Menyerap Bandwidth WiFi Melalui CMD (Command Prompt) di Windows

Cara yang akan Saya jelaskan dibawah ini bertujuan untuk menyerap bandwitdh WiFi yang sedang digunakan oleh orang lain dalam satu jaringan hotspot/WiFi yang sama seperti Anda gunakan di tempat itu. Cara ini hanya bekerja di Windows OS saja.

Silahkan simak langkah-langkah di bawah ini:

1. Klik Start, lalu klik menu Run. Ketikkan cmd lalu OK atau Enter.

 

Maka muncul jendela command prompt.

 

2. Kemudian masukkan perintah ipconfig/all. Perintah ini berfungsi untuk menampilkan semua informasi koneksi dimana anda berada sekarang.

 

Kemudian tekan enter, lalu akan muncul informasi kurang lebih seperti di bawah ini.

 

3. Selajutnya, kita harus menemukan Alamat untuk Domain Name Server atau DNS Servers. Carilah pada informasi yang tertera setelah tadi kita memasukkan perintah ipconfig/all. Ingatlah susunan angka DNS itu.

Kurang lebih, tertuliskan seperti ini. DNS Servers . . . . . . . . . . . : (Alamat DNS) seperti yang ada pada gambar dibawah.

 

4. Lalu scrolling cmd.exe Anda pada bagian paling bawah, Anda akan menemukan perintah seperti perintah awal untuk mengetik. Ketikkan perintah seperti berikut ping -L 500 192.168.10.1 -t. dan Alamat 192.168.10.1 itu berasal dari DNS Server yang tertera di atas (*DNS Server yang terdeteksi di komputer Saya). Ganti dengan DNS Server yang terdeteksi di lokasi Anda. Seperti gambar dibawah ini.

Setelah Anda memasukkan perintah seperti yang telah dijelaskan tadi, kemudian tekan Enter.

 

 5. Setelah Anda tekan Enter, lalu akan menampilkan proses yang sedang berjalan. Biarkan proses itu berjalan terus selama Anda menggunakan koneksi WiFi. Jika perlu minimize saja, jangan tutup Command Prompt Anda selama Anda masih menggunakan trik ini. Jika Anda sudah tidak membutuhkannya, silahkan tutup Command Prompt Anda.

Anda dapat menambah kecepatannya dengan mengganti perintah (ping -1 500 Alamat DNS -t) menjadi 1000 atau 2000. Tetapi Saya sarankan jangan berlebihan karena dapat terlalu mengganggu orang disekitar Anda yang juga sedang menggunakan koneksi WiFi.

source

Protect your Mikrotik from Stranger

The following rules will create a address list which will have your management PC ip address. an then it will allow all ports like WINBOX, FTP, SSH, TELNET from this address list only, and rest of ips wont be able to access these ports.

1.        /ip firewall address-list 2.        add list=management-servers address=10.10.0.1/24 3.        /ip firewall filter 4.        add chain=input src-address-list=management-servers protocol=tcp dst-port=21,22,23,80,443,8291 action=accept 5.        add chain=input protocol=tcp dst-port=21,22,23,80,443,8291 action=drop

A basic Mikrotik Firewall Script to secure MT box from virus and flooding. First copy all contents of below script to notepad, then carefully read it, add remove any un necessary rules. Also some rules are commented, modify them as per your requirements.***

