">
<span class="mw-headline" id="Access_by_IP_address">Access by IP address</span></h3>
<div style="background-color: white; color: #252525; font-family: sans-serif; font-size: 14px; line-height: inherit; margin-bottom: 0.5em; margin-top: 0.5em;">
Besides the fact that default firewall protects your router from unauthorized access from outer networks, it is possible to restrict username access for the specific IP address</div>
<pre style="background: rgba(255, 255, 238, 0.7); border-radius: 5px; border: 1px solid rgb(170, 170, 170); box-shadow: rgb(192, 192, 192) 0px 0px 12px; font-family: monospace, Courier; font-size: 14px; line-height: 1.3em; margin-left: 20px; padding: 1em; width: 997.266px;">/user set 0 allowed-address=x.x.x.x/yy</pre>
<div style="background-color: white; color: #252525; font-family: sans-serif; font-size: 14px; line-height: inherit; margin-bottom: 0.5em; margin-top: 0.5em;">
x.x.x.x/yy - your IP or network subnet that is allowed to access your router.</div>
<div id="shbox" style="background: rgba(255, 255, 238, 0.7); border-color: lightgrey; border-radius: 5px; border-style: solid; border-width: 1px; box-shadow: rgb(192, 192, 192) 6px 6px 6px; color: #252525; font-family: sans-serif; font-size: 0.9em; margin-top: 20px; min-height: 56px; padding: 2px 5px 2px 10px;">
<div class="floatleft" style="border: 0px; clear: left; float: left; margin: 0px 0.5em 0.5em 0px; position: relative;">
<a class="image" href="https://wiki.mikrotik.com/wiki/File:Icon-note.png" style="background: none; color: #0b0080; text-decoration-line: none;"><img alt="Icon-note.png" height="56" src="https://wiki.mikrotik.com/images/thumb/e/ee/Icon-note.png/56px-Icon-note.png" srcset="/images/thumb/e/ee/Icon-note.png/84px-Icon-note.png 1.5x, /images/thumb/e/ee/Icon-note.png/112px-Icon-note.png 2x" style="border: none; vertical-align: middle;" width="56" /></a></div>
<div style="line-height: inherit; margin-bottom: 0.5em; margin-left: 56px; margin-top: 10px;">
<b>Note:</b> login to router with new credentials to check that username/password are working.</div>
</div>
<div style="background-color: white; color: #252525; font-family: sans-serif; font-size: 14px; line-height: inherit; margin-bottom: 0.5em; margin-top: 0.5em;">
<br style="clear: both;" /></div>
<h2 style="background: none rgb(255, 255, 255); border-bottom: 1px solid rgb(170, 170, 170); font-family: "Linux Libertine", Georgia, Times, serif; font-weight: normal; line-height: 1.3; margin: 1em 0px 0.25em; overflow: hidden; padding: 0px;">
<span class="mw-headline" id="Router_services">Router services</span></h2>
<div style="background-color: white; color: #252525; font-family: sans-serif; font-size: 14px; line-height: inherit; margin-bottom: 0.5em; margin-top: 0.5em;">
All production routers have to be administred by SSH, secured Winbox or HTTPs services. Use the latest Winbox version for secure access. <a class="image" href="https://wiki.mikrotik.com/wiki/File:Screenshot_2017-03-23_14.53.51.png" style="background: none; color: #0b0080; text-decoration-line: none;"><img alt="Screenshot 2017-03-23 14.53.51.png" height="494" src="https://wiki.mikrotik.com/images/thumb/2/2e/Screenshot_2017-03-23_14.53.51.png/900px-Screenshot_2017-03-23_14.53.51.png" srcset="/images/thumb/2/2e/Screenshot_2017-03-23_14.53.51.png/1350px-Screenshot_2017-03-23_14.53.51.png 1.5x, /images/thumb/2/2e/Screenshot_2017-03-23_14.53.51.png/1800px-Screenshot_2017-03-23_14.53.51.png 2x" style="border: none; margin: 0px; vertical-align: middle;" width="900" /></a></div>
<h3 style="background: none rgb(255, 255, 255); border-bottom: none; font-family: sans-serif; line-height: 1.6; margin: 0.3em 0px 0px; overflow: hidden; padding-bottom: 0px; padding-top: 0.5em;">
<span class="mw-headline" id="RouterOS_services">RouterOS services</span></h3>
<div style="background-color: white; color: #252525; font-family: sans-serif; font-size: 14px; line-height: inherit; margin-bottom: 0.5em; margin-top: 0.5em;">
Most of RouterOS administrative tools are configured at</div>
<pre style="background: rgba(255, 255, 238, 0.7); border-radius: 5px; border: 1px solid rgb(170, 170, 170); box-shadow: rgb(192, 192, 192) 0px 0px 12px; font-family: monospace, Courier; font-size: 14px; line-height: 1.3em; margin-left: 20px; padding: 1em; width: 997.266px;"> /ip service print </pre>
<div style="background-color: white; color: #252525; font-family: sans-serif; font-size: 14px; line-height: inherit; margin-bottom: 0.5em; margin-top: 0.5em;">
Keep only secure ones,</div>
<pre style="background: rgba(255, 255, 238, 0.7); border-radius: 5px; border: 1px solid rgb(170, 170, 170); box-shadow: rgb(192, 192, 192) 0px 0px 12px; font-family: monospace, Courier; font-size: 14px; line-height: 1.3em; margin-left: 20px; padding: 1em; width: 997.266px;">/ip service disable telnet,ftp,www,api,api-ssl
/ip service print </pre>
<div style="background-color: white; color: #252525; font-family: sans-serif; font-size: 14px; line-height: inherit; margin-bottom: 0.5em; margin-top: 0.5em;">
and also change the default port, this will immediately stop most of the random SSH bruteforce login attempts:</div>
<pre style="background: rgba(255, 255, 238, 0.7); border-radius: 5px; border: 1px solid rgb(170, 170, 170); box-shadow: rgb(192, 192, 192) 0px 0px 12px; font-family: monospace, Courier; font-size: 14px; line-height: 1.3em; margin-left: 20px; padding: 1em; width: 997.266px;">/ip service set ssh port=2200
/ip service print </pre>
<div style="background-color: white; color: #252525; font-family: sans-serif; font-size: 14px; line-height: inherit; margin-bottom: 0.5em; margin-top: 0.5em;">
Additionaly each /ip service entity might be secured by allowed IP address (the address service will reply to)</div>
<pre style="background: rgba(255, 255, 238, 0.7); border-radius: 5px; border: 1px solid rgb(170, 170, 170); box-shadow: rgb(192, 192, 192) 0px 0px 12px; font-family: monospace, Courier; font-size: 14px; line-height: 1.3em; margin-left: 20px; padding: 1em; width: 997.266px;">/ip service set winbox allowed-address=192.168.88.0/24</pre>
<h3 style="background: none rgb(255, 255, 255); border-bottom: none; font-family: sans-serif; line-height: 1.6; margin: 0.3em 0px 0px; overflow: hidden; padding-bottom: 0px; padding-top: 0.5em;">
<span class="mw-headline" id="RouterOS_MAC-access">RouterOS MAC-access</span></h3>
<div style="background-color: white; color: #252525; font-family: sans-serif; font-size: 14px; line-height: inherit; margin-bottom: 0.5em; margin-top: 0.5em;">
RouterOS has built-in options for easy management access to network devices. The particular services should be shutdown on production networks.</div>
<h4 style="background: none rgb(255, 255, 255); border-bottom: none; font-family: sans-serif; font-size: 14px; line-height: 1.6; margin: 0.3em 0px 0px; overflow: hidden; padding-bottom: 0px; padding-top: 0.5em;">
<span class="mw-headline" id="MAC-Telnet">MAC-Telnet</span></h4>
<div style="background-color: white; color: #252525; font-family: sans-serif; font-size: 14px; line-height: inherit; margin-bottom: 0.5em; margin-top: 0.5em;">
Disable mac-telnet services,</div>
<pre style="background: rgba(255, 255, 238, 0.7); border-radius: 5px; border: 1px solid rgb(170, 170, 170); box-shadow: rgb(192, 192, 192) 0px 0px 12px; font-family: monospace, Courier; font-size: 14px; line-height: 1.3em; margin-left: 20px; padding: 1em; width: 997.266px;">/tool mac-server set [find] disabled=yes
/tool mac-server print</pre>
<h4 style="background: none rgb(255, 255, 255); border-bottom: none; font-family: sans-serif; font-size: 14px; line-height: 1.6; margin: 0.3em 0px 0px; overflow: hidden; padding-bottom: 0px; padding-top: 0.5em;">
<span class="mw-headline" id="MAC-Winbox">MAC-Winbox</span></h4>
<div style="background-color: white; color: #252525; font-family: sans-serif; font-size: 14px; line-height: inherit; margin-bottom: 0.5em; margin-top: 0.5em;">
Disable mac-winbox services,</div>
<pre style="background: rgba(255, 255, 238, 0.7); border-radius: 5px; border: 1px solid rgb(170, 170, 170); box-shadow: rgb(192, 192, 192) 0px 0px 12px; font-family: monospace, Courier; font-size: 14px; line-height: 1.3em; margin-left: 20px; padding: 1em; width: 997.266px;">/tool mac-server mac-winbox set [find] disabled=yes
/tool mac-server mac-winbox print</pre>
<h4 style="background: none rgb(255, 255, 255); border-bottom: none; font-family: sans-serif; font-size: 14px; line-height: 1.6; margin: 0.3em 0px 0px; overflow: hidden; padding-bottom: 0px; padding-top: 0.5em;">
<span class="mw-headline" id="MAC-Ping">MAC-Ping</span></h4>
<div style="background-color: white; color: #252525; font-family: sans-serif; font-size: 14px; line-height: inherit; margin-bottom: 0.5em; margin-top: 0.5em;">
Disable mac-ping service,</div>
<pre style="background: rgba(255, 255, 238, 0.7); border-radius: 5px; border: 1px solid rgb(170, 170, 170); box-shadow: rgb(192, 192, 192) 0px 0px 12px; font-family: monospace, Courier; font-size: 14px; line-height: 1.3em; margin-left: 20px; padding: 1em; width: 997.266px;">/tool mac-server ping set enabled=no
/tool mac-server ping print</pre>
<h3 style="background: none rgb(255, 255, 255); border-bottom: none; font-family: sans-serif; line-height: 1.6; margin: 0.3em 0px 0px; overflow: hidden; padding-bottom: 0px; padding-top: 0.5em;">
<span class="mw-headline" id="Neighbor_Discovery">Neighbor Discovery</span></h3>
<div style="background-color: white; color: #252525; font-family: sans-serif; font-size: 14px; line-height: inherit; margin-bottom: 0.5em; margin-top: 0.5em;">
MikroTik Neighbor discovery protocol is used to show and recognize other MikroTik routers in the network, disable neighbor discovery on all interfaces,</div>
<pre style="background: rgba(255, 255, 238, 0.7); border-radius: 5px; border: 1px solid rgb(170, 170, 170); box-shadow: rgb(192, 192, 192) 0px 0px 12px; font-family: monospace, Courier; font-size: 14px; line-height: 1.3em; margin-left: 20px; padding: 1em; width: 997.266px;">/ip neighbor discovery set [find] discover=no </pre>
<h3 style="background: none rgb(255, 255, 255); border-bottom: none; font-family: sans-serif; line-height: 1.6; margin: 0.3em 0px 0px; overflow: hidden; padding-bottom: 0px; padding-top: 0.5em;">
<span class="mw-headline" id="Bandwidth_server">Bandwidth server</span></h3>
<div style="background-color: white; color: #252525; font-family: sans-serif; font-size: 14px; line-height: inherit; margin-bottom: 0.5em; margin-top: 0.5em;">
Bandwidth server is used to test throughput between two MikroTik routers. Disable it in production enironment.</div>
<pre style="background: rgba(255, 255, 238, 0.7); border-radius: 5px; border: 1px solid rgb(170, 170, 170); box-shadow: rgb(192, 192, 192) 0px 0px 12px; font-family: monospace, Courier; font-size: 14px; line-height: 1.3em; margin-left: 20px; padding: 1em; width: 997.266px;">/tool bandwidth-server set enabled=no </pre>
<h3 style="background: none rgb(255, 255, 255); border-bottom: none; font-family: sans-serif; line-height: 1.6; margin: 0.3em 0px 0px; overflow: hidden; padding-bottom: 0px; padding-top: 0.5em;">
<span class="mw-headline" id="DNS_cache">DNS cache</span></h3>
<div style="background-color: white; color: #252525; font-family: sans-serif; font-size: 14px; line-height: inherit; margin-bottom: 0.5em; margin-top: 0.5em;">
Router might have DNS cache enabled, that decreases resolving time for DNS requests from clients to remote servers. In case DNS cache is not required on your router or another router is used for such purposes, disable it.</div>
<pre style="background: rgba(255, 255, 238, 0.7); border-radius: 5px; border: 1px solid rgb(170, 170, 170); box-shadow: rgb(192, 192, 192) 0px 0px 12px; font-family: monospace, Courier; font-size: 14px; line-height: 1.3em; margin-left: 20px; padding: 1em; width: 997.266px;">ip dns set allow-remote-requests=no</pre>
<h3 style="background: none rgb(255, 255, 255); border-bottom: none; font-family: sans-serif; line-height: 1.6; margin: 0.3em 0px 0px; overflow: hidden; padding-bottom: 0px; padding-top: 0.5em;">
<span class="mw-headline" id="Other_clients_services">Other clients services</span></h3>
<div style="background-color: white; color: #252525; font-family: sans-serif; font-size: 14px; line-height: inherit; margin-bottom: 0.5em; margin-top: 0.5em;">
RouterOS might have other services enabled (they are disabled by default RouterOS configuration). MikroTik caching proxy,</div>
<pre style="background: rgba(255, 255, 238, 0.7); border-radius: 5px; border: 1px solid rgb(170, 170, 170); box-shadow: rgb(192, 192, 192) 0px 0px 12px; font-family: monospace, Courier; font-size: 14px; line-height: 1.3em; margin-left: 20px; padding: 1em; width: 997.266px;">/ip proxy set set enabled=no</pre>
<div style="background-color: white; color: #252525; font-family: sans-serif; font-size: 14px; line-height: inherit; margin-bottom: 0.5em; margin-top: 0.5em;">
MikroTik socks proxy,</div>
<pre style="background: rgba(255, 255, 238, 0.7); border-radius: 5px; border: 1px solid rgb(170, 170, 170); box-shadow: rgb(192, 192, 192) 0px 0px 12px; font-family: monospace, Courier; font-size: 14px; line-height: 1.3em; margin-left: 20px; padding: 1em; width: 997.266px;">/ip socks set enabled=no</pre>
<div style="background-color: white; color: #252525; font-family: sans-serif; font-size: 14px; line-height: inherit; margin-bottom: 0.5em; margin-top: 0.5em;">
MikroTik UPNP service,</div>
<pre style="background: rgba(255, 255, 238, 0.7); border-radius: 5px; border: 1px solid rgb(170, 170, 170); box-shadow: rgb(192, 192, 192) 0px 0px 12px; font-family: monospace, Courier; font-size: 14px; line-height: 1.3em; margin-left: 20px; padding: 1em; width: 997.266px;">/ip upnp set enabled=no</pre>
<div style="background-color: white; color: #252525; font-family: sans-serif; font-size: 14px; line-height: inherit; margin-bottom: 0.5em; margin-top: 0.5em;">
MikroTik dynamic name service or ip cloud,</div>
<pre style="background: rgba(255, 255, 238, 0.7); border-radius: 5px; border: 1px solid rgb(170, 170, 170); box-shadow: rgb(192, 192, 192) 0px 0px 12px; font-family: monospace, Courier; font-size: 14px; line-height: 1.3em; margin-left: 20px; padding: 1em; width: 997.266px;">ip cloud set ddns-enabled=no update-time=no</pre>
<h3 style="background: none rgb(255, 255, 255); border-bottom: none; font-family: sans-serif; line-height: 1.6; margin: 0.3em 0px 0px; overflow: hidden; padding-bottom: 0px; padding-top: 0.5em;">
<span class="mw-headline" id="More_Secure_SSH_access">More Secure SSH access</span></h3>
<div style="background-color: white; color: #252525; font-family: sans-serif; font-size: 14px; line-height: inherit; margin-bottom: 0.5em; margin-top: 0.5em;">
RouterOS utilises stronger crypto for SSH, most newer programs use it, to turn on SSH strong crypto:</div>
<pre style="background: rgba(255, 255, 238, 0.7); border-radius: 5px; border: 1px solid rgb(170, 170, 170); box-shadow: rgb(192, 192, 192) 0px 0px 12px; font-family: monospace, Courier; font-size: 14px; line-height: 1.3em; margin-left: 20px; padding: 1em; width: 997.266px;">/ip ssh set strong-crypto=yes</pre>
<div style="background-color: white; color: #252525; font-family: sans-serif; font-size: 14px; line-height: inherit; margin-bottom: 0.5em; margin-top: 0.5em;">
<br /></div>
<h2 style="background: none rgb(255, 255, 255); border-bottom: 1px solid rgb(170, 170, 170); font-family: "Linux Libertine", Georgia, Times, serif; font-weight: normal; line-height: 1.3; margin: 1em 0px 0.25em; overflow: hidden; padding: 0px;">
