UNDERGROUND - YUDHAX: September 2008

Kamis, 11 September 2008

Block List Port for Mikrotik

Just Documentation :

add chain=tcp protocol=tcp dst-port=67-68 action=drop comment=”deny DHCP”
add chain=tcp protocol=tcp dst-port=69 action=drop comment=”deny TFTP”
add chain=tcp protocol=tcp dst-port=111 action=drop comment=”deny RPC portmapper”
add chain=tcp protocol=tcp dst-port=135 action=drop comment=”deny RPC portmapper”
add chain=tcp protocol=tcp dst-port=137-139 action=drop comment=”deny NBT”
add chain=tcp protocol=tcp dst-port=445 action=drop comment=”deny cifs”
add chain=tcp protocol=tcp dst-port=593 action=drop comment=”________”
add chain=tcp protocol=tcp dst-port=1024-1030 action=drop comment=”________”
add chain=tcp protocol=tcp dst-port=1080 action=drop comment=”Drop MyDoom”
add chain=tcp protocol=tcp dst-port=1214 action=drop comment=”________”
add chain=tcp protocol=tcp dst-port=1363 action=drop comment=”ndm requester”
add chain=tcp protocol=tcp dst-port=1364 action=drop comment=”ndm server”
add chain=tcp protocol=tcp dst-port=1368 action=drop comment=”screen cast”
add chain=tcp protocol=tcp dst-port=1373 action=drop comment=”hromgrafx”
add chain=tcp protocol=tcp dst-port=1377 action=drop comment=”cichlid”
add chain=tcp protocol=tcp dst-port=1433-1434 action=drop comment=”Worm”
add chain=tcp protocol=tcp dst-port=2745 action=drop comment=”Bagle Virus”
add chain=tcp protocol=tcp dst-port=2283 action=drop comment=”Drop Dumaru.Y”
add chain=tcp protocol=tcp dst-port=2535 action=drop comment=”Drop Beagle”
add chain=tcp protocol=tcp dst-port=2745 action=drop comment=”Drop Beagle.C-K”
add chain=tcp protocol=tcp dst-port=3127-3128 action=drop comment=”Drop MyDoom”
add chain=tcp protocol=tcp dst-port=3410 action=drop comment=”Drop Backdoor OptixPro”
add chain=tcp protocol=tcp dst-port=4444 action=drop comment=”Worm”
add chain=tcp protocol=tcp dst-port=2049 action=drop comment=”deny NFS”
add chain=tcp protocol=tcp dst-port=3133 action=drop comment=”deny BackOriffice”
add chain=tcp protocol=tcp dst-port=5554 action=drop comment=”Drop Sasser”
add chain=tcp protocol=tcp dst-port=8866 action=drop comment=”Drop Beagle.B”
add chain=tcp protocol=tcp dst-port=9898 action=drop comment=”Drop Dabber.A-B”
add chain=tcp protocol=tcp dst-port=10000 action=drop comment=”Drop Dumaru.Y”
add chain=tcp protocol=tcp dst-port=10080 action=drop comment=”Drop MyDoom.B”
add chain=tcp protocol=tcp dst-port=12345-12346 action=drop comment=”deny NetBus”
add chain=tcp protocol=tcp dst-port=17300 action=drop comment=”Drop Kuang2″
add chain=tcp protocol=tcp dst-port=20034 action=drop comment=”deny NetBus”
add chain=tcp protocol=tcp dst-port=27374 action=drop comment=”Drop SubSeven”
add chain=tcp protocol=tcp dst-port=65506 action=drop comment=”Drop PhatBot, Agobot, Gaobot”
add chain=udp protocol=udp dst-port=4444 action=drop comment=”Worm”
add chain=udp protocol=udp dst-port=69 action=drop comment=”deny TFTP”
add chain=udp protocol=udp dst-port=111 action=drop comment=”deny PRC portmapper”
add chain=udp protocol=udp dst-port=135 action=drop comment=”deny PRC portmapper”
add chain=udp protocol=udp dst-port=137-139 action=drop comment=”deny NBT”
add chain=udp protocol=udp dst-port=2049 action=drop comment=”deny NFS”
add chain=udp protocol=udp dst-port=3133 action=drop comment=”deny BackOriffice”
add chain=icmp protocol=icmp icmp-options=0:0 action=accept comment=”drop invalid connections”
add chain=icmp protocol=icmp icmp-options=3:0 action=accept comment=”allow established connections”
add chain=icmp protocol=icmp icmp-options=3:1 action=accept comment=”allow already established connections”
add chain=icmp protocol=icmp icmp-options=4:0 action=accept comment=”allow source quench”
add chain=icmp protocol=icmp icmp-options=8:0 action=accept comment=”allow echo request”
add chain=icmp protocol=icmp icmp-options=11:0 action=accept comment=”allow time exceed”
add chain=icmp protocol=icmp icmp-options=12:0 action=accept comment=”allow parameter bad”
add chain=icmp action=drop comment=”deny all other types”

Redirect Mikrotik ke SquidBox

Translasi dari command ip-tables pada linux ke mikrotik (sumber command syntax linux dari : http://tldp.org/HOWTO/TransparentProxy-6.html)

Method pertama :

iptables -t nat -A PREROUTING -i eth0 -s ! squid-box -p tcp –dport 80 -j DNAT –to squid-box:3128
iptables -t nat -A POSTROUTING -o eth0 -s local-network -d squid-box -j SNAT –to iptables-box
iptables -A FORWARD -s local-network -d squid-box -i eth0 -o eth0 -p tcp –dport 3128 -j ACCEPT

Spesifikasi :

