Hello all,
I have setup hotspot and queue tree but I have extensions exe and dat not stop downloading and no user is download such these file type I am sure.
I feel that a virus or my network have hacked so can I block malicious thread by mikrotik?
I running 3.2
thanks
Re: Queue tree exe & dat extesions
1. upgrade to v5.2
2. what is the problem exactly? post some picture and post your config
2. what is the problem exactly? post some picture and post your config
Re: Queue tree exe & dat extesions
I have these queue tree
[admin@MikroTik] /queue tree> print
Flags: X - disabled, I - invalid
0 name="youtube" parent=global-out packet-mark=youtube limit-at=0 queue=default-small priority=8 max-limit=1000 burst-limit=0
burst-threshold=0 burst-time=0s
1 name="zip file" parent=global-out packet-mark=zip limit-at=0 queue=default-small priority=8 max-limit=16000 burst-limit=0
burst-threshold=0 burst-time=0s
2 name="rar" parent=global-out packet-mark=rar limit-at=0 queue=default-small priority=8 max-limit=8000 burst-limit=0 burst-threshold=0
burst-time=0s
3 name="avi" parent=global-out packet-mark=avi limit-at=0 queue=default-small priority=8 max-limit=1000 burst-limit=0 burst-threshold=0
burst-time=0s
4 name="7z" parent=global-out packet-mark=7z limit-at=0 queue=default-small priority=8 max-limit=3000 burst-limit=0 burst-threshold=0
burst-time=0s
5 name="asf" parent=global-out packet-mark=asf limit-at=0 queue=default-small priority=8 max-limit=16000 burst-limit=0 burst-threshold=0
burst-time=0s
6 name="bin" parent=global-out packet-mark=bin limit-at=0 queue=default-small priority=8 max-limit=16000 burst-limit=0 burst-threshold=0
burst-time=0s
7 name="flv" parent=global-out packet-mark=flv limit-at=0 queue=default-small priority=8 max-limit=1000 burst-limit=0 burst-threshold=0
burst-time=0s
8 name="iso" parent=global-out packet-mark=iso limit-at=0 queue=default-small priority=8 max-limit=16000 burst-limit=0 burst-threshold=0
burst-time=0s
9 name="mkv" parent=global-out packet-mark=mkv limit-at=0 queue=default-small priority=8 max-limit=16000 burst-limit=0 burst-threshold=0
burst-time=0s
10 name="exe" parent=global-out packet-mark=exe limit-at=0 queue=default-small priority=8 max-limit=1000 burst-limit=0 burst-threshold=0
burst-time=0s
11 name="mov" parent=global-out packet-mark=mov limit-at=0 queue=default-small priority=8 max-limit=16000 burst-limit=0 burst-threshold=0
burst-time=0s
12 name="mp3" parent=global-out packet-mark=mp3 limit-at=0 queue=default-small priority=8 max-limit=16000 burst-limit=0 burst-threshold=0
burst-time=0s
13 name="mp4" parent=global-out packet-mark=mp4 limit-at=0 queue=default-small priority=8 max-limit=1000 burst-limit=0 burst-threshold=0
burst-time=0s
14 name="mpeg" parent=global-out packet-mark=mpeg limit-at=0 queue=default-small priority=8 max-limit=16000 burst-limit=0 burst-threshold=>
burst-time=0s
ETC....