<span class="mw-headline" id="Router_interface">Router interface</span></h2>
<h3 style="background: none rgb(255, 255, 255); border-bottom: none; font-family: sans-serif; line-height: 1.6; margin: 0.3em 0px 0px; overflow: hidden; padding-bottom: 0px; padding-top: 0.5em;">
<span class="mw-headline" id="Ethernet.2FSFP_interfaces">Ethernet/SFP interfaces</span></h3>
<div style="background-color: white; color: #252525; font-family: sans-serif; font-size: 14px; line-height: inherit; margin-bottom: 0.5em; margin-top: 0.5em;">
It is good practice to disable all unused interfaces on your router, in order to decrease unauthorised access to your router.</div>
<pre style="background: rgba(255, 255, 238, 0.7); border-radius: 5px; border: 1px solid rgb(170, 170, 170); box-shadow: rgb(192, 192, 192) 0px 0px 12px; font-family: monospace, Courier; font-size: 14px; line-height: 1.3em; margin-left: 20px; padding: 1em; width: 997.266px;">/interface print
/interface set x disabled=yes</pre>
<ul style="background-color: white; color: #252525; font-family: sans-serif; font-size: 14px; line-height: 1.5em; list-style-image: url("data:image/png; margin: 0.3em 0px 0px 1.6em; padding: 0px;">
<li style="margin-bottom: 0.1em;">x numbers of the unused interfaces.</li>
</ul>
<h3 style="background: none rgb(255, 255, 255); border-bottom: none; font-family: sans-serif; line-height: 1.6; margin: 0.3em 0px 0px; overflow: hidden; padding-bottom: 0px; padding-top: 0.5em;">
<span class="mw-headline" id="LCD">LCD</span></h3>
<div style="background-color: white; color: #252525; font-family: sans-serif; font-size: 14px; line-height: inherit; margin-bottom: 0.5em; margin-top: 0.5em;">
Some RouterBOARDs have LCD module for informational purpose, set pin or disable it.</div>
<pre style="background: rgba(255, 255, 238, 0.7); border-radius: 5px; border: 1px solid rgb(170, 170, 170); box-shadow: rgb(192, 192, 192) 0px 0px 12px; font-family: monospace, Courier; font-size: 14px; line-height: 1.3em; margin-left: 20px; padding: 1em; width: 997.266px;">/lcd set enabled=no</pre>
<div style="background-color: white; color: #252525; font-family: sans-serif; font-size: 14px; line-height: inherit; margin-bottom: 0.5em; margin-top: 0.5em;">
<br /></div>
<h2 style="background: none rgb(255, 255, 255); border-bottom: 1px solid rgb(170, 170, 170); font-family: "Linux Libertine", Georgia, Times, serif; font-weight: normal; line-height: 1.3; margin: 1em 0px 0.25em; overflow: hidden; padding: 0px;">
<span class="mw-headline" id="Firewall">Firewall</span></h2>
<div style="background-color: white; color: #252525; font-family: sans-serif; font-size: 14px; line-height: inherit; margin-bottom: 0.5em; margin-top: 0.5em;">
We strongly suggest to keep default firewall on. Here are few adjustment to make it more secure, make sure to apply the rules, when you understand what are they doing.</div>
<h3 style="background: none rgb(255, 255, 255); border-bottom: none; font-family: sans-serif; line-height: 1.6; margin: 0.3em 0px 0px; overflow: hidden; padding-bottom: 0px; padding-top: 0.5em;">
<span class="mw-headline" id="IPv4_firewall_to_a_router">IPv4 firewall to a router</span></h3>
<ul style="background-color: white; color: #252525; font-family: sans-serif; font-size: 14px; line-height: 1.5em; list-style-image: url("data:image/png; margin: 0.3em 0px 0px 1.6em; padding: 0px;">
<li style="margin-bottom: 0.1em;">work with new connections to decrease load on a router;</li>
<li style="margin-bottom: 0.1em;">create address-list for IP addresses, that are allowed to access your router;</li>
<li style="margin-bottom: 0.1em;">enable ICMP access (optionally);</li>
<li style="margin-bottom: 0.1em;">drop everything else, log=yes might be added to log packets that hit the specific rule;</li>
</ul>
<pre style="background: rgba(255, 255, 238, 0.7); border-radius: 5px; border: 1px solid rgb(170, 170, 170); box-shadow: rgb(192, 192, 192) 0px 0px 12px; font-family: monospace, Courier; font-size: 14px; line-height: 1.3em; margin-left: 20px; padding: 1em; width: 997.266px;">/ip firewall filter
add action=accept chain=input comment="default configuration" connection-state=established,related
add action=accept chain=input src-address-list=allowed_to_router
add action=accept chain=input protocol=icmp
add action=drop chain=input
/ip firewall address-list
add address=192.168.88.2-192.168.88.254 list=allowed_to_router</pre>
<h3 style="background: none rgb(255, 255, 255); border-bottom: none; font-family: sans-serif; line-height: 1.6; margin: 0.3em 0px 0px; overflow: hidden; padding-bottom: 0px; padding-top: 0.5em;">
<span class="mw-headline" id="IPv4_firewall_for_clients">IPv4 firewall for clients</span></h3>
<ul style="background-color: white; color: #252525; font-family: sans-serif; font-size: 14px; line-height: 1.5em; list-style-image: url("data:image/png; margin: 0.3em 0px 0px 1.6em; padding: 0px;">
<li style="margin-bottom: 0.1em;">Established/related packets are added to <a href="https://wiki.mikrotik.com/wiki/Manual:IP/Fasttrack" style="background: none; color: #0b0080; text-decoration-line: none;" title="Manual:IP/Fasttrack">fasttrack</a> for faster data throughput, firewall will work with new connections only;</li>
<li style="margin-bottom: 0.1em;">drop invalid connection and log them with prefix invalid;</li>
<li style="margin-bottom: 0.1em;">drop attempts to reach not public addresses from your local network, apply address-list=not_in_internet before, bridge1 is local network interface, log attempts with !public_from_LAN;</li>
<li style="margin-bottom: 0.1em;">drop incoming packets that are not NATed, ether1 is public interface, log attempts with !NAT prefix;</li>
<li style="margin-bottom: 0.1em;">drop incoming packets from Internet, which are not public IP addresses, ether1 is public interface, log attempts with prefix !public;</li>
<li style="margin-bottom: 0.1em;">drop packets from LAN that does not have LAN IP, 192.168.88.0/24 is local network used subnet;</li>
</ul>
<pre style="background: rgba(255, 255, 238, 0.7); border-radius: 5px; border: 1px solid rgb(170, 170, 170); box-shadow: rgb(192, 192, 192) 0px 0px 12px; font-family: monospace, Courier; font-size: 14px; line-height: 1.3em; margin-left: 20px; padding: 1em; width: 997.266px;">/ip firewall filter
add action=fasttrack-connection chain=forward comment=FastTrack connection-state=established,related
add action=accept chain=forward comment="Established, Related" connection-state=established,related
add action=drop chain=forward comment="Drop invalid" connection-state=invalid log=yes log-prefix=invalid
add action=drop chain=forward comment="Drop tries to reach not public addresses from LAN" dst-address-list=not_in_internet in-interface=bridge1 log=yes log-prefix=!public_from_LAN out-interface=!bridge1
add action=drop chain=forward comment="Drop incoming packets that are not NATted" connection-nat-state=!dstnat connection-state=new in-interface=ether1 log=yes log-prefix=!NAT
add action=drop chain=forward comment="Drop incoming from internet which is not public IP" in-interface=ether1 log=yes log-prefix=!public src-address-list=not_in_internet
add action=drop chain=forward comment="Drop packets from LAN that do not have LAN IP" in-interface=bridge1 log=yes log-prefix=LAN_!LAN src-address=!192.168.88.0/24
/ip firewall address-list
add address=0.0.0.0/8 comment=RFC6890 list=not_in_internet
add address=172.16.0.0/12 comment=RFC6890 list=not_in_internet
add address=192.168.0.0/16 comment=RFC6890 list=not_in_internet
add address=10.0.0.0/8 comment=RFC6890 list=not_in_internet
add address=169.254.0.0/16 comment=RFC6890 list=not_in_internet
add address=127.0.0.0/8 comment=RFC6890 list=not_in_internet
add address=224.0.0.0/4 comment=Multicast list=not_in_internet
add address=198.18.0.0/15 comment=RFC6890 list=not_in_internet
add address=192.0.0.0/24 comment=RFC6890 list=not_in_internet
add address=192.0.2.0/24 comment=RFC6890 list=not_in_internet
add address=198.51.100.0/24 comment=RFC6890 list=not_in_internet
add address=203.0.113.0/24 comment=RFC6890 list=not_in_internet
add address=100.64.0.0/10 comment=RFC6890 list=not_in_internet
add address=240.0.0.0/4 comment=RFC6890 list=not_in_internet
add address=192.88.99.0/24 comment="6to4 relay Anycast [RFC 3068]" list=not_in_internet</pre>
<div style="background-color: white; color: #252525; font-family: sans-serif; font-size: 14px; line-height: inherit; margin-bottom: 0.5em; margin-top: 0.5em;">
<br /></div>
<div style="background-color: white; color: #252525; font-family: sans-serif; font-size: 14px; line-height: inherit; margin-bottom: 0.5em; margin-top: 0.5em;">
<br /></div>
<h2 style="background: none rgb(255, 255, 255); border-bottom: 1px solid rgb(170, 170, 170); font-family: "Linux Libertine", Georgia, Times, serif; font-weight: normal; line-height: 1.3; margin: 1em 0px 0.25em; overflow: hidden; padding: 0px;">
<span class="mw-headline" id="IPv6">IPv6</span></h2>
<div style="background-color: white; color: #252525; font-family: sans-serif; font-size: 14px; line-height: inherit; margin-bottom: 0.5em; margin-top: 0.5em;">
Currently IPv6 package is disabled by default. Please enable package with care, as RouterOS will not create any default firewall rules for IPv6 at the moment.</div>
<h3 style="background: none rgb(255, 255, 255); border-bottom: none; font-family: sans-serif; line-height: 1.6; margin: 0.3em 0px 0px; overflow: hidden; padding-bottom: 0px; padding-top: 0.5em;">
<span class="mw-headline" id="IPv6_ND">IPv6 ND</span></h3>
<div style="background-color: white; color: #252525; font-family: sans-serif; font-size: 14px; line-height: inherit; margin-bottom: 0.5em; margin-top: 0.5em;">
Disable IPv6 Neighbour Discovery</div>
<pre style="background: rgba(255, 255, 238, 0.7); border-radius: 5px; border: 1px solid rgb(170, 170, 170); box-shadow: rgb(192, 192, 192) 0px 0px 12px; font-family: monospace, Courier; font-size: 14px; line-height: 1.3em; margin-left: 20px; padding: 1em; width: 997.266px;">/ipv6 nd set [find] disabled=yes</pre>
<div style="background-color: white; color: #252525; font-family: sans-serif; font-size: 14px; line-height: inherit; margin-bottom: 0.5em; margin-top: 0.5em;">
<br /></div>
<h3 style="background: none rgb(255, 255, 255); border-bottom: none; font-family: sans-serif; line-height: 1.6; margin: 0.3em 0px 0px; overflow: hidden; padding-bottom: 0px; padding-top: 0.5em;">
<span class="mw-headline" id="IPv6_firewall_to_a_router">IPv6 firewall to a router</span></h3>
<ul style="background-color: white; color: #252525; font-family: sans-serif; font-size: 14px; line-height: 1.5em; list-style-image: url("data:image/png; margin: 0.3em 0px 0px 1.6em; padding: 0px;">
<li style="margin-bottom: 0.1em;">work with new packets, accept established/related packets;</li>
<li style="margin-bottom: 0.1em;">drop link-local addresses from Internet interface;</li>
<li style="margin-bottom: 0.1em;">accept access to a router from link-local addresses, accept multicast addresses for management purposes, accept your address for router access;</li>
<li style="margin-bottom: 0.1em;">drop anything else;</li>
</ul>
<pre style="background: rgba(255, 255, 238, 0.7); border-radius: 5px; border: 1px solid rgb(170, 170, 170); box-shadow: rgb(192, 192, 192) 0px 0px 12px; font-family: monospace, Courier; font-size: 14px; line-height: 1.3em; margin-left: 20px; padding: 1em; width: 997.266px;">/ipv6 firewall filter
add action=accept chain=input comment="allow established and related" connection-state=established,related
add action=drop chain=input in-interface=sit1 log=yes log-prefix=dropLL_from_public src-address=fe80::/16
add action=accept chain=input comment="allow allowed addresses" src-address-list=allowed
add action=drop chain=input
/ipv6 firewall address-list
add address=fe80::/16 list=allowed
add address=xxxx::/48 list=allowed
add address=ff02::/16 comment=multicast list=allowed
</pre>
<div style="background-color: white; color: #252525; font-family: sans-serif; font-size: 14px; line-height: inherit; margin-bottom: 0.5em; margin-top: 0.5em;">
<br /></div>
<h3 style="background: none rgb(255, 255, 255); border-bottom: none; font-family: sans-serif; line-height: 1.6; margin: 0.3em 0px 0px; overflow: hidden; padding-bottom: 0px; padding-top: 0.5em;">
<span class="mw-headline" id="IPv6_firewall_for_clients">IPv6 firewall for clients</span></h3>
<div style="background-color: white; color: #252525; font-family: sans-serif; font-size: 14px; line-height: inherit; margin-bottom: 0.5em; margin-top: 0.5em;">
Enabled IPv6 puts your clients available for public networks, set proper firewall to protect your customers.</div>
<ul style="background-color: white; color: #252525; font-family: sans-serif; font-size: 14px; line-height: 1.5em; list-style-image: url("data:image/png; margin: 0.3em 0px 0px 1.6em; padding: 0px;">
<li style="margin-bottom: 0.1em;">accept established/related and work with new packets;</li>
<li style="margin-bottom: 0.1em;">drop invalid packets and put prefix for rules;</li>
<li style="margin-bottom: 0.1em;">accept ICMP packets;</li>
<li style="margin-bottom: 0.1em;">accept new connection from your clients to the Internet;</li>
<li style="margin-bottom: 0.1em;">drop everything else.</li>
</ul>
<pre style="background: rgba(255, 255, 238, 0.7); border-radius: 5px; border: 1px solid rgb(170, 170, 170); box-shadow: rgb(192, 192, 192) 0px 0px 12px; font-family: monospace, Courier; font-size: 14px; line-height: 1.3em; margin-left: 20px; padding: 1em; width: 997.266px;">/ipv6 firewall filter
add action=accept chain=forward comment=established,related connection-state=established,related
add action=drop chain=forward comment=invalid connection-state=invalid log=yes log-prefix=ipv6,invalid
add action=accept chain=forward comment=icmpv6 in-interface=!sit1 protocol=icmpv6
add action=accept chain=forward comment="local network" in-interface=!sit1 src-address-list=allowed
add action=drop chain=forward log-prefix=IPV6</pre>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-6115362802977364571.post-63566788982540585112017-08-05T07:27:00.001-07:002017-08-05T07:27:25.080-07:00Drop port scanners<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/Cr3bpF1wjFFNH_v1DtTk2S9INgaAhMhvtIxayUlGSZtSYKfkXUa0-15lzIypw32fJg=w300" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="300" data-original-width="300" src="https://1.bp.blogspot.com/Cr3bpF1wjFFNH_v1DtTk2S9INgaAhMhvtIxayUlGSZtSYKfkXUa0-15lzIypw32fJg=w300" /></a></div>
<div style="background-color: white; color: #252525; font-family: sans-serif; font-size: 14px; line-height: inherit; margin-bottom: 0.5em; margin-top: 0.5em;">
<br /></div>
<div style="background-color: white; color: #252525; font-family: sans-serif; font-size: 14px; line-height: inherit; margin-bottom: 0.5em; margin-top: 0.5em;">
<br /></div>
<div style="background-color: white; color: #252525; font-family: sans-serif; font-size: 14px; line-height: inherit; margin-bottom: 0.5em; margin-top: 0.5em;">
To protect the Router from port scanners, we can record the IPs of hackers who try to scan your box. Using this address list we can drop connection from those IP</div>
<div style="background-color: white; color: #252525; font-family: sans-serif; font-size: 14px; line-height: inherit; margin-bottom: 0.5em; margin-top: 0.5em;">
in <b>/ip firewall filter</b></div>
