SquidBuster

Introduction: SquidBuster is a free service provided by Crystalline Technology, LLC for use by the MikroTik user community.  If you use this service however, we invite you to buy us a cup of coffee for our efforts by donating via PayPal.      

The information and files provided here are most useful to network administrators that use MikroTik routers and who understand the value of protecting your network from certain undesirable sites.

A SquidBuster.rsc file is generated every 15 minutes and is made available for download.  This script file contains lists of IP addresses and networks that have been identified as undesirable by such sites as sslbl.abuse.ch/blacklist/sslipblacklist.csv, anti-attachks.com/download/black_list.txt, project.turris.cz/greylist-data/greylist-latest.csv, spamhaus.org/drop/drop.lasso, and dshield.org/block.txt. After downloading these lists, SquidBuster checks for and deletes any duplications across the lists. Even so, the combined lists of undesirable IP addresses and networks runs about 60,000. The SquidBuster.rsc script addes these to a Address List "sbl cltlist". The script also creates two /ip firewall raw" drop rules to drop anything coming from or going to any of the IP's in the "sbl cltlist".

Because it takes a few seconds for the interface to come alive on the RB we delaly 10 seconds. One who is paranoid might actually disable the LAN interface until all the address lists have been downloaded and the script run to make the raw filters active before allowing any activity on the LAN interface.   My concern would be that the network might be down to our server and your users might be without service until the network comes back.  Hence, the script makes a best attempt at loading the SquidBuster list and allows the router to continue unimpeded.  We suggest you run this script about every 10 seconds or so.

/system scheduler
add interval=10s name=StartUp on-event="# this script is designed to allow programs to execute immediately upon power up or restart :global FirstRun; :if ($FirstRun<1) do={ :set FirstRun 1; /log info ("Waiting for Interface") #seems the interfaces takes a short bit to come alive. :delay 10; /log info ("Startup") #put anything here you want executed on startup /tool fetch address=www.SquidBuster.com host=www.SquidBuster.com mode=http src-path=/downloads/SquidBuster.rsc :delay 3; /import SquidBuster.rsc #Log that we have completed /log info ("Startup Complete") } start-time=startup

Now to update the list, all we have to do is set the FirstRun to 0 and within 10 seconds the above script gets executed and a new Address List is loaded. To achomplish this we have the simple script below that is executed every 12 hours.

/system scheduler
add interval=12h name=StartUp on-event="# this script is designed to allow programs to execute immediately upon power up or restart :global FirstRun; :set FirstRun 0; :log info ("\update SquidBuster");

We are considering a MikroTik user database such that network managers who capture malicious attacks can upload lists of offenders IP addresses for inclusion in an expansion of those we are already including.   Together we can work to do our part in rejecting the dark side of the network. Please send comments and suggestions to support@squidbuster.com.


© htmlg.com