Pessoal ando meio ausente aqui no fórum mas vi um tópico sobre o programa wintraff que gerava alto tráfego na rede. Acompanhei o tópico até certo ponto mas quando ví um colega dizendo que nem os cara da MIKROTIK deram uma luz, acabei desanimando, não sei se já descobriram a solução. Mas andei pesquisando e quero deixar minha contribuição aqui neste fórum que tanto me ajudou e que tanto tem me ajudado. Descobri um QoS que eu tinha guardado aqui já faz muito tempo, resolvi testa-lo e ele conseguiu segurar legal o wintraff.
Vou postar as regras aqui, é só vocês adaptarem as suas redes e qualquer coisa me add que posso ajudar vocês a configurarem seus servers okleverton@hotmail.com Tem um truque lá no Queue.
OBS: Toma cuidado que usa proxy na rede, esse QoS marca a porta 80 também.
/ ip firewall mangle
add chain=prerouting p2p=all-p2p action=mark-connection \
new-connection-mark=P2P-Conexao passthrough=yes comment="CONTROLE P2P" \
disabled=no
add chain=prerouting protocol=tcp p2p=all-p2p connection-limit=40,32 \
action=mark-connection new-connection-mark=P2P-Conexao-Limite \
passthrough=yes comment="" disabled=no
add chain=prerouting connection-mark=P2P-Conexao action=mark-packet \
new-packet-mark=P2P-Pacotes passthrough=no comment="" disabled=no
add chain=prerouting connection-mark=P2P-Conexao-Limite action=mark-packet \
new-packet-mark=P2P-Pacotes passthrough=no comment="" disabled=no
add chain=prerouting protocol=icmp \
action=mark-connection new-connection-mark=ICMP-Conexao passthrough=yes \
comment="CONTROLE ICMP" disabled=no
add chain=prerouting connection-mark=ICMP-Conexao action=mark-packet \
new-packet-mark=ICMP-Pacotes passthrough=yes comment="" disabled=no
add chain=prerouting protocol=tcp dst-port=443 action=mark-connection \
new-connection-mark=Navegacao-Conexao passthrough=yes comment="CONTROLE \
NAVEGACAO" disabled=no
add chain=prerouting protocol=tcp dst-port=80 action=mark-connection \
new-connection-mark=Navegacao-Conexao passthrough=yes comment="" \
disabled=no
add chain=prerouting protocol=tcp dst-port=53 action=mark-connection \
new-connection-mark=Navegacao-Conexao passthrough=yes comment="" \
disabled=no
add chain=prerouting protocol=udp dst-port=53 action=mark-connection \
new-connection-mark=Navegacao-Conexao passthrough=yes comment="" \
disabled=no
add chain=prerouting protocol=tcp dst-port=21 action=mark-connection \
new-connection-mark=Navegacao-Conexao passthrough=yes comment="" \
disabled=no
add chain=prerouting connection-mark=Navegacao-Conexao action=mark-packet \
new-packet-mark=Navegacao-Pacotes passthrough=no comment="" disabled=no
add chain=prerouting protocol=tcp dst-port=110 action=mark-connection \
new-connection-mark=E-mail-Conexao passthrough=yes comment="CONTROLE \
E-MAIL" disabled=no
add chain=prerouting protocol=tcp dst-port=25 action=mark-connection \
new-connection-mark=E-mail-Conexao passthrough=yes comment="" disabled=no
add chain=prerouting protocol=udp dst-port=25 action=mark-connection \
new-connection-mark=E-mail-Conexao passthrough=yes comment="" disabled=no
add chain=prerouting connection-mark=E-mail-Conexao action=mark-packet \
new-packet-mark=E-mail-Pacotes passthrough=no comment="" disabled=no
add chain=prerouting protocol=tcp dst-port=1863 action=mark-connection \
