IT-Expert on Call

(613) 828-6611

Experience has no substitute
Inexperience carries significant cost and risk

» Return to «
Prerequisites

Installing MOAB using NAND Flash memory or Native Memory for file storage

FOR RouterOS v 6.x and v7.x

Step 1 Ceate MOAB Directory Step 2 Scripts used in MOAB
Step 3 Fetch MOAB files from Server Step 4 Import MOAB from File Storage
Step 5 Create MOAB Firewall Rule Step 6 Confirm Update Schedule

The install instruction contained herein also applies to MikroTik's Cloud Hosted Router like the CHR that use native memory for file storage. Native memory can be a hard disk like that found on a Server/PC, a SSD flash chip and controller attached to a circuit board, or virtual memory that is allocated by your Cloud Host provider.

Note that MOAB Scripts shown in Step 2 and 3 below are for illustration purposes only. The actual scripts with proper host credentials will be provided to you via e-mail when your MOAB Trial or paid subscription is initiated.

Step 1: Create a directory called moab using Winbox Terminal by individually copying/pasting in the following 2 directives then execute:

/ip smb shares add name=sharethis directory=moab
/ip smb shares remove [find name=sharethis]

The 1st directive will create the directory while the 2nd directive will remove the share that is not needed.

Goto Top

Step 2: Using Winbox Terminal you will copy and paste in the following 4 scripts and execute the directive -- one script at a time.

/system script add comment="Get the Bad Guys and run it" name=chrxiptik owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=":if ([:len [/file find name=moab/fileipdiff.txt]] >0) do={:if ([/file get moab/fileipdiff.txt size] > 0) do={:tool fetch url=\"https://itexpertoncall.com/moab/chrxiptik.rsc\" user=XXXXXXXX mode=https password=xxxxxxxxxxxx dst-path=/moab/; :log info \"Downloaded chrxiptik.rsc from itexpertoncall\"; :import file-name=/moab/chrxiptik.rsc;} else={ :log info \"MOAB update not required\";:file remove moab/fileipdiff.txt;}} else={:log info \"The file fileipdiff does not exist!\"}\ \n\r\ \n"
/system script add comment="Get the Diff" name=pulldiff owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="/tool fetch url=\"https://itexpertoncall.com/mt/fileipdiff.txt\" user=XXXXXXXX mode=https password=xxxxxxxxxxxx dst-path=/moab/;\r\ \n
/system scheduler add comment="Run Bad Guys Blacklist" interval=8h name=chrxiptik on-event="/system script run chrxiptik\r\ \n" policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-date=jun/10/2018 start-time=00:03:00
/system scheduler add comment="Pull Down the Diff Files" interval=8h name=diffevent on-event="/system script run pulldiff\r\ \n" policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-date=jun/10/2018 start-time=00:02:00

Goto Top

Step 3: Using Winbox Terminal you will now copy and paste in the following 2 scripts and execute the directive -- one script at a time starting with the first script that contains fileipdiff.txt THEN followed by the 2nd script that contains chrxiptik.rsc

/tool fetch url="https://itexpertoncall.com/moab/fileipdiff.txt" user=xxxxxxxxxxxx mode=https password=XXXXXXXXXXXXXXXX dst-path=/moab/

/tool fetch url="https://itexpertoncall.com/moab/chrxiptik.rsc" user=xxxxxxxxxxxx mode=https password=XXXXXXXXXXXXXXXX dst-path=/moab/

Note: The 2 scripts above will download the required files into your system.

Goto Top

Step 4: Using Winbox Terminal you will now copy and past then execute the following directive:

import file-name=/moab/chrxiptik.rsc

The above directive will take approximately 2 minutes or less to run so please do not proceed to the next step immediately.

Goto Top

Step 5: Your MikroTik Firewall now needs to have the following rule created and placed as shown in the Graphic below:

/ip firewall filter add action=drop chain=input comment="INPUT DROP MOAB Blacklist" in-interface=ether1 log-prefix="Drop Blacklist" src-address-list=blacklist

Before you copy and paste the Firewall script shown above please confirm your MikroTik Router's ISP INTERNET port is ether1 [in-interface=ether1]. If its not ether1 change it in the script to the correct port you actually use for your INTERNET connection. NOW Copy and paste the Firewall script into Winbox Terminal then execute. Next open the Winbox IP Firewall screen and scroll to the very bottom then with your mouse or keyboard highlight the rule you pasted in using Terminal and drag & drop it into the same position as shown in the Firewall graphic below..

Placement and order of the Firewall rules is vitally important - improper placement will have undesirable consequences where services and sites you expect to work will no longer function.
The only Firewall Rule for MOAB is placed in IP Firewall Filter Rules INPUT chain as shown below.

  1. INPUT chain Established/Related ACCEPT
  2. INPUT chain invalid DROP
  3. INPUT chain MOAB blacklist DROP
  4. more rules .....

blacklist

Goto Top

SPECIAL NOTE: Because the MOAB blacklist is extensive and very strict you may need to whitelist IP addresses like bogons which lists private and reserved IP's for internal use and IP addresses of servers and host that you must be able to communicate with. Many servers and Hosts are collocated in data centers [the Cloud] that unfortunately share space with the 'Bad Guys' so you must test those important IP addresses for connectivity and if they are blocked by MOAB then add those IP's to your MOAB Whitelist

Step 6: You will now need to adjust the MikroTik Schedular Start Time so that the 2 scheduler scripts provided [as shown in Step 2] are running based on your Local Time:

MOAB is updated 3 times each day @ 00:00:01 hours @ 08:00:00 hours @ 16:00:00 hours
using Ottawa ON Canada GMT -4 when Daylight Savings Time is in effect and
using Ottawa ON Canada GMT -5 when Eastern Standard Time is in effect.
You should adjust the scheduled TIME intervals on your MikroTik Router to coincide with MOAB's GMT attribute so that it reflects your geographic location - make sure that the ordering sequence of execution does not change and that there is at least a 5 minute interval between each script launching. The Greenwich Mean Time Converter can help you to determine the correct GMT time interval to use for your location.

Following is an example assuming your location is London England using GMT +1
The math here is going from Ottawa GMT-4 to London GMT+1 provides a difference of 5 hours and we suggest adding a 10 minute interval to that so that now adds up to +5:10
The scheduled scripts that we provide you are configured with the following defaults:
thediffevent Start-Time 00:02:00 THEN you would set your Start-Time to 05:12:00
chrxiptik Start-Time 00:03:00 THEN you would set your Start-Time to 05:13:00

Goto Top

You are now finished the KICK START process. Everything from this point on will be controlled by your scheduler scripts.

MOAB - First Time User's

» e-mail «  Request 10 day Free Trial of MOAB Blacklist Service


Prerequisites


IT-Expert on Call Professionals are ready willing and able to expertly deploy it for you

IT-Expert on Call does not maintain a staffed storefront office
All access to our resources is by appointment only made either by
Phone (613) 828-6611 or (613) 762-8018 or  » e-mail us « 

Based in Nepean, Ontario, Canada servicing the Regional Municipality of Ottawa-Carleton plus we offer remote services within Canada and the Continental U.S.A where broadband internet service is available.

Updated Tuesday 11 July, 2023 4:10 PM
Webmaster: David Mozer