<pre style="background: rgba(255, 255, 238, 0.7); border-radius: 5px; border: 1px solid rgb(170, 170, 170); box-shadow: rgb(192, 192, 192) 0px 0px 12px; font-family: monospace, Courier; font-size: 14px; line-height: 1.3em; margin-left: 20px; padding: 1em; width: 997.266px;">add chain=input protocol=tcp psd=21,3s,3,1 action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="Port scanners to list " disabled=no
</pre>
<div style="background-color: white; color: #252525; font-family: sans-serif; font-size: 14px; line-height: inherit; margin-bottom: 0.5em; margin-top: 0.5em;">
Various combinations of TCP flags can also indicate port scanner activity.</div>
<pre style="background: rgba(255, 255, 238, 0.7); border-radius: 5px; border: 1px solid rgb(170, 170, 170); box-shadow: rgb(192, 192, 192) 0px 0px 12px; font-family: monospace, Courier; font-size: 14px; line-height: 1.3em; margin-left: 20px; padding: 1em; width: 997.266px;">add chain=input protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="NMAP FIN Stealth scan"
</pre>
<pre style="background: rgba(255, 255, 238, 0.7); border-radius: 5px; border: 1px solid rgb(170, 170, 170); box-shadow: rgb(192, 192, 192) 0px 0px 12px; font-family: monospace, Courier; font-size: 14px; line-height: 1.3em; margin-left: 20px; padding: 1em; width: 997.266px;">add chain=input protocol=tcp tcp-flags=fin,syn action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="SYN/FIN scan"
</pre>
<pre style="background: rgba(255, 255, 238, 0.7); border-radius: 5px; border: 1px solid rgb(170, 170, 170); box-shadow: rgb(192, 192, 192) 0px 0px 12px; font-family: monospace, Courier; font-size: 14px; line-height: 1.3em; margin-left: 20px; padding: 1em; width: 997.266px;">add chain=input protocol=tcp tcp-flags=syn,rst action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="SYN/RST scan"
</pre>
<pre style="background: rgba(255, 255, 238, 0.7); border-radius: 5px; border: 1px solid rgb(170, 170, 170); box-shadow: rgb(192, 192, 192) 0px 0px 12px; font-family: monospace, Courier; font-size: 14px; line-height: 1.3em; margin-left: 20px; padding: 1em; width: 997.266px;">add chain=input protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="FIN/PSH/URG scan"
</pre>
<pre style="background: rgba(255, 255, 238, 0.7); border-radius: 5px; border: 1px solid rgb(170, 170, 170); box-shadow: rgb(192, 192, 192) 0px 0px 12px; font-family: monospace, Courier; font-size: 14px; line-height: 1.3em; margin-left: 20px; padding: 1em; width: 997.266px;">add chain=input protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="ALL/ALL scan"
</pre>
<pre style="background: rgba(255, 255, 238, 0.7); border-radius: 5px; border: 1px solid rgb(170, 170, 170); box-shadow: rgb(192, 192, 192) 0px 0px 12px; font-family: monospace, Courier; font-size: 14px; line-height: 1.3em; margin-left: 20px; padding: 1em; width: 997.266px;">add chain=input protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="NMAP NULL scan"
</pre>
<div style="background-color: white; color: #252525; font-family: sans-serif; font-size: 14px; line-height: inherit; margin-bottom: 0.5em; margin-top: 0.5em;">
Then you can drop those IPs:</div>
<pre style="background: rgba(255, 255, 238, 0.7); border-radius: 5px; border: 1px solid rgb(170, 170, 170); box-shadow: rgb(192, 192, 192) 0px 0px 12px; font-family: monospace, Courier; font-size: 14px; line-height: 1.3em; margin-left: 20px; padding: 1em; width: 997.266px;">add chain=input src-address-list="port scanners" action=drop comment="dropping port scanners" disabled=no
</pre>
<div style="background-color: white; color: #252525; font-family: sans-serif; font-size: 14px; line-height: inherit; margin-bottom: 0.5em; margin-top: 0.5em;">
Similarly, you can drop these port scanners in the forward chain, but using the above rules with "chain=forward".</div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-6115362802977364571.post-23386655359986648082017-08-05T07:25:00.000-07:002017-08-05T07:25:25.553-07:00How to Block a Customer and Tell him to Pay the Bill<div class="separator" style="clear: both; text-align: center;">
<a href="http://images.criticbrain.com/1499412168-20891284-media_httpfarm6static_nnvaC.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://images.criticbrain.com/1499412168-20891284-media_httpfarm6static_nnvaC.jpg" data-original-height="371" data-original-width="453" height="262" width="320" /></a></div>
<div style="background-color: white; color: #252525; font-family: sans-serif; font-size: 14px; line-height: inherit; margin-bottom: 0.5em; margin-top: 0.5em;">
<br /></div>
<div style="background-color: white; color: #252525; font-family: sans-serif; font-size: 14px; line-height: inherit; margin-bottom: 0.5em; margin-top: 0.5em;">
Sometimes you may need to cut off a customer and tell him to pay his bill. It's best done by redirecting his http requests to a page with information telling to pay in order to get reconnected. You can do it with a simple destination NAT rule that captures all http requests from a specific address and sends them to a server with webpage telling to pay the bill. However, it's quite easy to make this using the HotSpot feature of RouterOS. Please note that this don't work with PPPoE connections.</div>
<div style="background-color: white; color: #252525; font-family: sans-serif; font-size: 14px; line-height: inherit; margin-bottom: 0.5em; margin-top: 0.5em;">
To make this setup, you should have Hotspot package enabled on the RouterOS. This example will cover how to block customer's computer. When he tries to open a webpage he would be redirected to the hotspot page which will contain info that he hasn't paid the bill for the Internet access. Your router should have already been configured and working (customer should have access to the Internet), you should have the DNS server specified in the router.</div>
<div style="background-color: white; color: #252525; font-family: sans-serif; font-size: 14px; line-height: inherit; margin-bottom: 0.5em; margin-top: 0.5em;">
First you should edit the Hotspot login.html page with the text that contains information that will be shown to the customers who haven't paid their bills. It could be something like this: "Service not available, please pay the bill and contact us by phone to get reconnected</div>
<div style="background-color: white; color: #252525; font-family: sans-serif; font-size: 14px; line-height: inherit; margin-bottom: 0.5em; margin-top: 0.5em;">
Next, add an ip-binding rule that will allow all customers to bypass the hotspot page. It is done using such a command:</div>
<pre style="background: rgba(255, 255, 238, 0.7); border-radius: 5px; border: 1px solid rgb(170, 170, 170); box-shadow: rgb(192, 192, 192) 0px 0px 12px; font-family: monospace, Courier; font-size: 14px; line-height: 1.3em; margin-left: 20px; padding: 1em; width: 997.266px;">/ip hotspot ip-binding add type=bypassed address=0.0.0.0/0 \
comment="bypass the hotspot for all the paying customers"
</pre>
<div style="background-color: white; color: #252525; font-family: sans-serif; font-size: 14px; line-height: inherit; margin-bottom: 0.5em; margin-top: 0.5em;">
After that add the Hotspot server on the interface where your clients are connected. It can be done using such command:</div>
<pre style="background: rgba(255, 255, 238, 0.7); border-radius: 5px; border: 1px solid rgb(170, 170, 170); box-shadow: rgb(192, 192, 192) 0px 0px 12px; font-family: monospace, Courier; font-size: 14px; line-height: 1.3em; margin-left: 20px; padding: 1em; width: 997.266px;">/ip hotspot add interface=local disabled=no
</pre>
<div style="background-color: white; color: #252525; font-family: sans-serif; font-size: 14px; line-height: inherit; margin-bottom: 0.5em; margin-top: 0.5em;">
Now you can add ip-binding rules for the customers that haven't paid their bill. You can match them by IP address or MAC address. Here is an example using MAC address:</div>
<pre style="background: rgba(255, 255, 238, 0.7); border-radius: 5px; border: 1px solid rgb(170, 170, 170); box-shadow: rgb(192, 192, 192) 0px 0px 12px; font-family: monospace, Courier; font-size: 14px; line-height: 1.3em; margin-left: 20px; padding: 1em; width: 997.266px;">/ip hotspot ip-binding add mac-address=00:0C:42:00:00:90 type=regular comment "Non paying client 1"
</pre>
<div style="background-color: white; color: #252525; font-family: sans-serif; font-size: 14px; line-height: inherit; margin-bottom: 0.5em; margin-top: 0.5em;">
Now we have such configuration:</div>
<pre style="background: rgba(255, 255, 238, 0.7); border-radius: 5px; border: 1px solid rgb(170, 170, 170); box-shadow: rgb(192, 192, 192) 0px 0px 12px; font-family: monospace, Courier; font-size: 14px; line-height: 1.3em; margin-left: 20px; padding: 1em; width: 997.266px;">[admin@MikroTik] ip hotspot ip-binding> print
Flags: X - disabled, P - bypassed, B - blocked
# MAC-ADDRESS ADDRESS TO-ADDRESS SERVER
0 P ;;; bypass the hotspot for all the paying customers
0.0.0.0/0
1 ;;; Non paying client 1
00:0C:42:00:00:90
</pre>
<div style="background-color: white; color: #252525; font-family: sans-serif; font-size: 14px; line-height: inherit; margin-bottom: 0.5em; margin-top: 0.5em;">
There is one more step to make it work, you should change the order of these rules, the first rule should be above the bypass rule so it could be processed. You can move it using move command:</div>
<pre style="background: rgba(255, 255, 238, 0.7); border-radius: 5px; border: 1px solid rgb(170, 170, 170); box-shadow: rgb(192, 192, 192) 0px 0px 12px; font-family: monospace, Courier; font-size: 14px; line-height: 1.3em; margin-left: 20px; padding: 1em; width: 997.266px;">[admin@MikroTik] ip hotspot ip-binding> move 1 0
</pre>
<div style="background-color: white; color: #252525; font-family: sans-serif; font-size: 14px; line-height: inherit; margin-bottom: 0.5em; margin-top: 0.5em;">
Now the ip-binding configuration should look like this:</div>
<pre style="background: rgba(255, 255, 238, 0.7); border-radius: 5px; border: 1px solid rgb(170, 170, 170); box-shadow: rgb(192, 192, 192) 0px 0px 12px; font-family: monospace, Courier; font-size: 14px; line-height: 1.3em; margin-left: 20px; padding: 1em; width: 997.266px;">[admin@MikroTik] ip hotspot ip-binding> print
Flags: X - disabled, P - bypassed, B - blocked
# MAC-ADDRESS ADDRESS TO-ADDRESS SERVER
0 ;;; Non paying client 1
00:0C:42:00:00:90
1 P ;;; bypass the hotspot for all the paying customers
0.0.0.0/0
</pre>
<div style="background-color: white; color: #252525; font-family: sans-serif; font-size: 14px; line-height: inherit; margin-bottom: 0.5em; margin-top: 0.5em;">
If the customers can pay their bill using internet you can modify the login.html by adding some links to clients bank web-page where they can pay their bill. After you add these links in the login page you should also add them in the hotspot configuration so the blocked customer could access that page. This can be done in the 'ip hotspot walled-garden ip' menu. Here is an example:</div>
<pre style="background: rgba(255, 255, 238, 0.7); border-radius: 5px; border: 1px solid rgb(170, 170, 170); box-shadow: rgb(192, 192, 192) 0px 0px 12px; font-family: monospace, Courier; font-size: 14px; line-height: 1.3em; margin-left: 20px; padding: 1em; width: 997.266px;">/ip hotspot walled-garden ip add dst-host=www.paypal.com</pre>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-6115362802977364571.post-30624134963929320402017-08-05T07:23:00.001-07:002017-08-05T07:23:21.794-07:00DoS attack protection<div class="separator" style="clear: both; text-align: center;">
<a href="http://img.deusm.com/darkreading/2016/08/1326754/01-ddos.jpeg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://img.deusm.com/darkreading/2016/08/1326754/01-ddos.jpeg" data-original-height="326" data-original-width="489" height="213" width="320" /></a></div>
<h2 style="background: none rgb(255, 255, 255); border-bottom: 1px solid rgb(170, 170, 170); font-family: "Linux Libertine", Georgia, Times, serif; font-weight: normal; line-height: 1.3; margin: 1em 0px 0.25em; overflow: hidden; padding: 0px;">
<br /></h2>
<h2 style="background: none rgb(255, 255, 255); border-bottom: 1px solid rgb(170, 170, 170); font-family: "Linux Libertine", Georgia, Times, serif; font-weight: normal; line-height: 1.3; margin: 1em 0px 0.25em; overflow: hidden; padding: 0px;">
In general</h2>
<div style="background-color: white; color: #252525; font-family: sans-serif; font-size: 14px; line-height: inherit; margin-bottom: 0.5em; margin-top: 0.5em;">
DoS (Denial of Service) attack can cause overloading of a router. Which means that the CPU usage goes to 100% and router can become unreachable with timeouts. All operations on packets which can take significant CPU power like firewalling (filter, NAT, mangle), logging, queues can cause overloading if too many packets per second arrives at the router.</div>
<div style="background-color: white; color: #252525; font-family: sans-serif; font-size: 14px; line-height: inherit; margin-bottom: 0.5em; margin-top: 0.5em;">
Generally there is no perfect solution to protect against DoS attacks. Every service can become overloaded by too many requests. But there are some methods for minimising the impact of an attack.</div>
<ul style="background-color: white; color: #252525; font-family: sans-serif; font-size: 14px; line-height: 1.5em; list-style-image: url("data:image/png; margin: 0.3em 0px 0px 1.6em; padding: 0px;">
<li style="margin-bottom: 0.1em;">Get a more powerful router or server</li>
<li style="margin-bottom: 0.1em;">Get a more faster uplink</li>
<li style="margin-bottom: 0.1em;">Reduce the number of firewall rules, queues and other packet handling actions</li>
<li style="margin-bottom: 0.1em;">Track attack path and block it closer to source (by upstream provider)</li>
</ul>
<h2 style="background: none rgb(255, 255, 255); border-bottom: 1px solid rgb(170, 170, 170); font-family: "Linux Libertine", Georgia, Times, serif; font-weight: normal; line-height: 1.3; margin: 1em 0px 0.25em; overflow: hidden; padding: 0px;">
<span class="mw-headline" id="Types">Types</span></h2>
<h3 style="background: none rgb(255, 255, 255); border-bottom: none; font-family: sans-serif; line-height: 1.6; margin: 0.3em 0px 0px; overflow: hidden; padding-bottom: 0px; padding-top: 0.5em;">
<span class="mw-headline" id="TCP_SYN_flood">TCP SYN flood</span></h3>
<div style="background-color: white; color: #252525; font-family: sans-serif; font-size: 14px; line-height: inherit; margin-bottom: 0.5em; margin-top: 0.5em;">
More info: <a class="external text" href="http://en.wikipedia.org/wiki/SYN_flood" rel="nofollow" style="background: linear-gradient(transparent, transparent) right center no-repeat, url("data:image/svg+xml; color: #663366; padding-right: 13px; text-decoration-line: none;">SYN flood</a>.</div>
<h4 style="background: none rgb(255, 255, 255); border-bottom: none; font-family: sans-serif; font-size: 14px; line-height: 1.6; margin: 0.3em 0px 0px; overflow: hidden; padding-bottom: 0px; padding-top: 0.5em;">
<span class="mw-headline" id="Diagnose">Diagnose</span></h4>
<ul style="background-color: white; color: #252525; font-family: sans-serif; font-size: 14px; line-height: 1.5em; list-style-image: url("data:image/png; margin: 0.3em 0px 0px 1.6em; padding: 0px;">
<li style="margin-bottom: 0.1em;">Are there too many connections with syn-sent state present?</li>
</ul>
<pre style="background: rgba(255, 255, 238, 0.7); border-radius: 5px; border: 1px solid rgb(170, 170, 170); box-shadow: rgb(192, 192, 192) 0px 0px 12px; font-family: monospace, Courier; font-size: 14px; line-height: 1.3em; margin-left: 20px; padding: 1em; width: 997.266px;">/ip firewall connection print</pre>