1.        /ip firewall filter 2.        add chain=input connection-state=established comment="Accept established connections" 3.        add chain=input connection-state=related comment="Accept related connections" 4.        add chain=input connection-state=invalid action=drop comment="Drop invalid connections" 5.        add chain=input protocol=udp action=accept comment="UDP" disabled=no 6.        add chain=forward connection-state=invalid action=drop comment="drop invalid connections" 7.        #### ALLOW VPN (PPTP) CONNECTIONS TO MIKROTIK VPN SERVER 8.        #add action=accept chain=input disabled=no dst-port=1723 protocol=tcp 9.        #add action=accept chain=input disabled=no protocol=gre 10.     #### TO BLOCK DNS ATTACK on WAN INTERFACE 11.     #/ip firewall filter 12.     #add chain=input action=drop dst-port=53 protocol=udp in-interface=ether1 # WAN INTERFACE 13.     #add chain=input action=drop dst-port=53 protocol=tcp in-interface=ether1 # WAN INTERFACE 14.     #### TO BLOCK PROXY ACCESS PORT 8080 / ATTACK on WAN INTERFACE 15.     #add chain=input action=drop dst-port=8080 protocol=tcp in-interface=ether1 # WAN INTERFACE 16.     #### TO BLOCK ICMP TRAFFIC EXCEPT FROM THE Management PC IP 17.     # Blocking ICMP Traffic, saves you from many headaches 18.     # add action=drop chain=input comment="DROP PING  REPLY" disabled=no protocol=icmp src-address=!10.10.0.4 19.     #### TO BLOCK TRACEROUTE TRAFFIC 20.     #/ip firewall add action=drop chain=forward comment="Drop Traceroute" disabled=no \ 21.     # icmp-options=11:0 protocol=icmp 22.     # add action=drop chain=forward comment="" disabled=no icmp-options=3:3 \ 23.     # protocol=icmp 24.     # add action=drop chain=input comment="Disable ICMP ping" disabled=no protocol=\ 25.     # icmp 26.     #### TO BLOCK COMMON VIRUS PORTS 27.     add chain=virus protocol=tcp dst-port=135-139 action=drop comment="Drop Blaster Worm" 28.     add chain=virus protocol=udp dst-port=135-139 action=drop comment="Drop Messenger Worm" 29.     add chain=virus protocol=tcp dst-port=445 action=drop comment="Drop Blaster Worm" 30.     add chain=virus protocol=udp dst-port=445 action=drop comment="Drop Blaster Worm" 31.     add chain=virus protocol=tcp dst-port=593 action=drop comment="________" 32.     add chain=virus protocol=tcp dst-port=1024-1030 action=drop comment="________" 33.     add chain=virus protocol=tcp dst-port=1080 action=drop comment="Drop MyDoom" 34.     add chain=virus protocol=tcp dst-port=1214 action=drop comment="________" 35.     add chain=virus protocol=tcp dst-port=1363 action=drop comment="ndm requester" 36.     add chain=virus protocol=tcp dst-port=1364 action=drop comment="ndm server" 37.     add chain=virus protocol=tcp dst-port=1368 action=drop comment="screen cast" 38.     add chain=virus protocol=tcp dst-port=1373 action=drop comment="hromgrafx" 39.     add chain=virus protocol=tcp dst-port=1377 action=drop comment="cichlid" 40.     add chain=virus protocol=tcp dst-port=1433-1434 action=drop comment="Worm" 41.     add chain=virus protocol=tcp dst-port=2745 action=drop comment="Bagle Virus" 42.     add chain=virus protocol=tcp dst-port=2283 action=drop comment="Drop Dumaru.Y" 43.     add chain=virus protocol=tcp dst-port=2535 action=drop comment="Drop Beagle" 44.     add chain=virus protocol=tcp dst-port=2745 action=drop comment="Drop Beagle.C-K" 45.     add chain=virus protocol=tcp dst-port=3127-3128 action=drop comment="Drop MyDoom" 46.     add chain=virus protocol=tcp dst-port=3410 action=drop comment="Drop Backdoor OptixPro" 47.     add chain=virus protocol=tcp dst-port=4444 action=drop comment="Worm" 48.     add chain=virus protocol=udp dst-port=4444 action=drop comment="Worm" 49.     add chain=virus protocol=tcp dst-port=5554 action=drop comment="Drop Sasser" 50.     add chain=virus protocol=tcp dst-port=8866 action=drop comment="Drop Beagle.B" 51.     add chain=virus protocol=tcp dst-port=9898 action=drop comment="Drop Dabber.A-B" 52.     add chain=virus protocol=tcp dst-port=10000 action=drop comment="Drop Dumaru.Y" 53.     add chain=virus protocol=tcp dst-port=10080 action=drop comment="Drop MyDoom.B" 54.     add chain=virus protocol=tcp dst-port=12345 action=drop comment="Drop NetBus" 55.     add chain=virus protocol=tcp dst-port=17300 action=drop comment="Drop Kuang2" 56.     add chain=virus protocol=tcp dst-port=27374 action=drop comment="Drop SubSeven" 57.     add chain=virus protocol=tcp dst-port=65506 action=drop comment="Drop PhatBot, Agobot, Gaobot" 58.     add chain=forward action=jump jump-target=virus comment="jump to the virus chain" 59.     #Drop port scanners 60.     add chain=input protocol=tcp psd=21,3s,3,1 action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="Port scanners to list " disabled=no 61.     add chain=input protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="NMAP FIN Stealth scan" 62.     add chain=input protocol=tcp tcp-flags=fin,syn action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="SYN/FIN scan" 63.     add chain=input protocol=tcp tcp-flags=syn,rst action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="SYN/RST scan" 64.     add chain=input protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="FIN/PSH/URG scan" 65.     add chain=input protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="ALL/ALL scan" 66.     add chain=input protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="NMAP NULL scan" 67.     add chain=input src-address-list="port scanners" action=drop comment="dropping port scanners" disabled=no 68.     #Bruteforce login prevention 69.     add chain=input protocol=tcp dst-port=21 src-address-list=ftp_blacklist action=drop comment="drop ftp brute forcers" 70.     add chain=output action=accept protocol=tcp content="530 Login incorrect" dst-limit=1/1m,9,dst-address/1m 71.     add chain=output action=add-dst-to-address-list protocol=tcp content="530 Login incorrect" address-list=ftp_blacklist address-list-timeout=3h 72.     #This will prevent a SSH brute forcer to be banned for 10 days after repetitive attempts. 73.     add chain=input protocol=tcp dst-port=22 src-address-list=ssh_blacklist action=drop comment="drop ssh brute forcers" disabled=no 74.     add chain=input protocol=tcp dst-port=22 connection-state=new src-address-list=ssh_stage3 action=add-src-to-address-list address-list=ssh_blacklist address-list-timeout=10d comment="" disabled=no 75.     add chain=input protocol=tcp dst-port=22 connection-state=new src-address-list=ssh_stage2 action=add-src-to-address-list address-list=ssh_stage3 address-list-timeout=10m comment="" disabled=no 76.     add chain=input protocol=tcp dst-port=22 connection-state=new src-address-list=ssh_stage1 action=add-src-to-address-list address-list=ssh_stage2 address-list-timeout=10m comment="" disabled=no 77.     add chain=input protocol=tcp dst-port=22 connection-state=new action=add-src-to-address-list address-list=ssh_stage1 address-list-timeout=1m comment="" disabled=no 78.     #If you want to block downstream access as well, you need to block the with the forward chain: 79.     add chain=forward protocol=tcp dst-port=22 src-address-list=ssh_blacklist action=drop comment="drop ssh brute downstream" disabled=no