new-connection-mark=Messenger-Conexao passthrough=yes comment="CONTROLE \
MESSENGER" disabled=no
add chain=prerouting protocol=udp dst-port=1863 action=mark-connection \
new-connection-mark=Messenger-Conexao passthrough=yes comment="" \
disabled=no
add chain=prerouting protocol=tcp dst-port=6891-6901 action=mark-connection \
new-connection-mark=Messenger-Conexao passthrough=yes comment="" \
disabled=no
add chain=prerouting protocol=udp dst-port=6891-6901 action=mark-connection \
new-connection-mark=Messenger-Conexao passthrough=yes comment="" \
disabled=no
add chain=prerouting protocol=udp dst-port=5190 action=mark-connection \
new-connection-mark=Messenger-Conexao passthrough=yes comment="" \
disabled=no
add chain=prerouting connection-mark=Messenger-Conexao action=mark-packet \
new-packet-mark=Messenger-Pacotes passthrough=no comment="" disabled=no
add chain=prerouting protocol=tcp dst-port=22 action=mark-connection \
new-connection-mark=Acesso-Remoto-Conexao passthrough=yes \
comment="CONTROLE ACESSO REMOTO" disabled=no
add chain=prerouting protocol=tcp dst-port=23 action=mark-connection \
new-connection-mark=Acesso-Remoto-Conexao passthrough=yes comment="" \
disabled=no
add chain=prerouting protocol=tcp dst-port=3389 action=mark-connection \
new-connection-mark=Acesso-Remoto-Conexao passthrough=yes \
comment="Terminal Server" disabled=no
add chain=prerouting protocol=tcp dst-port=5800 action=mark-connection \
new-connection-mark=Acesso-Remoto-Conexao passthrough=yes comment="VNC" \
disabled=no
add chain=prerouting protocol=tcp dst-port=5900 action=mark-connection \
new-connection-mark=Acesso-Remoto-Conexao passthrough=yes comment="" \
disabled=no
add chain=prerouting protocol=tcp dst-port=8291 action=mark-connection \
new-connection-mark=Acesso-Remoto-Conexao passthrough=yes comment="Winbox" \
disabled=no
add chain=prerouting connection-mark=Acesso-Remoto-Conexao action=mark-packet \
new-packet-mark=Acesso-Remoto-Pacotes passthrough=no comment="" \
disabled=no
add chain=prerouting protocol=tcp dst-port=3306 action=mark-connection \
new-connection-mark=Banco-Dados-Conexao passthrough=yes comment="CONTROLE \
BANCO DE DADOS - SQL" disabled=no
add chain=prerouting protocol=tcp dst-port=1521 action=mark-connection \
new-connection-mark=Banco-Dados-Conexao passthrough=yes comment="Oracle" \
disabled=no
add chain=prerouting protocol=tcp dst-port=1433-1434 action=mark-connection \
new-connection-mark=Banco-Dados-Conexao passthrough=yes comment="Microsoft \
SQL Server" disabled=no
add chain=prerouting connection-mark=Banco-Dados-Conexao action=mark-packet \
new-packet-mark=Banco-Dados-Pacotes passthrough=no comment="" disabled=no
add chain=prerouting protocol=tcp dst-port=7171 action=mark-connection \
new-connection-mark=Jogos-Conexao passthrough=yes comment="CONTROLE JOGOS" \
disabled=no
add chain=prerouting protocol=tcp dst-port=27015 action=mark-connection \
new-connection-mark=Jogos-Conexao passthrough=yes comment="" disabled=no
add chain=prerouting protocol=tcp dst-port=55905 action=mark-connection \
new-connection-mark=Jogos-Conexao passthrough=yes comment="Mu Online" \
disabled=no
add chain=prerouting protocol=udp dst-port=55905 action=mark-connection \
new-connection-mark=Jogos-Conexao passthrough=yes comment="" disabled=no
add chain=prerouting protocol=tcp dst-port=4376 action=mark-connection \
