IT-Expert on Call

(613) 828-6611

Experience has no substitute
Inexperience carries significant cost and risk

Close Window

Threat Intelligence at Work 24/7 365
MOAB is Mother of all Blacklists

PREREQUISITES for MikroTik Router's

Example of what information we expect to receive from you:

  1. Your Name: Sam Stone
  2. MikroTik Router's model: RB450Gx4
  3. Serial Number: 4EF8DA6679A5
  4. Your primary admin user account name: owner=riverdale
  5. File Storage used: [select options only relevant to Your MikroTik Router]
    1. NAND flash memory for file storage: 512MB/128 MB free
    2. CHR virtual memory for file storage: 2GB/1.5 GB free
    3. SSD storage: disk1 256MB/128 MB free
    4. USB memory stick: disk1 8GB/4 GB free
    5. microSD card: disk3 16GB/16 GB free
  6. If single WAN port: ether1
    If Multi-WAN in-interface-list name: lbwanip
  7. WAN IP address and/or addresses when Failover or Multi-WAN are used.
  8. FYI: We track [and log] each account to it's IP address - your embedded account details may only be used on authorized MikroTik Routers that you declare to us - any abuse of privilege of whatsoever nature will cancel your account without further notice.

Once we have your information, and within 24 hours, we will provide you, via e-mail, with your host credentials and scripts. The account info we provide you will be tied to your WAN IP Address. To kick start the process we will also provide you with 2 scripts to download 2 files specific to your MikroTik router model that will be placed in your file storage area: for MikroTik Routers that only have NAND memory the file storage area is called moab which directory is created at the root level; for all other MikroTik Routers the file storage area is called disk2 after which you will also need to import those rsc file using a Terminal session with a 3rd script that's also provided to launch MOAB.

For MikroTik Router models that include interfaces for microSD memory card or USB memory stick or SSD flash chip for external file storage - that external file storage disk must have a minimum of 128 MB of free memory available and must be named disk2 - if your disk is not named disk2 we can show you how-to rename your disk in our special MOAB install section of our web site.

Install instructions for MOAB using USB memory stick named disk2 for file storage.

Install instructions for MOAB using NAND flash memory or Native memory for file storage.

For Your Information

CAVEATE:A warning or proviso of specific stipulations, conditions, or limitations Do NOT use admin as your primary user account name because that is a security risk. Create a new user account with full rights - give that new user account a distinctive name. Exit out of the default admin account and log into the newly created admin account with that distinctive name. THEN either disable the original admin user account or better still delete that account.

If you would prefer to have us install MOAB for you on your MikroTik Router via chrome remote desktop session let us know and we would be happy to do that for you at an additional cost of US $90.00 assuming that you are using the DEFAULT Firewall rules that MikroTik provides - the process normally takes approximately between 20 to 40 minutes. If your Firewall is not the default or heavily modified the cost to install MOAB will be based on an hourly rate of US $125.00

MOAB has two tracks, one for MikroTik Routers like the hEX, hAP ac 2, the Audience - tracking between 5K and 16K ipset entries - MikroTik Router models like the CHR, RB3011, RB4011, RB5009, RB1100 and all CCR - tracking between 35K and 60K ipset entries. Once we know which MikroTik Router model you have we will decide if your model qualifies and which track to put you on. Both tracks cover over 600 million IP addresses of known perpetrators.

For MikroTik Routers like the CHR, RB3011, RB4011, RB5009, RB1100 and all CCR models the maximum download file size is 1 MB or less - 3 times daily.

For MikroTik Routers like the hEX, hAP ac 2 , the Audience - the maximum download file size is 0.5 MB or less - 3 times daily.

Performance Hit on throughput: Regardless of which MikroTik Model that qualifies for the MOAB Blacklist Service PERFORMANCE will be excellent. Using MOAB the Bandwidth Performance hit on MikroTik Routers memory constrained models like the hEX is 12% and for the hAP ac 2 as well as the Audience its 9% while 3% on amply provisioned MikroTik Routers containing 1 GHz CPU and minimum of 1GB of RAM.