I have also
[admin@MikroTik] /queue type> print
0 name="default" kind=pfifo pfifo-limit=50
1 name="ethernet-default" kind=pfifo pfifo-limit=50
2 name="wireless-default" kind=sfq sfq-perturb=5 sfq-allot=1514
3 name="synchronous-default" kind=red red-limit=60 red-min-threshold=10 red-max-threshold=50 red-burst=20 red-avg-packet=1000
4 name="hotspot-default" kind=sfq sfq-perturb=5 sfq-allot=1514
5 name="default-small" kind=pcq pcq-rate=0 pcq-limit=50 pcq-classifier=src-address,dst-address,src-port,dst-port pcq-total-limit=2000
I have layer 7 protocols
0 YouTube Download videoplayback
1 Extension " .exe " ^.*get.+\.exe.*$
2 Extension " .rar " ^.*get.+\.rar.*$
3 Extension " .zip " ^.*get.+\.zip.*$
4 Extension " .7z " ^.*get.+\.7z.*$
5 Extension " .bin " ^.*get.+\.bin.*$
6 Extension " .ram " ^.*get.+\.ram.*$
7 Extension " .rmvb " ^.*get.+\.rmvb.*$
8 Extension " .asf " ^.*get.+\.asf.*$
9 Extension " .mov " ^.*get.+\.mov.*$
10 Extension " .wmv " ^.*get.+\.wmv.*$
11 Extension " .mpg " ^.*get.+\.mpg.*$
12 Extension " .mpeg " ^.*get.+\.mpeg.*$
13 Extension " .mkv " ^.*get.+\.mkv.*$
14 Extension " .avi " ^.*get.+\.avi.*$
15 Extension " .flv " ^.*get.+\.flv.*$
16 Extension " .pdf " ^.*get.+\.pdf.*$
17 Extension " .iso " ^.*get.+\.iso.*$
18 Extension " .nrg " ^.*get.+\.nrg.*$
19 Extension " .wav " ^.*get.+\.wav.*$
20 Extension " .rm " ^.*get.+\.rm.*$
21 Extension " .mp3 " ^.*get.+\.mp3.*$
22 Extension " .mp4 " ^.*get.+\.mp4.*$
23 Extension " .wma " ^.*get.+\.wma.*$
24 Extension " .daa " ^.*get.+\.daa.*$
25 Extension " .dat " ^.*get.+\.dat.*$
26 Extension " .vcd " ^.*get.+\.vcd.*$
27 Extension " .cab " ^.*get.+\.cab.*$
28 Extension " .3gp " ^.*get.+\.3gp.*$
29 livestreem www.livestation.com|channel
I have also mangel
[admin@MikroTik] /ip firewall mangle> print
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; 7z DOWNS
chain=prerouting action=mark-connection new-connection-mark=7z DOWNS passthrough=yes protocol=tcp layer7-protocol=Extension " .7z "
1 chain=postrouting action=mark-packet new-packet-mark=7z passthrough=no protocol=tcp connection-mark=7z DOWNS
2 ;;; asf DOWNS
chain=prerouting action=mark-connection new-connection-mark=asf DOWNS passthrough=yes protocol=tcp layer7-protocol=Extension " .asf "
3 chain=postrouting action=mark-packet new-packet-mark=asf passthrough=no protocol=tcp connection-mark=asf DOWNS
4 ;;; avi DOWNS
chain=prerouting action=mark-connection new-connection-mark=avi DOWNS passthrough=yes protocol=tcp layer7-protocol=Extension " .avi "
5 chain=postrouting action=mark-packet new-packet-mark=avi passthrough=no protocol=tcp connection-mark=avi DOWNS
6 ;;; bin DOWNS
chain=prerouting action=mark-connection new-connection-mark=bin DOWNS passthrough=yes protocol=tcp layer7-protocol=Extension " .bin "
7 chain=postrouting action=mark-packet new-packet-mark=bin passthrough=no protocol=tcp connection-mark=bin DOWNS
8 ;;; flv DOWNS
chain=prerouting action=mark-connection new-connection-mark=flv DOWNS passthrough=yes protocol=tcp layer7-protocol=Extension " .flv "
9 chain=postrouting action=mark-packet new-packet-mark=flv passthrough=no protocol=tcp connection-mark=flv DOWNS
10 ;;; iso DOWNS
chain=prerouting action=mark-connection new-connection-mark=iso DOWNS passthrough=yes protocol=tcp layer7-protocol=Extension " .iso "
11 chain=postrouting action=mark-packet new-packet-mark=iso passthrough=no protocol=tcp connection-mark=iso DOWNS
12 ;;; mkv DOWNS
chain=prerouting action=mark-connection new-connection-mark=mkv DOWNS passthrough=yes protocol=tcp layer7-protocol=Extension " .mkv "
13 chain=postrouting action=mark-packet new-packet-mark=mkv passthrough=no protocol=tcp connection-mark=mkv DOWNS
14 ;;; exe DOWNS
chain=prerouting action=mark-connection new-connection-mark=exe DOWNS passthrough=yes protocol=tcp layer7-protocol=Extension " .exe "
15 chain=postrouting action=mark-packet new-packet-mark=exe passthrough=no protocol=tcp connection-mark=exe DOWNS
16 ;;; mov DOWNS
chain=prerouting action=mark-connection new-connection-mark=mov DOWNS passthrough=yes protocol=tcp layer7-protocol=Extension " .mov "
ETC....
Now My questions are :
1- EXE and DAT queue tree always running while no user is downloading such these files I am sure. this could be a virus or what I am very frustrating ?
2- If I want to block these extensions at all (not just limit ) how can I do?
3- If I add a new rule in firewall filter rules, no effect made for this. I mean if I want to block some traffic and drop it since it marked by mangle. How I can do?
I tried :
[admin@MikroTik] /ip firewall filter> print
Flags: X - disabled, I - invalid, D - dynamic
0 X ;;; place hotspot rules here
chain=unused-hs-chain action=passthrough
1 chain=forward action=drop out-interface=LAN packet-mark=rar
but not worked.