<ul style="background-color: white; color: #252525; font-family: sans-serif; font-size: 14px; line-height: 1.5em; list-style-image: url("data:image/png; margin: 0.3em 0px 0px 1.6em; padding: 0px;">
<li style="margin-bottom: 0.1em;">Are there too many packets per second going through any interface?</li>
</ul>
<pre style="background: rgba(255, 255, 238, 0.7); border-radius: 5px; border: 1px solid rgb(170, 170, 170); box-shadow: rgb(192, 192, 192) 0px 0px 12px; font-family: monospace, Courier; font-size: 14px; line-height: 1.3em; margin-left: 20px; padding: 1em; width: 997.266px;">/interface monitor-traffic ether3</pre>
<ul style="background-color: white; color: #252525; font-family: sans-serif; font-size: 14px; line-height: 1.5em; list-style-image: url("data:image/png; margin: 0.3em 0px 0px 1.6em; padding: 0px;">
<li style="margin-bottom: 0.1em;">Is CPU usage 100%?</li>
</ul>
<pre style="background: rgba(255, 255, 238, 0.7); border-radius: 5px; border: 1px solid rgb(170, 170, 170); box-shadow: rgb(192, 192, 192) 0px 0px 12px; font-family: monospace, Courier; font-size: 14px; line-height: 1.3em; margin-left: 20px; padding: 1em; width: 997.266px;">/system resource monitor</pre>
<ul style="background-color: white; color: #252525; font-family: sans-serif; font-size: 14px; line-height: 1.5em; list-style-image: url("data:image/png; margin: 0.3em 0px 0px 1.6em; padding: 0px;">
<li style="margin-bottom: 0.1em;">Are there too many suspicious connections?</li>
</ul>
<pre style="background: rgba(255, 255, 238, 0.7); border-radius: 5px; border: 1px solid rgb(170, 170, 170); box-shadow: rgb(192, 192, 192) 0px 0px 12px; font-family: monospace, Courier; font-size: 14px; line-height: 1.3em; margin-left: 20px; padding: 1em; width: 997.266px;">/tool torch</pre>
<h4 style="background: none rgb(255, 255, 255); border-bottom: none; font-family: sans-serif; font-size: 14px; line-height: 1.6; margin: 0.3em 0px 0px; overflow: hidden; padding-bottom: 0px; padding-top: 0.5em;">
<span class="mw-headline" id="Protection">Protection</span></h4>
<ul style="background-color: white; color: #252525; font-family: sans-serif; font-size: 14px; line-height: 1.5em; list-style-image: url("data:image/png; margin: 0.3em 0px 0px 1.6em; padding: 0px;">
<li style="margin-bottom: 0.1em;">Limit incoming connections</li>
</ul>
<div style="background-color: white; color: #252525; font-family: sans-serif; font-size: 14px; line-height: inherit; margin-bottom: 0.5em; margin-top: 0.5em;">
An IP address with too many connections can be added to a 'black-list' type address list for further blocking.</div>
<pre style="background: rgba(255, 255, 238, 0.7); border-radius: 5px; border: 1px solid rgb(170, 170, 170); box-shadow: rgb(192, 192, 192) 0px 0px 12px; font-family: monospace, Courier; font-size: 14px; line-height: 1.3em; margin-left: 20px; padding: 1em; width: 997.266px;">/ip firewall filter add chain=input protocol=tcp connection-limit=LIMIT,32 \
action=add-src-to-address-list address-list=blocked-addr address-list-timeout=1d </pre>
<div style="background-color: white; color: #252525; font-family: sans-serif; font-size: 14px; line-height: inherit; margin-bottom: 0.5em; margin-top: 0.5em;">
where LIMIT is the max. number of connection per IP. LIMIT should be a value of 100 or even higher as many services use multiple connection (HTTP, Torrent, other P2P programs).</div>
<ul style="background-color: white; color: #252525; font-family: sans-serif; font-size: 14px; line-height: 1.5em; list-style-image: url("data:image/png; margin: 0.3em 0px 0px 1.6em; padding: 0px;">
<li style="margin-bottom: 0.1em;">Action tarpit</li>
</ul>
<div style="background-color: white; color: #252525; font-family: sans-serif; font-size: 14px; line-height: inherit; margin-bottom: 0.5em; margin-top: 0.5em;">
Instead of simply dropping attacker's packets (with 'action=drop') router can capture and hold connections and with a powerful enough router it can slow the attacker down.</div>
<pre style="background: rgba(255, 255, 238, 0.7); border-radius: 5px; border: 1px solid rgb(170, 170, 170); box-shadow: rgb(192, 192, 192) 0px 0px 12px; font-family: monospace, Courier; font-size: 14px; line-height: 1.3em; margin-left: 20px; padding: 1em; width: 997.266px;">/ip firewall filter add chain=input protocol=tcp src-address-list=blocked-addr \
connection-limit=3,32 action=tarpit </pre>
<ul style="background-color: white; color: #252525; font-family: sans-serif; font-size: 14px; line-height: 1.5em; list-style-image: url("data:image/png; margin: 0.3em 0px 0px 1.6em; padding: 0px;">
<li style="margin-bottom: 0.1em;">SYN filtering</li>
</ul>
<div style="background-color: white; color: #252525; font-family: sans-serif; font-size: 14px; line-height: inherit; margin-bottom: 0.5em; margin-top: 0.5em;">
Some advanced filtering can by applied to tcp packet state.</div>
<pre style="background: rgba(255, 255, 238, 0.7); border-radius: 5px; border: 1px solid rgb(170, 170, 170); box-shadow: rgb(192, 192, 192) 0px 0px 12px; font-family: monospace, Courier; font-size: 14px; line-height: 1.3em; margin-left: 20px; padding: 1em; width: 997.266px;">/ip firewall filter add chain=forward protocol=tcp tcp-flags=syn connection-state=new \
action=jump jump-target=SYN-Protect comment="SYN Flood protect" disabled=yes
/ip firewall filter add chain=SYN-Protect protocol=tcp tcp-flags=syn limit=400,5 connection-state=new \
action=accept comment="" disabled=no
/ip firewall filter add chain=SYN-Protect protocol=tcp tcp-flags=syn connection-state=new \
action=drop comment="" disabled=no</pre>
<div style="background-color: white; color: #252525; font-family: sans-serif; font-size: 14px; line-height: inherit; margin-bottom: 0.5em; margin-top: 0.5em;">
'syn limit=400' is a threshold, just enable rule in forward chain for syn packets to get dropped (for excessive amount of new connections)</div>
<ul style="background-color: white; color: #252525; font-family: sans-serif; font-size: 14px; line-height: 1.5em; list-style-image: url("data:image/png; margin: 0.3em 0px 0px 1.6em; padding: 0px;">
<li style="margin-bottom: 0.1em;">SYN cookies</li>
</ul>
<div style="background-color: white; color: #252525; font-family: sans-serif; font-size: 14px; line-height: inherit; margin-bottom: 0.5em; margin-top: 0.5em;">
More info: <a class="external text" href="http://en.wikipedia.org/wiki/SYN_cookies" rel="nofollow" style="background: linear-gradient(transparent, transparent) right center no-repeat, url("data:image/svg+xml; color: #663366; padding-right: 13px; text-decoration-line: none;">SYN cookies</a></div>
<div style="background-color: white; color: #252525; font-family: sans-serif; font-size: 14px; line-height: inherit; margin-bottom: 0.5em; margin-top: 0.5em;">
For v6.x:</div>
<pre style="background: rgba(255, 255, 238, 0.7); border-radius: 5px; border: 1px solid rgb(170, 170, 170); box-shadow: rgb(192, 192, 192) 0px 0px 12px; font-family: monospace, Courier; font-size: 14px; line-height: 1.3em; margin-left: 20px; padding: 1em; width: 997.266px;">/ip settings set tcp-syncookies=yes</pre>
<div style="background-color: white; color: #252525; font-family: sans-serif; font-size: 14px; line-height: inherit; margin-bottom: 0.5em; margin-top: 0.5em;">
For older RouterOS versions:</div>
<pre style="background: rgba(255, 255, 238, 0.7); border-radius: 5px; border: 1px solid rgb(170, 170, 170); box-shadow: rgb(192, 192, 192) 0px 0px 12px; font-family: monospace, Courier; font-size: 14px; line-height: 1.3em; margin-left: 20px; padding: 1em; width: 997.266px;">/ip firewall connection tracking set tcp-syncookie=yes</pre>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-6115362802977364571.post-56799108407793326252017-08-05T07:20:00.002-07:002017-08-05T07:20:48.746-07:00How to Detect and Block Hotspot Shield program traffic(openvpn application)<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://www.packtpub.com/sites/default/files/Article-Images/7720OS_12_13.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="325" data-original-width="500" height="208" src="https://www.packtpub.com/sites/default/files/Article-Images/7720OS_12_13.png" width="320" /></a></div>
<div style="background-color: white; color: #252525; font-family: sans-serif; font-size: 14px; line-height: inherit; margin-bottom: 0.5em; margin-top: 0.5em;">
<br /></div>
<div style="background-color: white; color: #252525; font-family: sans-serif; font-size: 14px; line-height: inherit; margin-bottom: 0.5em; margin-top: 0.5em;">
<br /></div>
<div style="background-color: white; color: #252525; font-family: sans-serif; font-size: 14px; line-height: inherit; margin-bottom: 0.5em; margin-top: 0.5em;">
Some companies and organizations has its own security policy , sometimes they use OPENDNS addresses in order to prevent users in these companies and organization from accessing certain web sites .But there are many PROXY and VPN client programs that can help you bypass these policies and one of the most famous and fastest VPN client program is Hotspot-Shield , it is free program and easy to install and use so keep in your mind that this kind of prgrams doesn't use specific TCP ,UDP ports to establish VPN connection with different VPN server around the world so it do port hopping and it is use a well known port number to communicate with VPN server which is 443 as its destination port address , i have tried to block with TCP or UDP port addresses also when i block 443 it can not establish connection with VPN server. i have tried to block it using OPENDNS but no way after searching in many web sites i found that i can block this program if i have a digital signature for it but i don't have . also i found we can match on connection with tcp port 80 content 127.0.0.1:895 in order to see the traffic that program send it .although that we can match the traffic but we can not block it</div>
<div style="background-color: white; color: #252525; font-family: sans-serif; font-size: 14px; line-height: inherit; margin-bottom: 0.5em; margin-top: 0.5em;">
if you want to block this traffic in mikrotik v3.30 you have to add these rules into mangle and firewall</div>
<div style="background-color: white; color: #252525; font-family: sans-serif; font-size: 14px; line-height: inherit; margin-bottom: 0.5em; margin-top: 0.5em;">
mangle rules</div>
<pre style="background: rgba(255, 255, 238, 0.7); border-radius: 5px; border: 1px solid rgb(170, 170, 170); box-shadow: rgb(192, 192, 192) 0px 0px 12px; font-family: monospace, Courier; font-size: 14px; line-height: 1.3em; margin-left: 20px; padding: 1em; width: 997.266px;"> ip firewall mangle
add action=add-dst-to-address-list address-list=WhiteList \
address-list-timeout=4w2d chain=prerouting comment=WhiteList content=\
!127.0.0.1:895 disabled=no dst-port=80 protocol=tcp
add action=add-src-to-address-list address-list=HotSpotShieldUsers \
address-list-timeout=1h chain=prerouting comment=HotSpotShieldUsers \
content=127.0.0.1:895 disabled=no dst-port=80 protocol=tcp
add action=add-dst-to-address-list address-list=WhiteList \
address-list-timeout=4w2d chain=prerouting comment=WhiteList content=\
!127.0.0.1:895 disabled=no dst-port=443 protocol=tcp
</pre>
<div style="background-color: white; color: #252525; font-family: sans-serif; font-size: 14px; line-height: inherit; margin-bottom: 0.5em; margin-top: 0.5em;">
<br /></div>
<div style="background-color: white; color: #252525; font-family: sans-serif; font-size: 14px; line-height: inherit; margin-bottom: 0.5em; margin-top: 0.5em;">
firewall rules</div>
<pre style="background: rgba(255, 255, 238, 0.7); border-radius: 5px; border: 1px solid rgb(170, 170, 170); box-shadow: rgb(192, 192, 192) 0px 0px 12px; font-family: monospace, Courier; font-size: 14px; line-height: 1.3em; margin-left: 20px; padding: 1em; width: 997.266px;"> ip firewall filter
add action=log chain=forward comment="Allow WhiteLists" disabled=no \
dst-address-list=WhiteList log-prefix=WhiteLists
add action=accept chain=forward comment="" disabled=no dst-address-list=\
WhiteList
add action=log chain=forward comment="\"Block HotSpot Shield\"" disabled=no \
log-prefix=HotSpotShield src-address-list=HotSpotShieldUsers
add action=drop chain=forward comment="\"Block HotSpot Shield\"" disabled=no \
src-address-list=HotSpotShieldUsers
</pre>
<div style="background-color: white; color: #252525; font-family: sans-serif; font-size: 14px; line-height: inherit; margin-bottom: 0.5em; margin-top: 0.5em;">
Note: if you use only these rules in firewall filter and mangle you will block all traffic from users that are using hotspot shield but if you want to block only traffic that belongs to hotspot shield and allowing users that are using this program to access the internet but not through hotspot shield program ,in order to do this you have to use these extra rules in DNS and DHCP i am using opendns , also you can use any other dns server addresses</div>
<div style="background-color: white; color: #252525; font-family: sans-serif; font-size: 14px; line-height: inherit; margin-bottom: 0.5em; margin-top: 0.5em;">
use opendns server addresses</div>
<pre style="background: rgba(255, 255, 238, 0.7); border-radius: 5px; border: 1px solid rgb(170, 170, 170); box-shadow: rgb(192, 192, 192) 0px 0px 12px; font-family: monospace, Courier; font-size: 14px; line-height: 1.3em; margin-left: 20px; padding: 1em; width: 997.266px;"> ip dns
set allow-remote-requests=yes cache-max-ttl=1w cache-size=2048KiB \
max-udp-packet-size=512 primary-dns=208.67.222.222 secondary-dns=\
208.67.220.220
</pre>
<div style="background-color: white; color: #252525; font-family: sans-serif; font-size: 14px; line-height: inherit; margin-bottom: 0.5em; margin-top: 0.5em;">
you have to Make your Mikrotik router(DNS Relay) as DNS server for your Customers in DHCP</div>
<pre style="background: rgba(255, 255, 238, 0.7); border-radius: 5px; border: 1px solid rgb(170, 170, 170); box-shadow: rgb(192, 192, 192) 0px 0px 12px; font-family: monospace, Courier; font-size: 14px; line-height: 1.3em; margin-left: 20px; padding: 1em; width: 997.266px;"> ip dhcp-server
add address-pool=dhcp_pool1 authoritative=after-2sec-delay bootp-support=\
static disabled=no interface=LAN lease-time=3d name=dhcp1
/ip dhcp-server config
set store-leases-disk=5m
/ip dhcp-server network
add address=192.168.117.0/24 comment="" dns-server=192.168.117.200 gateway=\
192.168.117.200
</pre>
<div style="background-color: white; color: #252525; font-family: sans-serif; font-size: 14px; line-height: inherit; margin-bottom: 0.5em; margin-top: 0.5em;">
DNS server for users in my network is 192.168.117.200</div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-6115362802977364571.post-28523996705676375992017-08-05T07:15:00.002-07:002017-08-05T07:17:32.589-07:00How to Detect and Block TOR Browser traffic<div style="background-color: white; color: #252525; font-family: sans-serif; font-size: 14px; line-height: inherit; margin-bottom: 0.5em; margin-top: 0.5em;">
<div class="separator" style="clear: both; text-align: center;">
</div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://i.f1g.fr/media/ext/805x453_crop/www.lefigaro.fr/medias/2014/12/24/PHOae671f0e-8abf-11e4-b2ac-602afd021a91-805x453.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://i.f1g.fr/media/ext/805x453_crop/www.lefigaro.fr/medias/2014/12/24/PHOae671f0e-8abf-11e4-b2ac-602afd021a91-805x453.jpg" data-original-height="450" data-original-width="800" height="180" width="320" /></a></div>
<br />
HI everyone , i wish everything going well , today we going to know how to block TOR browser</div>