new-connection-mark=Jogos-Conexao passthrough=yes comment="Line Age" \
disabled=no
add chain=prerouting protocol=udp dst-port=4376 action=mark-connection \
new-connection-mark=Jogos-Conexao passthrough=yes comment="" disabled=no
add chain=prerouting protocol=tcp dst-port=6112 action=mark-connection \
new-connection-mark=Jogos-Conexao passthrough=yes comment="WarCraft" \
disabled=no
add chain=prerouting protocol=udp dst-port=6112 action=mark-connection \
new-connection-mark=Jogos-Conexao passthrough=yes comment="" disabled=no
add chain=prerouting protocol=tcp dst-port=4500 action=mark-connection \
new-connection-mark=Jogos-Conexao passthrough=yes comment="" disabled=no
add chain=prerouting protocol=udp dst-port=4500 action=mark-connection \
new-connection-mark=Jogos-Conexao passthrough=yes comment="" disabled=no
add chain=prerouting protocol=tcp dst-port=6900 action=mark-connection \
new-connection-mark=Jogos-Conexao passthrough=yes comment="" disabled=no
add chain=prerouting protocol=udp dst-port=6900 action=mark-connection \
new-connection-mark=Jogos-Conexao passthrough=yes comment="" disabled=no
add chain=prerouting protocol=tcp dst-port=5000 action=mark-connection \
new-connection-mark=Jogos-Conexao passthrough=yes comment="" disabled=no
add chain=prerouting protocol=udp dst-port=5000 action=mark-connection \
new-connection-mark=Jogos-Conexao passthrough=yes comment="" disabled=no
add chain=prerouting protocol=tcp dst-port=27018 action=mark-connection \
new-connection-mark=Jogos-Conexao passthrough=yes comment="Counter Strike" \
disabled=no
add chain=prerouting protocol=udp dst-port=27018 action=mark-connection \
new-connection-mark=Jogos-Conexao passthrough=yes comment="" disabled=no
add chain=prerouting protocol=tcp dst-port=27015 action=mark-connection \
new-connection-mark=Jogos-Conexao passthrough=yes comment="" disabled=no
add chain=prerouting protocol=udp dst-port=27015 action=mark-connection \
new-connection-mark=Jogos-Conexao passthrough=yes comment="" disabled=no
add chain=prerouting protocol=tcp dst-port=27020 action=mark-connection \
new-connection-mark=Jogos-Conexao passthrough=yes comment="" disabled=no
add chain=prerouting protocol=udp dst-port=27020 action=mark-connection \
new-connection-mark=Jogos-Conexao passthrough=yes comment="" disabled=no
add chain=prerouting protocol=tcp dst-port=27019 action=mark-connection \
new-connection-mark=Jogos-Conexao passthrough=yes comment="" disabled=no
add chain=prerouting protocol=udp dst-port=27019 action=mark-connection \
new-connection-mark=Jogos-Conexao passthrough=yes comment="" disabled=no
add chain=prerouting protocol=tcp dst-port=27013 action=mark-connection \
new-connection-mark=Jogos-Conexao passthrough=yes comment="" disabled=no
add chain=prerouting protocol=udp dst-port=27013 action=mark-connection \
new-connection-mark=Jogos-Conexao passthrough=yes comment="" disabled=no
add chain=prerouting connection-mark=Jogos-Conexao action=mark-packet \
new-packet-mark=Jogos-Pacotes passthrough=no comment="" disabled=no
add chain=prerouting protocol=udp action=mark-connection \
new-connection-mark=UDP-Conexao passthrough=yes comment="CONTROLE UDP" \
disabled=no
add chain=prerouting connection-mark=UDP-Conexao action=mark-packet \