Squid Box : 192.168.1.1, Mikrotik: 192.168.1.254
Mikrotik versi 2.9.27
LAN : ether1, Internet : ether2

Translasi ke mikrotik method pertama :

Pada table NAT :
- tambahkan dst-nat, src-address = !192.168.1.1 protocol=tcp dst-port=80 in-interface=ether1 action=dstnat to-addresses=192.168.1.1 to-port=3128
- tambahkan src-nat, src-address=192.168.1.0/24 out-interface=ether1 action=srcnat to-addresses=192.168.1.254 to-port=0-65535
- tambahkan filter rules chain=forward src-address=192.168.1.0/24 dst-address=192.168.1.1 dst-port=3128 in-interface=ether1 out-interface=ether2 action=accept

Method kedua :

iptables -t mangle -A PREROUTING -j ACCEPT -p tcp –dport 80 -s squid-box
iptables -t mangle -A PREROUTING -j MARK –set-mark 3 -p tcp –dport 80
ip rule add fwmark 3 table 2
ip route add default via squid-box dev eth1 table 2
Next, squid-box. Use this command, which should look remarkably similar to a command we’ve seen previously.
iptables -A PREROUTING -t nat -i eth0 -p tcp –dport 80 -j REDIRECT –to-port 3128

Translasi ke mikrotik method kedua :

Pada table mangle, tambahkan chain=prerouting protocol=tcp dst-port=80 action=mark routing new routing mark=mark80
Pada table filter, tambahkan chain=forward routing mark=mark80 action=accept
Pada IP-Route, tambahkan destination=0.0.0.0/0 gateway=192.168.1.1 mark=mark80 distance=1 interface=ether1
Untuk di Squid Box silakan sesuai dengan firewall yang anda gunakan, saya menggunakan shorewall, cukup menambahkan di file /etc/shorewall/ruless -> REDIRECT local 3128 tcp www - !192.168.1.1

data sub:
-----------------------------------------------------------------------------------
http://cangkirkopi.wordpress.com/2007/07/30/redirect-mikrotik-ke-squidbox/

Transparent Proxy Mikrotik Server

asumsikan bahwa transparent proxy sudah berjalan normal pada Proxy Server

1. Table NAT ( IP > Firewall > NAT )

dst-nat, src-address = !192.168.0.254 protocol=tcp dst-port=80 in-interface=ether2 action=dstnat to-addresses=192.168.0.254 to-port=3128

src-nat, src-address=192.168.0.0/24 out-interface=ether2 action=srcnat to-addresses=192.168.0.1 to-port=0-65535

2. Table Filter Rules

chain=forward src-address=192.168.0.0/24 dst-address=192.168.0.254 dst-port=3128 in-interface=ether2 out-interface=ether1 action=accept

dengan script ini akhirnya transparent proxy tanpa menggunakan fitur proxy Mikrotik dapat berjalan dengan sempurna.

Firewall Untuk Proxy DansGuardian

Bagi anda yang membutuhkan firewall bersama DansGuardian. Dapat menginstalasi script berikut.

Siapkan port ke Firewall. Bagian ini memang sifatnya optional, tapi sangat di sarankan. Copy perintah berikut ke file /etc/network/if-up.d/iptables-config

#!/bin/bash
iptables -F
# set the default policy for each of the pre-defined chains
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD DROP
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# to allow incoming SSH and Proxy
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -m state --state NEW -p tcp -m tcp -s 127.0.0.1 --dport 3128 -j ACCEPT
iptables -A INPUT -m state --state NEW -p tcp -m tcp --dport 8080 -j ACCEPT
# drop everything else
iptables -A INPUT -i eth+ -p udp -j DROP
iptables -A INPUT -i eth+ -p tcp -m tcp --syn -j DROP

Pastikan iptables-config dapat di execute / jalankan

# chmod +x /etc/network/if-up.d/iptables-config

Install SSH, Squid cache & DansGuardian

# apt-get install openssh-server squid dansguardian

Konfigurasi DansGuardian

# vi /etc/dansguardian/dansguardian.conf

Lakukan

Jika IP address Server adalah, 192.168.0.1. Ubah

accessdeniedaddress = 'http://YOURSERVER.YOURDOMAIN/cgi-bin/dansguardian.pl'

menjadi

accessdeniedaddress = 'http://192.168.0.1/cgi-bin/dansguardian.pl'

Buang / comment kalimat "UNCONFIGURED - Please remove this line after configuration" setelah semua proses konfigurasi selesai.
Ubah variabel 'virusscan' menjadi off, jika anda belum menyiapkan ClamAV untuk DansGuardian. Biasanya di Ubuntu, ClamAV akan terinstall bersama dengan DansGuardian.

Jika anda menggunakan ClamAV, pastikan ClamAV meng-update database yang terbaru menggunakan perintah

# freshclam

Aktifkan SSH, DansGuardian, & Squid cache saat startup

# update-rc.d ssh defaults
# update-rc.d squid defaults
# update-rc.d dansguardian defaults

Restart

# /etc/init.d/networking restart
# /etc/init.d/squid restart
# /etc/init.d/dansguardian restart

selesai

Setup di Sisi Client

Pastikan proxy server di arahkan ke

IP address Server DansGuardian
Port       8080

Kamis, 11 September 2008

Block List Port for Mikrotik

Redirect Mikrotik ke SquidBox

Transparent Proxy Mikrotik Server

Firewall Untuk Proxy DansGuardian

Install SSH, Squid cache & DansGuardian

Setup di Sisi Client

Blog Archive

Self Think

LIVE STAT

Echo or id

Labels

Comment Art

SunWikis Feed

SecuriTeam Blogs

Slashdot.org

Site Meter