Sorry if I made my post very long. my intention to make every thing clear to you
I appr. your co-operating
thanks
[admin@MikroTik] /queue tree> print
Flags: X - disabled, I - invalid
0 name="youtube" parent=global-out packet-mark=youtube limit-at=0 queue=default-small priority=8 max-limit=1000 burst-limit=0
burst-threshold=0 burst-time=0s
1 name="zip file" parent=global-out packet-mark=zip limit-at=0 queue=default-small priority=8 max-limit=16000 burst-limit=0
burst-threshold=0 burst-time=0s
2 name="rar" parent=global-out packet-mark=rar limit-at=0 queue=default-small priority=8 max-limit=8000 burst-limit=0 burst-threshold=0
burst-time=0s
3 name="avi" parent=global-out packet-mark=avi limit-at=0 queue=default-small priority=8 max-limit=1000 burst-limit=0 burst-threshold=0
burst-time=0s
4 name="7z" parent=global-out packet-mark=7z limit-at=0 queue=default-small priority=8 max-limit=3000 burst-limit=0 burst-threshold=0
burst-time=0s
5 name="asf" parent=global-out packet-mark=asf limit-at=0 queue=default-small priority=8 max-limit=16000 burst-limit=0 burst-threshold=0
burst-time=0s
6 name="bin" parent=global-out packet-mark=bin limit-at=0 queue=default-small priority=8 max-limit=16000 burst-limit=0 burst-threshold=0
burst-time=0s
7 name="flv" parent=global-out packet-mark=flv limit-at=0 queue=default-small priority=8 max-limit=1000 burst-limit=0 burst-threshold=0
burst-time=0s
8 name="iso" parent=global-out packet-mark=iso limit-at=0 queue=default-small priority=8 max-limit=16000 burst-limit=0 burst-threshold=0
burst-time=0s
9 name="mkv" parent=global-out packet-mark=mkv limit-at=0 queue=default-small priority=8 max-limit=16000 burst-limit=0 burst-threshold=0
burst-time=0s
10 name="exe" parent=global-out packet-mark=exe limit-at=0 queue=default-small priority=8 max-limit=1000 burst-limit=0 burst-threshold=0
burst-time=0s
11 name="mov" parent=global-out packet-mark=mov limit-at=0 queue=default-small priority=8 max-limit=16000 burst-limit=0 burst-threshold=0
burst-time=0s
12 name="mp3" parent=global-out packet-mark=mp3 limit-at=0 queue=default-small priority=8 max-limit=16000 burst-limit=0 burst-threshold=0
burst-time=0s
13 name="mp4" parent=global-out packet-mark=mp4 limit-at=0 queue=default-small priority=8 max-limit=1000 burst-limit=0 burst-threshold=0
burst-time=0s
14 name="mpeg" parent=global-out packet-mark=mpeg limit-at=0 queue=default-small priority=8 max-limit=16000 burst-limit=0 burst-threshold=>
burst-time=0s
ETC....
I have also
[admin@MikroTik] /queue type> print
0 name="default" kind=pfifo pfifo-limit=50
1 name="ethernet-default" kind=pfifo pfifo-limit=50
2 name="wireless-default" kind=sfq sfq-perturb=5 sfq-allot=1514
3 name="synchronous-default" kind=red red-limit=60 red-min-threshold=10 red-max-threshold=50 red-burst=20 red-avg-packet=1000
4 name="hotspot-default" kind=sfq sfq-perturb=5 sfq-allot=1514
5 name="default-small" kind=pcq pcq-rate=0 pcq-limit=50 pcq-classifier=src-address,dst-address,src-port,dst-port pcq-total-limit=2000
I have layer 7 protocols
0 YouTube Download videoplayback
1 Extension " .exe " ^.*get.+\.exe.*$
2 Extension " .rar " ^.*get.+\.rar.*$
3 Extension " .zip " ^.*get.+\.zip.*$
4 Extension " .7z " ^.*get.+\.7z.*$
5 Extension " .bin " ^.*get.+\.bin.*$
6 Extension " .ram " ^.*get.+\.ram.*$
7 Extension " .rmvb " ^.*get.+\.rmvb.*$
8 Extension " .asf " ^.*get.+\.asf.*$
9 Extension " .mov " ^.*get.+\.mov.*$
10 Extension " .wmv " ^.*get.+\.wmv.*$
11 Extension " .mpg " ^.*get.+\.mpg.*$
12 Extension " .mpeg " ^.*get.+\.mpeg.*$
13 Extension " .mkv " ^.*get.+\.mkv.*$
14 Extension " .avi " ^.*get.+\.avi.*$
15 Extension " .flv " ^.*get.+\.flv.*$
16 Extension " .pdf " ^.*get.+\.pdf.*$