Key POINT to understand about an ipset: ipset is an extension to iptables that allows you to create firewall rules that match entire "sets" of addresses at once. Unlike normal iptables chains, which are stored and traversed linearly, IP sets are stored in indexed data structures, making lookups very efficient, even when dealing with large sets. IPsets works remarkable well under RouterOS starting with the hEX, hAP ac 2 , the Audience and all the other Router models mentioned herein.

How does MOAB store 600+ million IP addresses you wonder? MOAB consists of ipset that store a large number of IP(v4) addresses -- For MikroTik Router models like RB3011, RB4011, RB1100 and all CCR models MOAB normally contains between 35K and 60K ipset entries and in that mix reside 4.4K [+/-] CIDR notations - so you may wonder what do those CIDR notations represent? CIDR notation is a compact representation of an IP address and its associated routing prefix. A CIDR notation entry represents a large collection of IP addresses.
For Example:

This CIDR notation
contains 16,777,214 IP addresses

This CIDR notation
contains 65,534 IP addresses

This CIDR notation
contains 6,382 IP addresses


Whitelisting IP addresses

The MOAB blacklist is extensive and strict so you may need to whitelist IP addresses like bogons which lists private and reserved IP's for internal use and IP addresses of servers and host [Partners] that you must be able to communicate with.

Many servers and Hosts are collocated in data centers [the Cloud] that unfortunately share space with the 'Bad Guys' so you must test those important IP addresses for connectivity and if they are blocked by MOAB then add those IP's to your MOAB Whitelist. When you whitelist a block of IP's - that block will be excluded from the MOAB filter and allowed to pass through.

To whitelist - the filter rule would be put in IP/Firewall/RAW positioned as the 1st rule and looks as follows:

/ip firewall raw add action=accept chain=prerouting comment="whitelisted SRC-addresses" src-address-list=moabwhitelist

In the Firewall's address-list create moabwhitelist then populate the IP addresses you need to allow passage and MOAB would not filter those IP addresses. Following is example creating the named list and adding an IP address that happens to be a bogon private IP address used by the Office Network that needs to be excluded from MOAB's filter done via Terminal:

/ip firewall address-list add address= list=moabwhitelist

A 10 day FREE Trial Period is available for MOAB First Time User's who want to trial MOAB prior to purchasing a subscription. At the end of the MOAB Free Trail Period - on the 10th day - if you wish to continue with MOAB you must make the Subscription Payment via PayPal otherwise your Trial Account will be deleted end of that day.

MOAB - First Time User's

» e-mail «  Request 10 day Free Trial of MOAB Blacklist Service

MOAB Subscription

MOAB subscription Service Payment US $90.00 per Year

« PayPal »  when you're ready to subscribe or renew

Please note that MOAB Subscription Service Payment above and
MOAB Install Service Payment below
are two sperate independent service payments.

MOAB Remote Install Service Payment US $90.00

« PayPal »  when you prefer to have us install MOAB for you.

We use Chrome Remote Desktop extension for all remote installation services.

MOAB Remote install service is only available for
broadband capable users
minimum 100Mbps Down 10Mbps Up.

Disclaimer: You may cancel your subscription at any time, all sales are final we do not issue refunds

Close Window

IT-Expert on Call Professionals are ready willing and able to expertly deploy it for you

IT-Expert on Call does not maintain a staffed storefront office
All access to our resources is by appointment only made either by
Phone (613) 828-6611 or (613) 762-8018 or  » e-mail us « 

Based in Nepean, Ontario, Canada servicing the Regional Municipality of Ottawa-Carleton plus we offer remote services within Canada and the Continental U.S.A where broadband internet service is available.

Updated Sunday 1 May, 2022 9:53 AM
Webmaster: David Mozer