A BETTER APPROACH ON BLOCKING PORTS !

1.        /ip firewall mangle 2.        add action=add-src-to-address-list address-list=Worm-Infected-p445 address-list-timeout=1h chain=prerouting connection-state=new disabled=no dst-port=445 limit=5,10 protocol=tcp 3.        /ip firewall filter 4.        add action=drop chain=forward disabled=no dst-port=445 protocol=tcp src-address-list=Worm-Infected-p445 5.        add action=drop chain=forward disabled=no dst-port=445 protocol=tcp src-address-list=Worm-Infected-p445

The above Rules allows 5 packets per second with a burst of 10 specific to new connections. The mangle rule will put addresses on a list when it exceeds that limit. That way legitimate use isn’t blocked but something like a virus or worm sending out mass amounts will be detected and stopped. It’s a much more elegant solution than blocking a bunch of ports for all users. It also gives you a list of user IPs that need to clean up their pc.

Mikrotik How to block Winbox Discovery + Limit Winbox Access

To hide your mikrotik from being appearing in WINBOX scan negibour list, & to limit WINBOX access from your admin PC only,
Use the Following.

1.        /tool mac-server 2.        add disabled=yes interface=all 3.        /tool mac-server ping 4.        set enabled=no 5.        /ip firewall filter 6.        add action=drop chain=input comment="block mikrotik discovery" disabled=no dst-port=5678 protocol=udp 7.        add action=drop chain=input comment="DROP ALL WINBOX REQUEST By MAC Address" disabled=no dst-port=20561 protocol=udp 8.        add action=drop chain=input comment="DROP ALL WINBOX REQUEST EXCEPT FROM MY PC" disabled=no dst-port=8291 protocol=tcp src-address=!192.168.2.6

You can Also Disable Network Neighbor Discovery on the interface to which your network users are connected

Example:

1.        /ip neighbor discovery set ether1 discover=no

Personnel Recommendation:
Always disable un-necessary Like FTP / SSH / TELNET etc. or if its necessary to enable services, at least Limit
there access to specific pcs only.
Allow only WINBOX.

How-to  Allow VPN (PPTP) Connections for Mikrotik VPN Server

PPTP uses the GRE protocol, You have to allow ip PROTOCOL 47 (GRE), not TCP port.
TCP port 1723 is the control connection, while the actual tunnel is GRE (protocol 47).

Example:

1.        /ip firewall filter 2.        add action=accept chain=input disabled=no dst-port=1723 protocol=tcp 3.        add action=accept chain=input disabled=no protocol=gre

Make sure these rules are above any general DENY rule.

How to Block User MAC address

1.        /ip fir fi 2.        add chain=input action=drop src-mac-address=74:EA:3A:F2:AF:90 3.        add chain=input action=drop src-mac-address=74:EA:3A:F2:AF:90

Script to reboot router daily at 1:00am

First add script which ahve command to reboto router, then simply schedule it to run daily in night 1:00am or whatever you like 

1.        /system script 2.        add name=sysreboot policy=ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api source="/system reboot" 3.        /system scheduler add name="rebootat1am" start-date="dec/04/2013" start-time="01:00:00" interval="1d" on-event="/system reboot" 4.        # OR 5.        /system scheduler add name="rebootat1am" start-date="dec/04/2013" start-time="01:00:00" interval="1d" on-event="sysreboot"

source