17 Extension " .iso " ^.*get.+\.iso.*$
18 Extension " .nrg " ^.*get.+\.nrg.*$
19 Extension " .wav " ^.*get.+\.wav.*$
20 Extension " .rm " ^.*get.+\.rm.*$
21 Extension " .mp3 " ^.*get.+\.mp3.*$
22 Extension " .mp4 " ^.*get.+\.mp4.*$
23 Extension " .wma " ^.*get.+\.wma.*$
24 Extension " .daa " ^.*get.+\.daa.*$
25 Extension " .dat " ^.*get.+\.dat.*$
26 Extension " .vcd " ^.*get.+\.vcd.*$
27 Extension " .cab " ^.*get.+\.cab.*$
28 Extension " .3gp " ^.*get.+\.3gp.*$
29 livestreem www.livestation.com|channel
I have also mangel
[admin@MikroTik] /ip firewall mangle> print
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; 7z DOWNS
chain=prerouting action=mark-connection new-connection-mark=7z DOWNS passthrough=yes protocol=tcp layer7-protocol=Extension " .7z "
1 chain=postrouting action=mark-packet new-packet-mark=7z passthrough=no protocol=tcp connection-mark=7z DOWNS
2 ;;; asf DOWNS
chain=prerouting action=mark-connection new-connection-mark=asf DOWNS passthrough=yes protocol=tcp layer7-protocol=Extension " .asf "
3 chain=postrouting action=mark-packet new-packet-mark=asf passthrough=no protocol=tcp connection-mark=asf DOWNS
4 ;;; avi DOWNS
chain=prerouting action=mark-connection new-connection-mark=avi DOWNS passthrough=yes protocol=tcp layer7-protocol=Extension " .avi "
5 chain=postrouting action=mark-packet new-packet-mark=avi passthrough=no protocol=tcp connection-mark=avi DOWNS
6 ;;; bin DOWNS
chain=prerouting action=mark-connection new-connection-mark=bin DOWNS passthrough=yes protocol=tcp layer7-protocol=Extension " .bin "
7 chain=postrouting action=mark-packet new-packet-mark=bin passthrough=no protocol=tcp connection-mark=bin DOWNS
8 ;;; flv DOWNS
chain=prerouting action=mark-connection new-connection-mark=flv DOWNS passthrough=yes protocol=tcp layer7-protocol=Extension " .flv "
9 chain=postrouting action=mark-packet new-packet-mark=flv passthrough=no protocol=tcp connection-mark=flv DOWNS
10 ;;; iso DOWNS
chain=prerouting action=mark-connection new-connection-mark=iso DOWNS passthrough=yes protocol=tcp layer7-protocol=Extension " .iso "
11 chain=postrouting action=mark-packet new-packet-mark=iso passthrough=no protocol=tcp connection-mark=iso DOWNS
12 ;;; mkv DOWNS
chain=prerouting action=mark-connection new-connection-mark=mkv DOWNS passthrough=yes protocol=tcp layer7-protocol=Extension " .mkv "
13 chain=postrouting action=mark-packet new-packet-mark=mkv passthrough=no protocol=tcp connection-mark=mkv DOWNS
14 ;;; exe DOWNS
chain=prerouting action=mark-connection new-connection-mark=exe DOWNS passthrough=yes protocol=tcp layer7-protocol=Extension " .exe "
15 chain=postrouting action=mark-packet new-packet-mark=exe passthrough=no protocol=tcp connection-mark=exe DOWNS
16 ;;; mov DOWNS
chain=prerouting action=mark-connection new-connection-mark=mov DOWNS passthrough=yes protocol=tcp layer7-protocol=Extension " .mov "
ETC....
Now My questions are :
1- EXE and DAT queue tree always running while no user is downloading such these files I am sure. this could be a virus or what I am very frustrating ?
2- If I want to block these extensions at all (not just limit ) how can I do?
3- If I add a new rule in firewall filter rules, no effect made for this. I mean if I want to block some traffic and drop it since it marked by mangle. How I can do?
I tried :
[admin@MikroTik] /ip firewall filter> print
Flags: X - disabled, I - invalid, D - dynamic
0 X ;;; place hotspot rules here
chain=unused-hs-chain action=passthrough
1 chain=forward action=drop out-interface=LAN packet-mark=rar
but not worked.
Sorry if I made my post very long. my intention to make every thing clear to you
I appr. your co-operating
thanks