new-packet-mark=UDP-Pacotes passthrough=no comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=Outros-Conexao \
passthrough=yes comment="CONTROLE SERVICOS NAO IDENTIFICADOS" disabled=no
add chain=prerouting connection-mark=Outros-Conexao action=mark-packet \
new-packet-mark=Outros-Pacotes passthrough=no comment="" disabled=no
Criando o controle de banda:
/ queue tree
add name="QOS" parent=global-total packet-mark="" limit-at=0 queue=default \
priority=8 max-limit=6000000 burst-limit=0 burst-threshold=0 burst-time=0s \
disabled=no
add name="1 - Navegacao" parent=QOS packet-mark=Navegacao-Pacotes \
limit-at=2000000 queue=default priority=1 max-limit=100000000 \
burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
add name="2 - Messenger" parent=QOS packet-mark=Messenger-Pacotes \
limit-at=512000 queue=default priority=2 max-limit=1000000 burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no
add name="2 - E-mail" parent=QOS packet-mark=E-mail-Pacotes limit-at=512000 \
queue=default priority=3 max-limit=1000000 burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no
add name="8 - P2P" parent=QOS packet-mark=P2P-Pacotes limit-at=0 queue=default \
priority=8 max-limit=128000 burst-limit=0 burst-threshold=0 burst-time=0s \
disabled=no
add name="4 - Acesso-Remoto" parent=QOS packet-mark=Acesso-Remoto-Pacotes \
limit-at=256000 queue=default priority=2 max-limit=512000 burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no
add name="5 - ICMP" parent=QOS packet-mark=ICMP-Pacotes limit-at=256000 \
queue=default priority=1 max-limit=512000 burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no
add name="6 - UDP" parent=QOS packet-mark=UDP-Pacotes limit-at=2000000 \
queue=default priority=3 max-limit=4000000 burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no
add name="7 - Outros" parent=QOS packet-mark=Outros-Pacotes limit-at=0 \
queue=default priority=8 max-limit=2000000 burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no
add name="3 - Banco-Dados" parent=QOS packet-mark=Banco-Dados-Pacotes \
limit-at=256000 queue=default priority=3 max-limit=512000 burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no
add name="3 - Jogos" parent=QOS packet-mark=Jogos-Pacotes limit-at=512000 \
queue=default priority=3 max-limit=1000000 burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no
Respostas
regra do sergio no under linx
No caso do wintraf, verifiquem se a regra abaixo surte algum efeito:
chain=input action=accept src-address=10.6.5.0/29 dst-port=0-65535 protocol=udp limit=1,5 dst-limit=1,5,dst-address/1m40s
lembrando que o src-address deve ser alterado para o IP ou faixa que utiliza em sua rede e esta regra deve ficar acima de qualquer outra regra de accept
Nao acessa nao pinga nao tem discover na interface wirelles
So é possivel acessar pela lan
como assim perde o acesso? não conseguirei acessar mais ele, apenas pingar?
ou apenas não rastreará mais no discover?
faça o bekup do burlet vai baixar um arquivo .
Abra esse arquivo com wordPad cole essa regra salve e devolve esse arquivo para o burlet.
vai ficar asim.
aaa.1.status=disabled
aaa.status=disabled
bridge.1.devname=br0
bridge.1.fd=1
bridge.1.port.1.devname=eth0
bridge.1.port.1.status=enabled
bridge.1.port.2.devname=ath0
bridge.1.port.2.status=enabled
bridge.1.port.3.devname=eth1
bridge.1.port.3.status=enabled
