Archive for December, 2008

Spam trojan detection with Mikrotik RouterOS

Sunday, December 14th, 2008

One major issue facing ISPs today is the difficulty in obtaining sufficient IP space for every customer.  For many, it’s a matter of cost and for some it is simply a choice to NAT their customers behind their router/firewall.  For the most part, NAT behaves much better today than in days gone by, but there is one issue that is very problematic for those that choose to NAT their customers.  There is a significant proliferation of a new generation of trojans that turns  a user’s computer into a menace to the Internet community.  This new generation of trojans (collectively known as “botnets”) can cause problems for not only the owner, but for other customers of the ISP that chooses to NAT.  Since a significant number of these botnets are used to send spam all over the internet, we, as service providers, have to find a way to protect our networks from being blacklisted, while still allowing our customers to utilize the internet in a way that does not set too many boundries.  In this article, I will discuss two approaches to setting these limits which have shown to be both effective AND relatively mantenance free.

(more…)

Using the layer 7 filters – instant messaging example

Sunday, December 14th, 2008

In this article, I will describe one functional use for the layer-7  filters that MikroTik offers.  This feature can be very useful if used with caution.  The main problem with L7 filters is that they require much more processor time than many of the firewall functions.  I am not saying this just to “scare” you away from using them, but you need to be aware of this issue.  The scripts in this article have been tested and DO work as written.  They are in no way complete, but they are certainly functional as posted.

(more…)