<div style="background-color: white; color: #252525; font-family: sans-serif; font-size: 14px; line-height: inherit; margin-bottom: 0.5em; margin-top: 0.5em;">
Tor is free software and an open network that helps you defend against a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships</div>
<div style="background-color: white; color: #252525; font-family: sans-serif; font-size: 14px; line-height: inherit; margin-bottom: 0.5em; margin-top: 0.5em;">
or protects you by bouncing your communications around a distributed network of relays run by volunteers all around the world: it prevents somebody watching your Internet connection from learning what sites you visit, and it prevents the sites you visit from learning your physical location. Tor works with many of your existing applications, including web browsers, instant messaging clients, remote login, and other applications based on the TCP protocol.</div>
<div style="background-color: white; color: #252525; font-family: sans-serif; font-size: 14px; line-height: inherit; margin-bottom: 0.5em; margin-top: 0.5em;">
you can downlaod TOR browser from the following link <a class="external autonumber" href="https://www.torproject.org/dist/torbrowser/tor-browser-2.2.33-3_en-US.exe" rel="nofollow" style="background: linear-gradient(transparent, transparent) right center no-repeat, url("data:image/svg+xml; color: #663366; padding-right: 13px; text-decoration-line: none;">[1]</a></div>
<div style="background-color: white; color: #252525; font-family: sans-serif; font-size: 14px; line-height: inherit; margin-bottom: 0.5em; margin-top: 0.5em;">
after discovering which destination this TOR browser is trying to connect to , we made a list with and and we added it in firewall address list</div>
<pre style="background: rgba(255, 255, 238, 0.7); border-radius: 5px; border: 1px solid rgb(170, 170, 170); box-shadow: rgb(192, 192, 192) 0px 0px 12px; font-family: monospace, Courier; font-size: 14px; line-height: 1.3em; margin-left: 20px; padding: 1em; width: 997.266px;"> ip firewall address-list
add address=98.206.110.253 comment="" disabled=no list=TOR-SERVERS
add address=80.237.226.75 comment="" disabled=no list=TOR-SERVERS
add address=199.48.147.35 comment="" disabled=no list=TOR-SERVERS
add address=173.254.192.37 comment="" disabled=no list=TOR-SERVERS
add address=88.198.35.251 comment="" disabled=no list=TOR-SERVERS
add address=77.247.181.164 comment="" disabled=no list=TOR-SERVERS
add address=173.254.192.38 comment="" disabled=no list=TOR-SERVERS
add address=192.251.226.205 comment="" disabled=no list=TOR-SERVERS
add address=85.112.165.71 comment="" disabled=no list=TOR-SERVERS
add address=76.73.48.211 comment="" disabled=no list=TOR-SERVERS
add address=217.115.137.222 comment="" disabled=no list=TOR-SERVERS
add address=76.73.48.210 comment="" disabled=no list=TOR-SERVERS
add address=199.48.147.41 comment="" disabled=no list=TOR-SERVERS
add address=83.142.228.14 comment="" disabled=no list=TOR-SERVERS
add address=77.247.181.163 comment="" disabled=no list=TOR-SERVERS
add address=188.138.82.143 comment="" disabled=no list=TOR-SERVERS
add address=77.247.181.165 comment="" disabled=no list=TOR-SERVERS
add address=184.172.20.159 comment="" disabled=no list=TOR-SERVERS
add address=199.48.147.38 comment="" disabled=no list=TOR-SERVERS
add address=173.254.192.36 comment="" disabled=no list=TOR-SERVERS
add address=87.225.253.174 comment="" disabled=no list=TOR-SERVERS
add address=216.17.108.63 comment="" disabled=no list=TOR-SERVERS
add address=137.56.163.46 comment="" disabled=no list=TOR-SERVERS
add address=199.48.147.36 comment="" disabled=no list=TOR-SERVERS
add address=204.45.133.189 comment="" disabled=no list=TOR-SERVERS
add address=91.143.81.16 comment="" disabled=no list=TOR-SERVERS
add address=85.228.194.157 comment="" disabled=no list=TOR-SERVERS
add address=213.103.195.84 comment="" disabled=no list=TOR-SERVERS
add address=137.56.163.64 comment="" disabled=no list=TOR-SERVERS
add address=82.94.251.204 comment="" disabled=no list=TOR-SERVERS
add address=199.48.147.40 comment="" disabled=no list=TOR-SERVERS
add address=195.242.152.250 comment="" disabled=no list=TOR-SERVERS
add address=74.120.13.132 comment="" disabled=no list=TOR-SERVERS
add address=62.220.135.129 comment="" disabled=no list=TOR-SERVERS
add address=204.8.156.142 comment="" disabled=no list=TOR-SERVERS
add address=199.48.147.46 comment="" disabled=no list=TOR-SERVERS
add address=68.169.35.41 comment="" disabled=no list=TOR-SERVERS
add address=94.75.215.53 comment="" disabled=no list=TOR-SERVERS
add address=85.17.97.19 comment="" disabled=no list=TOR-SERVERS
add address=74.120.12.135 comment="" disabled=no list=TOR-SERVERS
add address=87.225.253.173 comment="" disabled=no list=TOR-SERVERS
add address=199.48.147.42 comment="" disabled=no list=TOR-SERVERS
add address=91.143.90.155 comment="" disabled=no list=TOR-SERVERS
add address=38.229.70.42 comment="" disabled=no list=TOR-SERVERS
add address=188.72.225.172 comment="" disabled=no list=TOR-SERVERS
add address=188.40.41.115 comment="" disabled=no list=TOR-SERVERS
add address=87.118.104.203 comment="" disabled=no list=TOR-SERVERS
add address=62.141.58.13 comment="" disabled=no list=TOR-SERVERS
add address=199.48.147.39 comment="" disabled=no list=TOR-SERVERS
add address=93.11.116.22 comment="" disabled=no list=TOR-SERVERS
add address=96.236.44.173 comment="" disabled=no list=TOR-SERVERS
add address=76.73.85.122 comment="" disabled=no list=TOR-SERVERS
add address=199.48.147.37 comment="" disabled=no list=TOR-SERVERS
add address=188.104.135.148 comment="" disabled=no list=TOR-SERVERS
add address=188.40.51.232 comment="" disabled=no list=TOR-SERVERS
add address=188.40.32.154 comment="" disabled=no list=TOR-SERVERS
add address=178.162.166.13 comment="" disabled=no list=TOR-SERVERS
add address=178.63.16.48 comment="" disabled=no list=TOR-SERVERS
add address=83.169.0.7 comment="" disabled=no list=TOR-SERVERS
add address=38.229.70.47 comment="" disabled=no list=TOR-SERVERS
add address=38.229.70.34 comment="" disabled=no list=TOR-SERVERS
add address=109.201.131.11 comment="" disabled=no list=TOR-SERVERS
add address=38.229.70.33 comment="" disabled=no list=TOR-SERVERS
add address=38.229.70.32 comment="" disabled=no list=TOR-SERVERS
add address=38.229.70.31 comment="" disabled=no list=TOR-SERVERS
add address=38.229.70.37 comment="" disabled=no list=TOR-SERVERS
add address=38.229.70.46 comment="" disabled=no list=TOR-SERVERS
add address=38.229.70.51 comment="" disabled=no list=TOR-SERVERS
add address=38.229.70.52 comment="" disabled=no list=TOR-SERVERS
add address=38.229.70.53 comment="" disabled=no list=TOR-SERVERS
add address=38.229.70.54 comment="" disabled=no list=TOR-SERVERS
add address=68.169.35.42 comment="" disabled=no list=TOR-SERVERS
add address=74.120.12.140 comment="" disabled=no list=TOR-SERVERS
add address=74.120.12.131 comment="" disabled=no list=TOR-SERVERS
add address=74.120.12.130 comment="" disabled=no list=TOR-SERVERS
add address=74.120.12.129 comment="" disabled=no list=TOR-SERVERS
add address=76.73.85.123 comment="" disabled=no list=TOR-SERVERS
add address=76.73.85.124 comment="" disabled=no list=TOR-SERVERS
add address=76.73.85.125 comment="" disabled=no list=TOR-SERVERS
add address=76.73.85.126 comment="" disabled=no list=TOR-SERVERS
add address=80.237.226.72 comment="" disabled=no list=TOR-SERVERS
add address=80.237.226.73 comment="" disabled=no list=TOR-SERVERS
add address=80.237.226.74 comment="" disabled=no list=TOR-SERVERS
add address=80.237.226.76 comment="" disabled=no list=TOR-SERVERS
add address=80.237.226.77 comment="" disabled=no list=TOR-SERVERS
add address=80.237.226.78 comment="" disabled=no list=TOR-SERVERS
add address=80.237.226.79 comment="" disabled=no list=TOR-SERVERS
add address=82.94.251.206 comment="" disabled=no list=TOR-SERVERS
add address=87.225.253.172 comment="" disabled=no list=TOR-SERVERS
add address=173.254.216.67 comment="" disabled=no list=TOR-SERVERS
add address=192.251.226.204 comment="" disabled=no list=TOR-SERVERS
add address=193.23.244.0/24 comment="" disabled=no list=TOR-SERVERS
add address=199.48.147.34 comment="" disabled=no list=TOR-SERVERS
add address=199.48.147.43 comment="" disabled=no list=TOR-SERVERS
add address=199.48.147.44 comment="" disabled=no list=TOR-SERVERS
add address=199.48.147.45 comment="" disabled=no list=TOR-SERVERS
add address=217.115.137.220 comment="" disabled=no list=TOR-SERVERS
add address=217.115.137.219 comment="" disabled=no list=TOR-SERVERS
add address=66.230.230.230 comment="" disabled=no list=TOR-SERVERS
add address=173.254.216.69 comment="" disabled=no list=TOR-SERVERS
add address=91.208.34.12 comment="" disabled=no list=TOR-SERVERS
add address=188.40.172.119 comment="" disabled=no list=TOR-SERVERS
</pre>
<div style="background-color: white; color: #252525; font-family: sans-serif; font-size: 14px; line-height: inherit; margin-bottom: 0.5em; margin-top: 0.5em;">
we note also that TOR browser is using port 22 and 443</div>
<div style="background-color: white; color: #252525; font-family: sans-serif; font-size: 14px; line-height: inherit; margin-bottom: 0.5em; margin-top: 0.5em;">
so now we can match on users that is using TOR browser by the following rules</div>
<div style="background-color: white; color: #252525; font-family: sans-serif; font-size: 14px; line-height: inherit; margin-bottom: 0.5em; margin-top: 0.5em;">
<br /></div>
<pre style="background: rgba(255, 255, 238, 0.7); border-radius: 5px; border: 1px solid rgb(170, 170, 170); box-shadow: rgb(192, 192, 192) 0px 0px 12px; font-family: monospace, Courier; font-size: 14px; line-height: 1.3em; margin-left: 20px; padding: 1em; width: 997.266px;"> ip firewall mangle
add action=add-src-to-address-list address-list="New Tor-Users" \
address-list-timeout=5m chain=prerouting comment="New Tor Version" \
disabled=no dst-port=22 protocol=tcp
add action=add-src-to-address-list address-list=Tor-Users \
address-list-timeout=5m chain=prerouting comment="Tor Users" disabled=no \
dst-address-list=TOR-SERVERS dst-port=443 protocol=tcp
</pre>
<div style="background-color: white; color: #252525; font-family: sans-serif; font-size: 14px; line-height: inherit; margin-bottom: 0.5em; margin-top: 0.5em;">
and then we can block all traffic that is coming from TOR users by the following rules</div>
<div style="background-color: white; color: #252525; font-family: sans-serif; font-size: 14px; line-height: inherit; margin-bottom: 0.5em; margin-top: 0.5em;">
<br /></div>
<pre style="background: rgba(255, 255, 238, 0.7); border-radius: 5px; border: 1px solid rgb(170, 170, 170); box-shadow: rgb(192, 192, 192) 0px 0px 12px; font-family: monospace, Courier; font-size: 14px; line-height: 1.3em; margin-left: 20px; padding: 1em; width: 997.266px;"> ip firewall filter
add action=drop chain=forward comment="Drop new TOR version" disabled=no \
src-address-list="New Tor-Users"
add action=drop chain=forward comment="Block TOR browser" disabled=no \
src-address-list=Tor-Users
</pre>
<div style="background-color: white; color: #252525; font-family: sans-serif; font-size: 14px; line-height: inherit; margin-bottom: 0.5em; margin-top: 0.5em;">
also note that these rules we have applied on Mikrotik ROS 3.30 only , but we think it may work out on newer versions</div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-6115362802977364571.post-57193389173438866912017-08-05T07:13:00.002-07:002017-08-05T07:13:45.831-07:00This Hacker Gets $ 20,000 After Finding the Gap in PornHub<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhswWZy00ZSZ_zQ8Rs5SWDuxvuNTenOWxuxf8iDgNYXM6SwHVT_FgJ8oaunwgcy45ot0Ws8qhvPvAkOWpEStBvJApjoOGQpbdcrdjF7w8FMq_eU3nnzg_IBNB8TUSb_kX3b-MuvwyYTRA/s1600/0a.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="191" data-original-width="275" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhswWZy00ZSZ_zQ8Rs5SWDuxvuNTenOWxuxf8iDgNYXM6SwHVT_FgJ8oaunwgcy45ot0Ws8qhvPvAkOWpEStBvJApjoOGQpbdcrdjF7w8FMq_eU3nnzg_IBNB8TUSb_kX3b-MuvwyYTRA/s1600/0a.jpg" /></a></div>
<br />
Previous news about Bug Bounty PornHub program can you read here:<br />
Pornhub Holds Bounty Bug Program With $ 25000 Reward<br />
Well on the 28th yesterday in HackerOne itself it has been confirmed that PornHub has received a report about the bug and its report status has been "closed". In the sense that the bug has also been closed of course.<br />
The inventors of the gap on the PornHub site are three security researchers: Dario Weißer (@haxonaut), cutz and Ruslan Habalov (@evonide).<br />
They found two fatal RCE slots using zero-day vulnerability in PHP, which is the programming language used by PornHub.<br />
The bug is attacking PHP version 5.3.<br />
For details you can read here:<br />
CVE-2016-5771<br />
CVE-2016-5773<br />
Through the gap hackers can access user information in PornHub, meluhat all source code in PornHub, even take over the server with root previleges.<br />
<br />
Upon finding the PHP zero-day bugs, in addition to PornHub who reward them for $ 20,000, the Internet Bug Bounty HackerOne also rewards $ 2000.<br />
<br />
For details on how the exploit works, they have written their writeup that you can see in the following link:<br />
Fuzzing Unserialize<br />
How we broke PHP, hacked Pornhub and earned $ 20,000<br />
<br />
Okay maybe so many articles this time, good afternoon.Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-6115362802977364571.post-41380889928762195682017-08-05T07:06:00.003-07:002017-08-05T07:06:37.920-07:00Finally Indonesia Officially Own Body Siber and Sandi Negara<div style="background-color: white; box-sizing: border-box; line-height: 24px; margin-bottom: 24px; text-align: justify;">
<span style="color: #222222; font-family: Verdana, Geneva, sans-serif;"><span style="font-size: 14px;">Finally Indonesia Officially Owns State Cyber and Sandi - With the consideration that the cybersecurity field is one of the areas of government that need to be encouraged and strengthened as an effort to increase national economic growth and realize national security, the government considers the need to set up the body by arranging the State Institution of Sandi into Badan Siber And Sandi Negara, to ensure the implementation of government policies and programs in the field of cybersecurity.</span></span></div>
<div style="background-color: white; box-sizing: border-box; color: #222222; font-family: Verdana, Geneva, sans-serif; font-size: 14px; line-height: 24px; margin-bottom: 24px; text-align: justify;">
<img alt="Badan Siber dan Sandi Negara" class="size-full wp-image-386 aligncenter td-animation-stack-type0-1" data-attachment-id="386" data-comments-opened="1" data-image-description="" data-image-meta="{"aperture":"0","credit":"","camera":"","caption":"","created_timestamp":"0","copyright":"","focal_length":"0","iso":"0","shutter_speed":"0","title":"","orientation":"0"}" data-image-title="cyber" data-large-file="https://i2.wp.com/news.linuxsec.org/wp-content/uploads/2017/06/cyber.jpg?fit=640%2C359&ssl=1" data-medium-file="https://i2.wp.com/news.linuxsec.org/wp-content/uploads/2017/06/cyber.jpg?fit=300%2C168&ssl=1" data-orig-file="https://i2.wp.com/news.linuxsec.org/wp-content/uploads/2017/06/cyber.jpg?fit=700%2C393&ssl=1" data-orig-size="700,393" data-permalink="https://news.linuxsec.org/badan-siber-dan-sandi-negara/cyber/" height="359" src="https://i2.wp.com/news.linuxsec.org/wp-content/uploads/2017/06/cyber.jpg?resize=640%2C359" style="border: 0px; box-sizing: border-box; clear: both; display: block; height: auto; margin: 6px auto 21px; max-width: 100%; text-align: center;" width="640" /></div>