bridge.1.stp.status=disabled
bridge.status=enabled
dhcpc.1.devname=br0
dhcpc.1.status=disabled
dhcpc.status=disabled
dhcpd.1.status=disabled
dhcpd.status=disabled
dnsmasq.1.devname=eth0
dnsmasq.1.status=enabled
dnsmasq.status=disabled
ebtables.1.cmd=-t nat -A PREROUTING --in-interface ath0 -j arpnat --arpnat-target ACCEPT
ebtables.1.status=disabled
ebtables.2.cmd=-t nat -A POSTROUTING --out-interface ath0 -j arpnat --arpnat-target ACCEPT
ebtables.2.status=disabled
ebtables.3.cmd=-t broute -A BROUTING --protocol 0x888e --in-interface ath0 -j DROP
ebtables.3.status=disabled
ebtables.4.cmd=-A FORWARD -p 0x8863 -j ACCEPT
ebtables.4.status=enabled
ebtables.5.cmd=-A FORWARD -p 0x8864 -j ACCEPT
ebtables.5.status=enabled
ebtables.6.cmd=-P FORWARD DROP
ebtables.6.status=enabled
ebtables.7.cmd=-A INPUT -p 0x0800 --in-interface ath0 -j DROP
ebtables.7.status=enabled
ebtables.50.status=disabled
ebtables.51.status=disabled
ebtables.52.status=disabled
ebtables.status=enabled
gui.language=pt_PT
httpd.https.status=disabled
httpd.port.http=80
httpd.port=80
httpd.status=enabled
igmpproxy.status=disabled
iptables.3.status=disabled
iptables.status=disabled
netconf.1.alias.1.status=disabled
netconf.1.alias.2.status=disabled
netconf.1.alias.3.status=disabled
netconf.1.alias.4.status=disabled
netconf.1.alias.5.status=disabled
netconf.1.alias.6.status=disabled
netconf.1.alias.7.status=disabled
netconf.1.alias.8.status=disabled
netconf.1.devname=eth0
netconf.1.ip=0.0.0.0
netconf.1.netmask=255.255.255.0
netconf.1.promisc=enabled
netconf.1.status=enabled
netconf.1.up=enabled
netconf.2.alias.1.status=disabled
netconf.2.alias.2.status=disabled
netconf.2.alias.3.status=disabled
netconf.2.alias.4.status=disabled
netconf.2.alias.5.status=disabled
netconf.2.alias.6.status=disabled
netconf.2.alias.7.status=disabled
netconf.2.alias.8.status=disabled
netconf.2.allmulti=enabled
netconf.2.devname=ath0
netconf.2.ip=0.0.0.0
netconf.2.netmask=255.255.255.0
netconf.2.promisc=enabled
netconf.2.status=enabled
netconf.2.up=enabled
netconf.3.autoip.status=disabled
netconf.3.devname=br0
netconf.3.ip=192.168.1.20
netconf.3.netmask=255.255.255.0
netconf.3.status=enabled
netconf.3.up=enabled
netconf.status=enabled
netmode=bridge
ntpclient.status=disabled
ppp.1.password=
ppp.1.status=disabled
ppp.status=disabled
pwdog.status=disabled
radio.1.ack.auto=enabled
radio.1.ackdistance=600
radio.1.acktimeout=25
radio.1.ampdu.bytes=50000
radio.1.ampdu.frames=32
radio.1.ampdu.status=enabled
radio.1.chanshift=0
radio.1.clksel=1
radio.1.countrycode=840
radio.1.cwm.enable=0
radio.1.cwm.mode=2
radio.1.devname=ath0
radio.1.dfs.status=
radio.1.forbiasauto=1
radio.1.frag=off
radio.1.freq=2412
radio.1.ieee_mode=11nght40plus
radio.1.mcastrate=
radio.1.mode=master
radio.1.polling=disabled
radio.1.rate.auto=enabled
radio.1.rate.mcs=auto
radio.1.rts=off
radio.1.status=enabled
radio.1.subsystemid=0xe202
radio.1.thresh62a=
radio.1.thresh62b=
radio.1.thresh62g=
radio.1.txpower=10
radio.countrycode=840
radio.status=enabled
resolv.host.1.name=UBNT
resolv.host.1.status=enabled
resolv.nameserver.1.ip=0.0.0.0
resolv.nameserver.1.status=enabled
resolv.nameserver.2.status=disabled
resolv.status=enabled
route.1.devname=br0
route.1.gateway=192.168.1.20
route.1.ip=0.0.0.0
route.1.netmask=0
route.1.status=enabled
route.status=enabled