<div style="background-color: white; box-sizing: border-box; line-height: 24px; margin-bottom: 24px; text-align: justify;">
<span style="color: #222222; font-family: Verdana, Geneva, sans-serif;"><span style="font-size: 14px;">On the basis of these considerations, the State Siber and Sandi Agency (BSSN) was formally established after the signing of Presidential Regulation No. 53 of 2017 by President Joko Widodo on May 19, 2017.</span></span></div>
<div style="background-color: white; box-sizing: border-box; line-height: 24px; margin-bottom: 24px; text-align: justify;">
<span style="color: #222222; font-family: Verdana, Geneva, sans-serif; font-size: 14px;">The Presidential Regulation states that the State Cyber and Codes Body, hereinafter referred to as BSSN, is a non-ministerial government institution, under and responsible to the President through ministers coordinating, synchronizing and controlling the administration of the government in the fields of politics, law and security .</span></div>
<div style="background-color: white; box-sizing: border-box; line-height: 24px; margin-bottom: 24px; text-align: justify;">
<span style="color: #222222; font-family: Verdana, Geneva, sans-serif; font-size: 14px;">"BSSN is headed by the Chief," reads Article 1 paragraph (3) of the Presidential Regulation.</span></div>
<div style="background-color: white; box-sizing: border-box; line-height: 24px; margin-bottom: 24px; text-align: justify;">
<span style="color: #222222; font-family: Verdana, Geneva, sans-serif; font-size: 14px;">According to this Presidential Regulation, BSS has the duty to implement cyber security effectively and efficiently by utilizing, developing, and consolidating all elements related to cybersecurity.</span></div>
<div style="background-color: white; box-sizing: border-box; line-height: 24px; margin-bottom: 24px; text-align: justify;">
<span style="color: #222222; font-family: Verdana, Geneva, sans-serif; font-size: 14px;">In the contents of the Perpres stipulated on May 19, 2017 by Joko Widodo (Jokowi), BSSN has the duty to implement cyber security effectively and efficiently by utilizing, developing and consolidating all elements related to cybersecurity.</span></div>
<div style="background-color: white; box-sizing: border-box; line-height: 24px; margin-bottom: 24px; text-align: justify;">
<span style="color: #222222; font-family: Verdana, Geneva, sans-serif; font-size: 14px;">In its task, in accordance with article 3, BSSN performs functions, such as:</span></div>
<div style="background-color: white; box-sizing: border-box; line-height: 24px; margin-bottom: 24px; text-align: justify;">
<span style="color: #222222; font-family: Verdana, Geneva, sans-serif; font-size: 14px;">Preparation of technical policies in the areas of identification, detection, protection, handling, recovery, monitoring, evaluation, control of e-commerce protection, coding, screening, cyber diplomacy. Cyber crisis management center, cybercontact contact center, information center, mitigation support, vulnerability recovery, cyber incidents and / or cyber attacks.</span></div>
<div style="background-color: white; box-sizing: border-box; line-height: 24px; margin-bottom: 24px; text-align: justify;">
<span style="color: #222222; font-family: Verdana, Geneva, sans-serif;"><span style="font-size: 14px;">Implementation of technical policy in the field of identification, detection, protection, response, recovery, monitoring, evaluation, control protection ecommerce, encryption, filtering, diplomacy Siber, crisis management center Siber, contact centers Siber, centers of information, support mitigation, recovery countermeasures vulnerabilities, incidents And / or cyber attacks.</span></span></div>
<div style="background-color: white; box-sizing: border-box; line-height: 24px; margin-bottom: 24px; text-align: justify;">
<span style="color: #222222; font-family: Verdana, Geneva, sans-serif;"><span style="font-size: 14px;">Monitoring and evaluation of the technical policy in the field of identification, detection, protection, response, recovery, monitoring, evaluation, control the protection of e-commerce, encryption, filtering, diplomacy Siber, center manqjemen crisis Siber, contact centers Siber, centers of information, support mitigation, recovery Prevention of vulnerabilities, incidents and / or cyber attacks.</span></span></div>
<div style="background-color: white; box-sizing: border-box; line-height: 24px; margin-bottom: 24px; text-align: justify;">
<span style="color: #222222; font-family: Verdana, Geneva, sans-serif;"><span style="font-size: 14px;">Coordinate functional activities in the execution of BSSN tasks and as a container.</span></span></div>
<div style="background-color: white; box-sizing: border-box; line-height: 24px; margin-bottom: 24px; text-align: justify;">
<span style="color: #222222; font-family: Verdana, Geneva, sans-serif;"><span style="font-size: 14px;">Coordination for all stakeholders.</span></span></div>
<div style="background-color: white; box-sizing: border-box; line-height: 24px; margin-bottom: 24px; text-align: justify;">
<span style="color: #222222; font-family: Verdana, Geneva, sans-serif;"><span style="font-size: 14px;">Implementation of guidance and provision of administrative support to all organizational units within the BSSN.</span></span></div>
<div style="background-color: white; box-sizing: border-box; line-height: 24px; margin-bottom: 24px; text-align: justify;">
<span style="color: #222222; font-family: Verdana, Geneva, sans-serif;"><span style="font-size: 14px;">Supervision over BSSN task implementation.</span></span></div>
<div style="background-color: white; box-sizing: border-box; line-height: 24px; margin-bottom: 24px; text-align: justify;">
<span style="color: #222222; font-family: Verdana, Geneva, sans-serif;"><span style="font-size: 14px;">Implementation of support that is substantive to all elements of the organization within the BSSN.</span></span></div>
<div style="background-color: white; box-sizing: border-box; line-height: 24px; margin-bottom: 24px; text-align: justify;">
<span style="color: #222222; font-family: Verdana, Geneva, sans-serif;"><span style="font-size: 14px;">Implementation of national, regional and international cooperation in cyber security affairs.</span></span></div>
<div style="background-color: white; box-sizing: border-box; line-height: 24px; margin-bottom: 24px; text-align: justify;">
<span style="color: #222222; font-family: Verdana, Geneva, sans-serif;"><span style="font-size: 14px;">In practice, BSSN will be responsible to the President through the Coordinating Minister for Political, Legal and Security Affairs and headed by a head and assisted by the General Secretariat and four deputies namely Deputy for Identification and Detection, Deputy for Protection, Deputy for Countermeasures and Recovery, Deputy for Monitoring And Control.</span></span></div>
<div style="background-color: white; box-sizing: border-box; line-height: 24px; margin-bottom: 24px; text-align: justify;">
<span style="color: #222222; font-family: Verdana, Geneva, sans-serif;"><span style="font-size: 14px;"><br /></span></span></div>
<div style="background-color: white; box-sizing: border-box; line-height: 24px; margin-bottom: 24px; text-align: justify;">
<span style="color: #222222; font-family: Verdana, Geneva, sans-serif;"><span style="font-size: 14px;">Head of BSSN is appointed and dismissed on the recommendation of the Coordinating Minister for Political, Legal and Security, in accordance with the provisions of legislation.</span></span></div>
<div style="background-color: white; box-sizing: border-box; line-height: 24px; margin-bottom: 24px; text-align: justify;">
<span style="color: #222222; font-family: Verdana, Geneva, sans-serif;"><span style="font-size: 14px;">While the General Secretary and Deputy are appointed and dismissed by the President upon the proposal of the Head of BSSN in accordance with the provisions of the legislation.</span></span></div>
<div style="background-color: white; box-sizing: border-box; line-height: 24px; margin-bottom: 24px; text-align: justify;">
<span style="color: #222222; font-family: Verdana, Geneva, sans-serif;"><span style="font-size: 14px;">While the State Code Institute and the Directorate of Information Security under the Directorate General of Applications and Informatics, the Ministry of Communications and Informatics will merge into BSSN.</span></span></div>
<div style="background-color: white; box-sizing: border-box; line-height: 24px; margin-bottom: 24px; text-align: justify;">
<span style="color: #222222; font-family: Verdana, Geneva, sans-serif; font-size: 14px;">Equipment, financing, archives and documents at the Information Security Directorate of the Ministry of Communications and Informatics and Indonesia Security Incident Response Team on Internet Infrastructure (ID-SIRTII) and State Code Institutions are transferred to BSSN.</span></div>
<div style="background-color: white; box-sizing: border-box; line-height: 24px; margin-bottom: 24px; text-align: justify;">
<span style="color: #222222; font-family: Verdana, Geneva, sans-serif; font-size: 14px;">For the execution of duties in the field of coding is still done by the State Code Institution until the completion of BSSN organization arrangement. Similarly, the task of security in the Directorate of Information Security Ministry of Communications and Informatics.</span></div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-6115362802977364571.post-73823046167009708552017-08-05T07:04:00.002-07:002017-08-05T07:04:23.530-07:00Telegram Chatting Application Blocked Government<div style="background-color: white; box-sizing: border-box; line-height: 24px; margin-bottom: 24px; text-align: justify;">
<span style="color: #222222; font-family: "verdana" , "geneva" , sans-serif;"><span style="font-size: 14px;">Telegram Chatting Application Blocked Government - recently Telegram blocked government. No information about the reason this chat application is blocked, but certainly when accessed through the application or through the browser (telegram web) error.</span></span></div>
<div style="background-color: white; box-sizing: border-box; color: #222222; font-family: Verdana, Geneva, sans-serif; font-size: 14px; line-height: 24px; margin-bottom: 24px;">
<img alt="" class="wp-image-480 aligncenter td-animation-stack-type0-1" data-attachment-id="480" data-comments-opened="1" data-image-description="" data-image-meta="{"aperture":"0","credit":"","camera":"","caption":"","created_timestamp":"0","copyright":"","focal_length":"0","iso":"0","shutter_speed":"0","title":"","orientation":"0"}" data-image-title="telegram" data-large-file="https://i1.wp.com/news.linuxsec.org/wp-content/uploads/2017/07/telegram.png?fit=640%2C367&ssl=1" data-medium-file="https://i1.wp.com/news.linuxsec.org/wp-content/uploads/2017/07/telegram.png?fit=300%2C172&ssl=1" data-orig-file="https://i1.wp.com/news.linuxsec.org/wp-content/uploads/2017/07/telegram.png?fit=1019%2C585&ssl=1" data-orig-size="1019,585" data-permalink="https://news.linuxsec.org/aplikasi-chatting-telegram-diblokir-pemerintah/telegram/" height="250" sizes="(max-width: 436px) 100vw, 436px" src="https://i1.wp.com/news.linuxsec.org/wp-content/uploads/2017/07/telegram.png?resize=436%2C250" srcset="https://i1.wp.com/news.linuxsec.org/wp-content/uploads/2017/07/telegram.png?resize=300%2C172&ssl=1 300w, https://i1.wp.com/news.linuxsec.org/wp-content/uploads/2017/07/telegram.png?resize=768%2C441&ssl=1 768w, https://i1.wp.com/news.linuxsec.org/wp-content/uploads/2017/07/telegram.png?resize=732%2C420&ssl=1 732w, https://i1.wp.com/news.linuxsec.org/wp-content/uploads/2017/07/telegram.png?resize=640%2C367&ssl=1 640w, https://i1.wp.com/news.linuxsec.org/wp-content/uploads/2017/07/telegram.png?resize=681%2C391&ssl=1 681w, https://i1.wp.com/news.linuxsec.org/wp-content/uploads/2017/07/telegram.png?w=1019&ssl=1 1019w" style="border: 0px; box-sizing: border-box; clear: both; display: block; height: auto; margin: 6px auto 21px; max-width: 100%; text-align: center;" width="436" /><span style="text-align: justify;">Yes, as you can see in the screenshot, when opened will only connect to the telegram server repeatedly but it never works. At first I thought it was a problem in my network but it turns out when I try to ping Telegram website also diblock by Internet Positive.</span></div>
<div style="background-color: white; box-sizing: border-box; color: #222222; font-family: Verdana, Geneva, sans-serif; font-size: 14px; line-height: 24px; margin-bottom: 24px;">
<img alt="" class="wp-image-481 aligncenter td-animation-stack-type0-1" data-attachment-id="481" data-comments-opened="1" data-image-description="" data-image-meta="{"aperture":"0","credit":"","camera":"","caption":"","created_timestamp":"0","copyright":"","focal_length":"0","iso":"0","shutter_speed":"0","title":"","orientation":"0"}" data-image-title="telegram 2" data-large-file="https://i2.wp.com/news.linuxsec.org/wp-content/uploads/2017/07/telegram-2.png?fit=596%2C226&ssl=1" data-medium-file="https://i2.wp.com/news.linuxsec.org/wp-content/uploads/2017/07/telegram-2.png?fit=300%2C114&ssl=1" data-orig-file="https://i2.wp.com/news.linuxsec.org/wp-content/uploads/2017/07/telegram-2.png?fit=596%2C226&ssl=1" data-orig-size="596,226" data-permalink="https://news.linuxsec.org/aplikasi-chatting-telegram-diblokir-pemerintah/telegram-2/" height="145" sizes="(max-width: 382px) 100vw, 382px" src="https://i2.wp.com/news.linuxsec.org/wp-content/uploads/2017/07/telegram-2.png?resize=382%2C145" srcset="https://i2.wp.com/news.linuxsec.org/wp-content/uploads/2017/07/telegram-2.png?resize=300%2C114&ssl=1 300w, https://i2.wp.com/news.linuxsec.org/wp-content/uploads/2017/07/telegram-2.png?w=596&ssl=1 596w" style="border: 0px; box-sizing: border-box; clear: both; display: block; height: auto; margin: 6px auto 21px; max-width: 100%; text-align: center;" width="382" /></div>
<div style="background-color: white; box-sizing: border-box; line-height: 24px; margin-bottom: 24px; text-align: justify;">
<span style="color: #222222; font-family: "verdana" , "geneva" , sans-serif;"><span style="font-size: 14px;">Feeling unsure, I also confirmed to some friends about whether they can access Telegram. Apparently there are many who can not.</span></span></div>
<div style="background-color: white; box-sizing: border-box; line-height: 24px; margin-bottom: 24px; text-align: justify;">
<span style="color: #222222; font-family: "verdana" , "geneva" , sans-serif; font-size: 14px;">When this news was released, there was no information on why Telegram was blocked. Though I think the benefits of this telegram itself very much. In addition to this chat application again upd aun because simple and without advertising, a lot of IT material sharing held in community communities via telegram or commonly called Kulgram (Telegram Lecture).</span></div>
<div style="background-color: white; box-sizing: border-box; line-height: 24px; margin-bottom: 24px; text-align: justify;">
<span style="color: #222222; font-family: "verdana" , "geneva" , sans-serif; font-size: 14px;">Well I myself am very sorry if this blocking continues, we wait for my next development.</span></div>
<div style="background-color: white; box-sizing: border-box; color: #222222; font-family: Verdana, Geneva, sans-serif; font-size: 14px; line-height: 24px; margin-bottom: 24px;">
<span style="box-sizing: border-box; font-weight: 700;">Update:</span></div>
<div style="background-color: white; box-sizing: border-box; line-height: 24px; margin-bottom: 24px; text-align: justify;">
<span style="color: #222222; font-family: "verdana" , "geneva" , sans-serif;"><span style="font-size: 14px;">Recently Kominfo did a press release informing them of the reason they blocked Telegram. Here's what it says:</span></span></div>
<div style="background-color: white; box-sizing: border-box; line-height: 24px; margin-bottom: 24px; text-align: justify;">
<span style="color: #222222; font-family: "verdana" , "geneva" , sans-serif; font-size: 14px;">"The Ministry of Communications and Information Technology on July 14, 2017 has asked the Internet Service Provider (ISP) to terminate access (blocking) to Telegram's 11 Domain Name System (DNS). This blocking must be done because the many channels in the service are propaganda of radicalism, terrorism, hatred, invitation or how to assemble bombs, how to attack, disturbing images, and others that are contrary to Indonesian laws and regulations. "</span></div>
<div style="background-color: white; box-sizing: border-box; line-height: 24px; margin-bottom: 24px; text-align: justify;">
<span style="color: #222222; font-family: "verdana" , "geneva" , sans-serif; font-size: 14px;">Yup, Telegram is blocked because it is considered a terrorist nest. Very funny indeed. Kominfo prefers to burn the house just because inside the house there is a rat's nest, rather than hunt mice.</span></div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-6115362802977364571.post-20604248016988794092017-08-05T07:00:00.005-07:002017-08-05T07:00:43.164-07:00Hacker Indonesia Hacked Website NVIDIA Developer<div style="background-color: white; box-sizing: border-box; text-align: justify;">
<span style="color: #444444; font-family: Verdana, Geneva, sans-serif;"><span style="font-size: 14px;">After the previous Steam down, this time still a case of cyber attack associated with the game. Yup, the developer site manufacturer NVIDIA graphics processor company hacked hacker Indonesia with kodenama Xaveroz_Tersakiti.</span></span></div>
<div style="background-color: white; box-sizing: border-box; color: #444444; font-family: Verdana, Geneva, sans-serif; font-size: 14px; text-align: justify;">
<br /></div>
<div style="background-color: white; box-sizing: border-box; clear: both; color: #444444; font-family: Verdana, Geneva, sans-serif; font-size: 14px; text-align: center;">
<a href="https://i2.wp.com/4.bp.blogspot.com/-nBKOf8fWik4/WF5TsHIW6tI/AAAAAAAAFJY/x8y7hdL5N0cv8LPZ2NlBj6ATOZ5tvg0lQCLcB/s1600/nvidia-hacked.PNG?ssl=1" style="background: 0px 0px; box-sizing: border-box; color: #4db2ec; margin-left: 1em; margin-right: 1em; text-decoration-line: none !important;"><img border="0" class="td-animation-stack-type0-1" height="305" src="https://i1.wp.com/4.bp.blogspot.com/-nBKOf8fWik4/WF5TsHIW6tI/AAAAAAAAFJY/x8y7hdL5N0cv8LPZ2NlBj6ATOZ5tvg0lQCLcB/s640/nvidia-hacked.PNG?resize=640%2C304&ssl=1" style="border: 0px; box-sizing: border-box; display: block; height: auto; margin-bottom: 21px; max-width: 100%;" width="640" /></a></div>
<div style="background-color: white; box-sizing: border-box; clear: both; color: #444444; font-family: Verdana, Geneva, sans-serif; font-size: 14px; text-align: justify;">
<div style="box-sizing: border-box; clear: both;">
Perpetrators do not change the front page of the site address at developer.nvidia.com is frontal. He just uploaded a file called xaveroz.html in the directory / sites / default / files / webform /.</div>
<div style="box-sizing: border-box; clear: both;">
But that is enough to prove that the site still has a gap that allows the hacker to upload files illegally.</div>
<div style="box-sizing: border-box; clear: both;">
Here's the message the hacker submitted on the page</div>
</div>
<blockquote style="background-color: white; border-left: 0px; box-sizing: border-box; clear: both; color: #444444; font-family: Verdana, Geneva, sans-serif; font-size: 14px; margin: 10px 0px; padding: 0px; position: relative; text-align: justify;">
<div style="box-sizing: border-box; color: #4db2ec; font-family: Roboto, sans-serif; font-size: 20px; font-style: italic; line-height: 40px; margin-bottom: 24px; margin-left: 10px;">
https://developer.nvidia.com/sites/default/files/webform/xaveroz.html</div>
</blockquote>
<div style="background-color: white; box-sizing: border-box; clear: both; color: #444444; font-family: Verdana, Geneva, sans-serif; font-size: 14px; text-align: justify;">
</div>
<div style="background-color: white; box-sizing: border-box; clear: both; color: #444444; font-family: Verdana, Geneva, sans-serif; font-size: 14px; text-align: justify;">
<span style="box-sizing: border-box; font-weight: 700;"><span style="box-sizing: border-box; color: red;">PAWNED BY: </span></span></div>
<div style="background-color: white; box-sizing: border-box; clear: both; color: #444444; font-family: Verdana, Geneva, sans-serif; font-size: 14px; text-align: justify;">
<span style="box-sizing: border-box; font-weight: 700;"><span style="box-sizing: border-box; color: red;">[#]Xaveroz_Tersakiti[#]</span></span></div>
<div style="background-color: white; box-sizing: border-box; clear: both; color: #444444; font-family: Verdana, Geneva, sans-serif; font-size: 14px; text-align: justify;">
<span style="box-sizing: border-box; font-weight: 700;"><span style="box-sizing: border-box; color: red;"> </span></span></div>
<div style="background-color: white; box-sizing: border-box; clear: both; color: #444444; font-family: Verdana, Geneva, sans-serif; font-size: 14px; text-align: justify;">
<span style="box-sizing: border-box; font-weight: 700;"><span style="box-sizing: border-box; color: red;">Message for Admin :</span></span></div>
<div style="background-color: white; box-sizing: border-box; clear: both; color: #444444; font-family: Verdana, Geneva, sans-serif; font-size: 14px; text-align: justify;">
<span style="box-sizing: border-box; font-weight: 700;"><span style="box-sizing: border-box; color: red;">Sorry Admin !</span></span></div>
<div style="background-color: white; box-sizing: border-box; clear: both; color: #444444; font-family: Verdana, Geneva, sans-serif; font-size: 14px; text-align: justify;">
<span style="box-sizing: border-box; font-weight: 700;"><span style="box-sizing: border-box; color: red;">Your Site Has Been Hacked System Security Is Low , Please Patch Your System. </span></span></div>
<div style="background-color: white; box-sizing: border-box; clear: both; color: #444444; font-family: Verdana, Geneva, sans-serif; font-size: 14px; text-align: justify;">
<span style="box-sizing: border-box; font-weight: 700;"><span style="box-sizing: border-box; color: red;">This Is Just A Warning If You Still Dont want to patch it</span></span></div>
<div style="background-color: white; box-sizing: border-box; clear: both; color: #444444; font-family: Verdana, Geneva, sans-serif; font-size: 14px; text-align: justify;">
<span style="box-sizing: border-box; font-weight: 700;"><span style="box-sizing: border-box; color: red;">We Will Keep On Hacking it. </span></span></div>
<div style="background-color: white; box-sizing: border-box; clear: both; color: #444444; font-family: Verdana, Geneva, sans-serif; font-size: 14px; text-align: justify;">
<span style="box-sizing: border-box; font-weight: 700;"><span style="box-sizing: border-box; color: red;"><br /></span></span></div>
<div style="background-color: white; box-sizing: border-box; clear: both; color: #444444; font-family: Verdana, Geneva, sans-serif; font-size: 14px; text-align: justify;">
</div>
<div style="background-color: white; box-sizing: border-box; clear: both; text-align: justify;">
<span style="color: #444444; font-family: Verdana, Geneva, sans-serif;"><span style="font-size: 14px;">Some of the names that seem to be co-perpetrators are also plastered:</span></span></div>
<blockquote style="background-color: white; border-left: 0px; box-sizing: border-box; clear: both; color: #444444; font-family: Verdana, Geneva, sans-serif; font-size: 14px; margin: 10px 0px; padding: 0px; position: relative; text-align: justify;">
<div style="box-sizing: border-box; color: #4db2ec; font-family: Roboto, sans-serif; font-size: 20px; font-style: italic; line-height: 40px; margin-bottom: 24px; margin-left: 10px;">
GrenXPaRTa – r00tkit404 – Jilan404 – Arthiz Cyber – Indonesia Defacer Tersakiti – DiffMuRis – ML7C – MalaysiaGov – Abrasax1337 – ./MR.ROB0T – fcod3x – Jiwa Tersesat – 0x1958 – Gboys_Flush CyberGhost.17 – Mr.Vendeta_404 – ZakirDotID – ins7ing – Mr.spongebob – Krypton – l0c4lh0st</div>
</blockquote>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-6115362802977364571.post-69280516733550916142017-08-05T06:57:00.001-07:002017-08-05T06:57:35.664-07:00Telegram Blocked, Hacker Hacker Site Directorate of e-Business KOMINFO RIDirectorate of e-Business KOMINFO RI Hacked - After previously the government officially announced the blocking of Telegram chat application because it was considered as a terrorist's nest, there was a reaction of disagreement with the policy whichever where. One of them from the underground. Impact, the Directorate of e-Business site KOMINFO RI hacked by Typical Idiot Security.<br />
<br />
<br />
<div style="background-color: white; box-sizing: border-box; color: #222222; font-family: Verdana, Geneva, sans-serif; font-size: 14px; line-height: 24px; margin-bottom: 24px;">
<img alt="Direktorat e-Business KOMINFO RI Diretas" class="wp-image-489 aligncenter td-animation-stack-type0-1" data-attachment-id="489" data-comments-opened="1" data-image-description="" data-image-meta="{"aperture":"0","credit":"","camera":"","caption":"","created_timestamp":"0","copyright":"","focal_length":"0","iso":"0","shutter_speed":"0","title":"","orientation":"0"}" data-image-title="hacked" data-large-file="https://i1.wp.com/news.linuxsec.org/wp-content/uploads/2017/07/hacked-4.png?fit=640%2C366&ssl=1" data-medium-file="https://i1.wp.com/news.linuxsec.org/wp-content/uploads/2017/07/hacked-4.png?fit=300%2C172&ssl=1" data-orig-file="https://i1.wp.com/news.linuxsec.org/wp-content/uploads/2017/07/hacked-4.png?fit=1013%2C580&ssl=1" data-orig-size="1013,580" data-permalink="https://news.linuxsec.org/hacker-retas-situs-direktorat-e-business-kominfo/hacked-20/" height="272" sizes="(max-width: 475px) 100vw, 475px" src="https://i1.wp.com/news.linuxsec.org/wp-content/uploads/2017/07/hacked-4.png?resize=475%2C273" srcset="https://i1.wp.com/news.linuxsec.org/wp-content/uploads/2017/07/hacked-4.png?resize=300%2C172&ssl=1 300w, https://i1.wp.com/news.linuxsec.org/wp-content/uploads/2017/07/hacked-4.png?resize=768%2C440&ssl=1 768w, https://i1.wp.com/news.linuxsec.org/wp-content/uploads/2017/07/hacked-4.png?resize=734%2C420&ssl=1 734w, https://i1.wp.com/news.linuxsec.org/wp-content/uploads/2017/07/hacked-4.png?resize=640%2C366&ssl=1 640w, https://i1.wp.com/news.linuxsec.org/wp-content/uploads/2017/07/hacked-4.png?resize=681%2C390&ssl=1 681w, https://i1.wp.com/news.linuxsec.org/wp-content/uploads/2017/07/hacked-4.png?w=1013&ssl=1 1013w" style="border: 0px; box-sizing: border-box; clear: both; display: block; height: auto; margin: 6px auto 21px; max-width: 100%; text-align: center;" width="475" /></div>
<div style="background-color: white; box-sizing: border-box; line-height: 24px; margin-bottom: 24px; text-align: justify;">
<span style="color: #222222; font-family: Verdana, Geneva, sans-serif;"><span style="font-size: 14px;">Perpetrators who do not want to call the code (for the next we call it Roses) does not damage the front page of the site address at pse.kominfo.go.id. He just leaves the file at the url https://pse.kominfo.go.id/uploads/355/971_x.htm.</span></span></div>
<div style="background-color: white; box-sizing: border-box; line-height: 24px; margin-bottom: 24px; text-align: justify;">
<span style="color: #222222; font-family: Verdana, Geneva, sans-serif; font-size: 14px;">Well following the message left by the Rose:</span></div>
<div style="background-color: white; box-sizing: border-box; line-height: 24px; margin-bottom: 24px; text-align: justify;">
<span style="color: #222222; font-family: Verdana, Geneva, sans-serif; font-size: 14px;">THE SOLUTION IS BLOCKED .. INDONESIA REVERSES 10 CENTURY!</span></div>
<div style="background-color: white; box-sizing: border-box; line-height: 24px; margin-bottom: 24px; text-align: justify;">
<span style="color: #222222; font-family: Verdana, Geneva, sans-serif; font-size: 14px;">It seems that sarcastic remark addressed to Kominfo. In addition to the message, some names are also posted on its deface page. Here's the name of the name:</span></div>
<div style="background-color: white; box-sizing: border-box; line-height: 24px; margin-bottom: 24px; text-align: justify;">
<span style="color: #222222; font-family: Verdana, Geneva, sans-serif; font-size: 14px;">Khunerable - SPEEDY-03 - PYS404 - Mirav - Grac3 - Kerens.id - Wokab0ya - AnoaGhost</span></div>
<div style="background-color: white; box-sizing: border-box; line-height: 24px; margin-bottom: 24px; text-align: justify;">
<span style="color: #222222; font-family: Verdana, Geneva, sans-serif; font-size: 14px;">You may already be able to guess if this hacking action is related to government policy that blocked telegram. But to make sure, we try to contact the perpetrator.</span></div>
<div style="background-color: white; box-sizing: border-box; line-height: 24px; margin-bottom: 24px; text-align: justify;">
<span style="color: #222222; font-family: Verdana, Geneva, sans-serif; font-size: 14px;">And the reason he growled because Telegram was blocked quite uniquely. He said, if Telegram can not be accessed he can no longer see sticker dragon loli Kanna Kamui in the chat application.</span></div>
<div style="background-color: white; box-sizing: border-box; line-height: 24px; margin-bottom: 24px; text-align: justify;">
<span style="color: #222222; font-family: Verdana, Geneva, sans-serif; font-size: 14px;">"Yes kesel aja mas. But only in this telegram there sticker kanna Kamui. Adem aja if already clay him. I think I'm ready to be picked up because of a liaison case if it involves kanna ", he said.</span></div>
<div style="background-color: white; box-sizing: border-box; line-height: 24px; margin-bottom: 24px; text-align: justify;">
<span style="color: #222222; font-family: Verdana, Geneva, sans-serif;"><span style="font-size: 14px;">Regardless of the statement is acceptable or not, indeed many people who feel harmed because Telegram blocked. Until this news was released there has been no improvement from related sites. Yes hopefully there is a policy change from the government let the Rose can re-use sticker Kanna Kamui in telegram yes.</span></span><span style="color: #222222; font-family: Verdana, Geneva, sans-serif; font-size: 14px;">(<span style="box-sizing: border-box; font-weight: 700;">jack/lsc</span>)</span></div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-6115362802977364571.post-10430307219224591122017-08-05T06:54:00.001-07:002017-08-05T06:54:51.914-07:00 For the sake of Getting Recognition, "Hacker" is Buy Domain For Hacked Yourself<div style="background-color: white; box-sizing: border-box; color: #222222; font-family: Verdana, Geneva, sans-serif; font-size: 14px; line-height: 24px; margin-bottom: 24px; text-align: justify;">