snmp.status=disabled
sshd.port=22
sshd.status=disabled
syslog.remote.status=
syslog.status=disabled
telnetd.status=disabled
tshaper.status=disabled
users.1.name=ubnt
users.1.password=VvpvCwhccFv6Q
users.1.status=enabled
users.2.status=disabled
users.status=enabled
wireless.1.addmtikie=disabled
wireless.1.ap=
wireless.1.authmode=1
wireless.1.compression=0
wireless.1.devname=ath0
wireless.1.fastframes=0
wireless.1.frameburst=0
wireless.1.hide_ssid=disabled
wireless.1.l2_isolation=enabled
wireless.1.mac_acl.1.mac=
wireless.1.mac_acl.1.status=disabled
wireless.1.mac_acl.10.mac=
wireless.1.mac_acl.10.status=disabled
wireless.1.mac_acl.11.mac=
wireless.1.mac_acl.11.status=disabled
wireless.1.mac_acl.12.mac=
wireless.1.mac_acl.12.status=disabled
wireless.1.mac_acl.13.mac=
wireless.1.mac_acl.13.status=disabled
wireless.1.mac_acl.14.mac=
wireless.1.mac_acl.14.status=disabled
wireless.1.mac_acl.15.mac=
wireless.1.mac_acl.15.status=disabled
wireless.1.mac_acl.16.mac=
wireless.1.mac_acl.16.status=disabled
wireless.1.mac_acl.2.mac=
wireless.1.mac_acl.2.status=disabled
wireless.1.mac_acl.3.mac=
wireless.1.mac_acl.3.status=disabled
wireless.1.mac_acl.4.mac=
wireless.1.mac_acl.4.status=disabled
wireless.1.mac_acl.5.mac=
wireless.1.mac_acl.5.status=disabled
wireless.1.mac_acl.6.mac=
wireless.1.mac_acl.6.status=disabled
wireless.1.mac_acl.7.mac=
wireless.1.mac_acl.7.status=disabled
wireless.1.mac_acl.8.mac=
wireless.1.mac_acl.8.status=disabled
wireless.1.mac_acl.9.mac=
wireless.1.mac_acl.9.status=disabled
wireless.1.mac_acl.policy=allow
wireless.1.mac_acl.status=disabled
wireless.1.macclone=disabled
wireless.1.security=none
wireless.1.signal_led1=94
wireless.1.signal_led2=80
wireless.1.signal_led3=73
wireless.1.signal_led4=65
wireless.1.ssid=ubnt
wireless.1.status=enabled
wireless.1.wds=disabled
wireless.1.wmm=enabled
wireless.1.wmmlevel=
wireless.status=enabled
wpasupplicant.device.1.status=disabled
wpasupplicant.status=disabled
Lenbradno que perdera o acesso ao burlet pela wirelles
Em que lugar se coloca essa regra de ubiquiti que vc citou no bulet?
Rogerio disse:
acompanhando!
Se usas so ppoe use essa regra diminue muito os problemas.
O wimtraf nao passa dessa regra mas nao impede o ataque na interface q trasmite.
Essa e para os ubiquiti que trasmiten na torre.
ebtables.4.cmd=-A FORWARD -p 0x8863 -j ACCEPT
ebtables.4.status=enabled
ebtables.5.cmd=-A FORWARD -p 0x8864 -j ACCEPT
ebtables.5.status=enabled
ebtables.6.cmd=-P FORWARD DROP
ebtables.6.status=enabled
Essa é para mikrotik
accept chain=forward interface="Saida wirelles para Cliente" disabled=no mac-protocol=0x8864
accept chain=forward interface="Saida wirelles para Cliente"disabled=no mac-protocol=0x8863
drop chain=forward interface="Saida wirelles para Cliente" disabled=no
Lembrando que so serve para quen usa so pppoe
O unico bloqueio que funciona é limitar lá na RB ou no Bullet o UDP de cada cliente.
Regras podem dropar o tráfego, mas não impede que o mikrotik continuem recebendo os pacotes invalidos do wintraff.
kkkkkkkkkkkkkkkkk
wlw mesmo amigo, as regras estão me ajudando muito, pois meu firewall estava vazio, a hora q for perto do meu servidor testarei o maldito wintraff. . .
Por nada irmão, recebi de graça estou passando de graça. "Dai a Cesar o que é de Cesar".
Luciano Kalinoski disse:
-
1
-
2
de 2 Próximo