<span style="color: #212121; font-family: Roboto, arial, sans-serif; font-size: 16px; text-align: left; white-space: pre-wrap;">Perhaps because inspired by cop1re action that hacked the Attorney General's site, "hackers" with codename MDR01 who claimed to be from Anonymous Indonesian Cyber Team is hacking BBC Indonesia website. Yes that's probably the expectation to be gained when this "hacker" hacked the site bbc.co.id. But in fact bbc.co.id itself is just a fake site that is registered by the hacker himself.</span></div>
<div style="background-color: white; box-sizing: border-box; color: #222222; font-family: Verdana, Geneva, sans-serif; font-size: 14px; line-height: 24px; margin-bottom: 24px; text-align: justify;">
<img alt="Situs BBC Palsu Diretas" class="size-full wp-image-370 aligncenter td-animation-stack-type0-1" data-attachment-id="370" data-comments-opened="1" data-image-description="" data-image-meta="{"aperture":"0","credit":"","camera":"","caption":"","created_timestamp":"0","copyright":"","focal_length":"0","iso":"0","shutter_speed":"0","title":"","orientation":"0"}" data-image-title="bbc palsu" data-large-file="https://i2.wp.com/news.linuxsec.org/wp-content/uploads/2017/05/bbc-palsu.png?fit=640%2C412&ssl=1" data-medium-file="https://i2.wp.com/news.linuxsec.org/wp-content/uploads/2017/05/bbc-palsu.png?fit=300%2C193&ssl=1" data-orig-file="https://i2.wp.com/news.linuxsec.org/wp-content/uploads/2017/05/bbc-palsu.png?fit=1025%2C660&ssl=1" data-orig-size="1025,660" data-permalink="https://news.linuxsec.org/situs-bbc-palsu-dihack/bbc-palsu/" height="412" src="https://i2.wp.com/news.linuxsec.org/wp-content/uploads/2017/05/bbc-palsu.png?resize=640%2C412" style="border: 0px; box-sizing: border-box; clear: both; display: block; height: auto; margin: 6px auto 21px; max-width: 100%; text-align: center;" width="640" /></div>
<div style="background-color: white; box-sizing: border-box; line-height: 24px; margin-bottom: 24px; text-align: justify;">
<span style="color: #222222; font-family: Verdana, Geneva, sans-serif;"><span style="font-size: 14px;">Starting from the claims of the hacker team on facebook, who claimed to successfully hack the BBC Indonesia website. Then the news was viral because in blow up by account instagram islamic.cyber</span></span></div>
<div style="background-color: white; box-sizing: border-box; color: #222222; font-family: Verdana, Geneva, sans-serif; font-size: 14px; line-height: 24px; margin-bottom: 24px; text-align: justify;">
<img alt="MCA Palsu" class="size-full wp-image-371 aligncenter td-animation-stack-type0-1" data-attachment-id="371" data-comments-opened="1" data-image-description="" data-image-meta="{"aperture":"0","credit":"","camera":"","caption":"","created_timestamp":"0","copyright":"","focal_length":"0","iso":"0","shutter_speed":"0","title":"","orientation":"0"}" data-image-title="cyber goblok" data-large-file="https://i2.wp.com/news.linuxsec.org/wp-content/uploads/2017/05/cyber-goblok.png?fit=640%2C332&ssl=1" data-medium-file="https://i2.wp.com/news.linuxsec.org/wp-content/uploads/2017/05/cyber-goblok.png?fit=300%2C156&ssl=1" data-orig-file="https://i2.wp.com/news.linuxsec.org/wp-content/uploads/2017/05/cyber-goblok.png?fit=1054%2C547&ssl=1" data-orig-size="1054,547" data-permalink="https://news.linuxsec.org/situs-bbc-palsu-dihack/cyber-goblok/" height="332" src="https://i2.wp.com/news.linuxsec.org/wp-content/uploads/2017/05/cyber-goblok.png?resize=640%2C332" style="border: 0px; box-sizing: border-box; clear: both; display: block; height: auto; margin: 6px auto 21px; max-width: 100%; text-align: center;" width="640" /></div>
<div style="background-color: white; box-sizing: border-box; line-height: 24px; margin-bottom: 24px; text-align: justify;">
<span style="color: #222222; font-family: Verdana, Geneva, sans-serif;"><span style="font-size: 14px;">Here is the contents of the post:</span></span></div>
<div style="background-color: white; box-sizing: border-box; line-height: 24px; margin-bottom: 24px; text-align: justify;">
<span style="color: #222222; font-family: Verdana, Geneva, sans-serif;"><span style="font-size: 14px;"><br /></span></span></div>
<div style="background-color: white; box-sizing: border-box; line-height: 24px; margin-bottom: 24px; text-align: justify;">
<span style="color: #222222; font-family: Verdana, Geneva, sans-serif;"><span style="font-size: 14px;"> Islamic.cyberHACKED BY MDR01</span></span></div>
<div style="background-color: white; box-sizing: border-box; line-height: 24px; margin-bottom: 24px; text-align: justify;">
<span style="color: #222222; font-family: Verdana, Geneva, sans-serif;"><span style="font-size: 14px;">====</span></span></div>
<div style="background-color: white; box-sizing: border-box; line-height: 24px; margin-bottom: 24px; text-align: justify;">
<span style="color: #222222; font-family: Verdana, Geneva, sans-serif;"><span style="font-size: 14px;">MESSAGE TO INDONESIA</span></span></div>
<div style="background-color: white; box-sizing: border-box; line-height: 24px; margin-bottom: 24px; text-align: justify;">
<span style="color: #222222; font-family: Verdana, Geneva, sans-serif;"><span style="font-size: 14px;">WE IN THE DEGREE WHEN WE DEFEND WHAT ARE OUR MONEY</span></span></div>
<div style="background-color: white; box-sizing: border-box; line-height: 24px; margin-bottom: 24px; text-align: justify;">
<span style="color: #222222; font-family: Verdana, Geneva, sans-serif;"><span style="font-size: 14px;">WHEN SOMEONE SEEKS AL-QUR'AN, AND WHEN SOMEONE SPEARS THE ULAMA ..</span></span></div>
<div style="background-color: white; box-sizing: border-box; line-height: 24px; margin-bottom: 24px; text-align: justify;">
<span style="color: #222222; font-family: Verdana, Geneva, sans-serif;"><span style="font-size: 14px;">WHAT IS NKRI?</span></span></div>
<div style="background-color: white; box-sizing: border-box; line-height: 24px; margin-bottom: 24px; text-align: justify;">
<span style="color: #222222; font-family: Verdana, Geneva, sans-serif;"><span style="font-size: 14px;">NOW WE ARE MOVING, WE DO NOT WANT TO USIC, WE ARE AGAINST, AND WE ARE TELL OF AN INTERESTED WORDS WORD TO BE IN DISCONNECTED</span></span></div>
<div style="background-color: white; box-sizing: border-box; line-height: 24px; margin-bottom: 24px; text-align: justify;">
<span style="color: #222222; font-family: Verdana, Geneva, sans-serif;"><span style="font-size: 14px;">WE ARE MUSLIM CYBER ARMY DISABLED WHEN OUR RELIGION IN LOW ... [#] Supports:</span></span></div>
<div style="background-color: white; box-sizing: border-box; line-height: 24px; margin-bottom: 24px; text-align: justify;">
<span style="color: #222222; font-family: Verdana, Geneva, sans-serif;"><span style="font-size: 14px;">ISLAMIC CYBER | MUSLIM CYBER ARMY & ANONYMOUS CYBER TEAM</span></span></div>
<div style="background-color: white; box-sizing: border-box; line-height: 24px; margin-bottom: 24px; text-align: justify;">
<span style="color: #222222; font-family: Verdana, Geneva, sans-serif;"><span style="font-size: 14px;">===</span></span></div>
<div style="background-color: white; box-sizing: border-box; line-height: 24px; margin-bottom: 24px; text-align: justify;">
<span style="color: #222222; font-family: Verdana, Geneva, sans-serif;"><span style="font-size: 14px;"><br /></span></span></div>
<div style="background-color: white; box-sizing: border-box; line-height: 24px; margin-bottom: 24px; text-align: justify;">
<span style="color: #222222; font-family: Verdana, Geneva, sans-serif;"><span style="font-size: 14px;">News about "Hacking the BBC Website" has also been published on One Media's page.</span></span></div>
<div style="background-color: white; box-sizing: border-box; color: #222222; font-family: Verdana, Geneva, sans-serif; font-size: 14px; line-height: 24px; margin-bottom: 24px; text-align: justify;">
<img alt="" class="size-full wp-image-373 aligncenter td-animation-stack-type0-1" data-attachment-id="373" data-comments-opened="1" data-image-description="" data-image-meta="{"aperture":"0","credit":"","camera":"","caption":"","created_timestamp":"0","copyright":"","focal_length":"0","iso":"0","shutter_speed":"0","title":"","orientation":"0"}" data-image-title="hoax" data-large-file="https://i1.wp.com/news.linuxsec.org/wp-content/uploads/2017/05/hoax.png?fit=554%2C379&ssl=1" data-medium-file="https://i1.wp.com/news.linuxsec.org/wp-content/uploads/2017/05/hoax.png?fit=300%2C205&ssl=1" data-orig-file="https://i1.wp.com/news.linuxsec.org/wp-content/uploads/2017/05/hoax.png?fit=554%2C379&ssl=1" data-orig-size="554,379" data-permalink="https://news.linuxsec.org/situs-bbc-palsu-dihack/hoax/" height="379" src="https://i1.wp.com/news.linuxsec.org/wp-content/uploads/2017/05/hoax.png?resize=554%2C379" style="border: 0px; box-sizing: border-box; clear: both; display: block; height: auto; margin: 6px auto 21px; max-width: 100%; text-align: center;" width="554" /></div>
<div style="background-color: white; box-sizing: border-box; line-height: 24px; margin-bottom: 24px; text-align: justify;">
<span style="color: #222222; font-family: Verdana, Geneva, sans-serif;"><span style="font-size: 14px;">Perhaps because it is furious and do not want this hoax continues to spread, finally one of the facebook users who also happened to one of the admin community Indonesian Hoaxes (community that often membngkar hoax or lies on the internet), namely Aditya Al Fatah post a clarification of the claim of hacking the BBC Indonesia website.</span></span></div>
<div style="background-color: white; box-sizing: border-box; color: #222222; font-family: Verdana, Geneva, sans-serif; font-size: 14px; line-height: 24px; margin-bottom: 24px; text-align: justify;">
<img alt="" class="size-full wp-image-372 aligncenter td-animation-stack-type0-1" data-attachment-id="372" data-comments-opened="1" data-image-description="" data-image-meta="{"aperture":"0","credit":"","camera":"","caption":"","created_timestamp":"0","copyright":"","focal_length":"0","iso":"0","shutter_speed":"0","title":"","orientation":"0"}" data-image-title="klarifikasi" data-large-file="https://i1.wp.com/news.linuxsec.org/wp-content/uploads/2017/05/klarifikasi.png?fit=640%2C393&ssl=1" data-medium-file="https://i1.wp.com/news.linuxsec.org/wp-content/uploads/2017/05/klarifikasi.png?fit=300%2C184&ssl=1" data-orig-file="https://i1.wp.com/news.linuxsec.org/wp-content/uploads/2017/05/klarifikasi.png?fit=665%2C408&ssl=1" data-orig-size="665,408" data-permalink="https://news.linuxsec.org/situs-bbc-palsu-dihack/klarifikasi/" height="393" src="https://i1.wp.com/news.linuxsec.org/wp-content/uploads/2017/05/klarifikasi.png?resize=640%2C393" style="border: 0px; box-sizing: border-box; clear: both; display: block; height: auto; margin: 6px auto 21px; max-width: 100%; text-align: center;" width="640" /></div>
<div style="background-color: white; box-sizing: border-box; line-height: 24px; margin-bottom: 24px; text-align: justify;">
<span style="color: #222222; font-family: Verdana, Geneva, sans-serif;"><span style="font-size: 14px;">Unmitigated, he not only dismantles lies about the BBC site's hacking claims, but also reveals the true identity of the "hackers" coming from the anonymous team from home address, phone number, birth date, etc.</span></span></div>
<div style="background-color: white; box-sizing: border-box; line-height: 24px; margin-bottom: 24px; text-align: justify;">
<span style="color: #222222; font-family: Verdana, Geneva, sans-serif;"><span style="font-size: 14px;"><br /></span></span></div>
<div style="background-color: white; box-sizing: border-box; line-height: 24px; margin-bottom: 24px; text-align: justify;">
<span style="color: #222222; font-family: Verdana, Geneva, sans-serif;"><span style="font-size: 14px;">Currently the status of clarification that he made was already mencapat more than 300 share. Possibly because his name was suddenly famous, the hacker who "no longer anonymous" is closing his facebook account. News that was released in One Media was deleted by the owner.</span></span></div>
<div style="background-color: white; box-sizing: border-box; line-height: 24px; margin-bottom: 24px; text-align: justify;">
<span style="color: #222222; font-family: Verdana, Geneva, sans-serif;"><span style="font-size: 14px;"><br /></span></span></div>
<div style="background-color: white; box-sizing: border-box; line-height: 24px; margin-bottom: 24px; text-align: justify;">
<span style="color: #222222; font-family: Verdana, Geneva, sans-serif;"><span style="font-size: 14px;">Lately this group is claimed "Muslim Cyber Army" is indeed got a lot of scorn from the underground. Not because of what, I personally know really "real" Muslim Cyber Army since 2013. MCA is an international underground community. And I still remember one of the frontman in the community who has the code 'BillGate' hobby once hacked the site of the government site (.gov) overseas by delivering a message of peace message. Not infrequently also they ransacked the site of Israel. And that's why MCA is respected even by other underground groups or communities.</span></span></div>
<div style="background-color: white; box-sizing: border-box; line-height: 24px; margin-bottom: 24px; text-align: justify;">
<span style="color: #222222; font-family: Verdana, Geneva, sans-serif;"><span style="font-size: 14px;"><br /></span></span></div>
<div style="background-color: white; box-sizing: border-box; line-height: 24px; margin-bottom: 24px; text-align: justify;">
<span style="color: #222222; font-family: Verdana, Geneva, sans-serif;"><span style="font-size: 14px;">Here I attach an MCA action screenshot when hacking one of the pages of the Libyan state government.</span></span></div>
<div style="background-color: white; box-sizing: border-box; color: #222222; font-family: Verdana, Geneva, sans-serif; font-size: 14px; line-height: 24px; margin-bottom: 24px; text-align: justify;">
<img alt="" class="size-full wp-image-374 aligncenter td-animation-stack-type0-1" data-attachment-id="374" data-comments-opened="1" data-image-description="" data-image-meta="{"aperture":"0","credit":"","camera":"","caption":"","created_timestamp":"0","copyright":"","focal_length":"0","iso":"0","shutter_speed":"0","title":"","orientation":"0"}" data-image-title="mca" data-large-file="https://i2.wp.com/news.linuxsec.org/wp-content/uploads/2017/06/mca.png?fit=640%2C304&ssl=1" data-medium-file="https://i2.wp.com/news.linuxsec.org/wp-content/uploads/2017/06/mca.png?fit=300%2C142&ssl=1" data-orig-file="https://i2.wp.com/news.linuxsec.org/wp-content/uploads/2017/06/mca.png?fit=1332%2C632&ssl=1" data-orig-size="1332,632" data-permalink="https://news.linuxsec.org/situs-bbc-palsu-dihack/mca/" height="304" src="https://i2.wp.com/news.linuxsec.org/wp-content/uploads/2017/06/mca.png?resize=640%2C304" style="border: 0px; box-sizing: border-box; clear: both; display: block; height: auto; margin: 6px auto 21px; max-width: 100%; text-align: center;" width="640" /></div>
<div style="background-color: white; box-sizing: border-box; line-height: 24px; margin-bottom: 24px; text-align: justify;">
<span style="color: #222222; font-family: Verdana, Geneva, sans-serif;"><span style="font-size: 14px;">And somehow when there is a new group that carries the same name but its "action" is enough to make the underground shake my head is so silly. Starting from anonymous nge-live on instagram (anon banting stir so artist), heroic action patch port leaked web KPU, and the last one is own domain order, hacked itself, in blow up own. Hmm, there is just yes. (Jack / lsc)</span></span></div>
Unknownnoreply@blogger.com0