IT-Expert on Call

(613) 828-6611

Experience has no substitute
Inexperience carries significant cost and risk

Close Window

MOAB is Mother of all BLACKLISTS

PREREQUISITES for MikroTik Router's

A 10 day FREE Trial Period is available for MOAB First Time User's who want to trial MOAB prior to purchasing a subscription. At the end of the MOAB Free Trail Period - on the 10th day - if you wish to continue with MOAB you must make the Subscription Payment via PayPal otherwise your Trial Account will be deleted end of that day. For those First Time MOAB users the MOAB Trial Period begins on the day your MOAB account is accessed by your MikroTik Router's WAN IP Adress.

MOAB - First Time User's

» e-mail «  Request 10 day Free Trial of MOAB Blacklist Service

Example of what information we expect to receive from you:

  1. Your Name: Sam Stone
  2. MikroTik Router's model: RB450Gx4
  3. Serial Number: 4EF8DA6679A5
  4. Full Privileged Admin Name: owner=riverdale
  5. File Storage used: [select options only relevant to Your MikroTik Router]
    1. NAND flash memory for file storage: 512MB/128 MB free
    2. CHR virtual memory for file storage: 2GB/1.5 GB free
    3. SSD storage: disk1 256MB/128 MB free
    4. USB memory stick: disk1 8GB/4 GB free
    5. microSD card: disk3 16GB/16 GB free
  6. If single WAN port: ether1
    If Multi-WAN in-interface-list name: lbwanip
  7. Include outbound blocking: No

Once we have your information, and within 24 hours, we will provide you, via e-mail, with your host credentials and scripts. The account info we provide you will be tied to your WAN IP Address. To kick start the process we will also provide you with 2 scripts to download 2 files specific to your MikroTik router model that will be placed in your file storage area: for CHR instances the file storage area is called moab which directory is created at the root level; for all other MikroTik Routers the file storage area is called disk2 after which you will also need to import those rsc file using a Terminal session with a 3rd script that's also provided to launch MOAB.

For MikroTik Router models that include interfaces for microSD memory card or USB memory stick or SSD flash chip for external file storage - that external file storage disk must have a minimum of 128 MB of free memory available and must be named disk2 - if your disk is not named disk2 we can show you how-to rename your disk in our special MOAB install section of our web site.

Install instructions for MOAB using USB memory stick named disk2 for file storage.

Install instructions for MOAB using NAND flash memory or Native memory for file storage.

For Your Information

An optional add-in now avaiable - blocking outbound connections made by the Bad Guys from within your LAN's/VLAN's [How in the heck did they get in - You ask?]. User's in your network can innocently allow malicious scripts embedded in e-mails or infected memory sticks or web links that contain enticements that many unsuspecting users find hard to ignore and avoid and Wham! BAM! your device is now compromised - those nefarious scripts start making outbound connections based on some timed events to their masters for instructions - those outbound connections should be blocked. MOAB's outbound connection blocking is derived from various Bad Guys lists like Spamhouse-Drop, Spamhouse-EDrop, DShield, Bambenek High-Confidence C2 and Abuse.ch SSLBL - five agents of infection - when combined - tracking 12,000+ dynamic ipset entries that contain 20+ million unique IP addresses - updated every 8 hours.

We track [and log] each account to it's IP address - your embedded account details may only be used on authorized MikroTik Routers that you declare to us - any abuse of privilege of whatsoever nature will cancel your account without further notice.

If you would prefer to have us install MOAB for you on your MikroTik Router via remote control session let us know and we would be happy to do that for you at an additional cost of US $60.00.

MOAB has two tracks, one for MikroTik Routers like the hEX and the hAP ac 2 - tracking between 5K and 16K ipset entries - MikroTik Router models like the RB3011, RB4011, RB1100 and all CCR - tracking between 35K and 60K ipset entries. Once we know which MikroTik Router model you have we will decide if your model qualifies and which track to put you on. Both tracks cover over 615 million IP addresses of known perpetrators.

For MikroTik Routers like the RB3011, RB4011, RB1100 and all CCR models the maximum download file size is 3 MB or less - 3 times daily.

For MikroTik Routers like the hEX and the hAP ac 2 - the maximum download file size is 0.5 MB or less - 3 times daily.

Performance Hit on throughput: Regardless of which MikroTik Model that qualifies for the MOAB Blacklist Service PERFORMANCE will be excellent. Using MOAB the Bandwidth Performance hit on MikroTik Routers memory constrained models like the hEX is 12% and for the hAP ac 2 is 9% while 3% on amply provisioned MikroTik Routers containing 1 GHz CPU and minimum of 1GB of RAM.

Key POINT to understand about an ipset: ipset is an extension to iptables that allows you to create firewall rules that match entire "sets" of addresses at once. Unlike normal iptables chains, which are stored and traversed linearly, IP sets are stored in indexed data structures, making lookups very efficient, even when dealing with large sets. IPsets works remarkable well under RouterOS starting with the hEX, hAP ac 2 and all the other Router models mentioned herein.

How does MOAB store 615+ million IP addresses you wonder? MOAB consists of ipset that store a large number of IP(v4) addresses -- For MikroTik Router models like RB3011, RB4011, RB1100 and all CCR models MOAB normally contains between 35K and 60K ipset entries and in that mix reside 4.4K [+/-] CIDR notations - so you may wonder what do those CIDR notations represent? CIDR notation is a compact representation of an IP address and its associated routing prefix. A CIDR notation entry represents a large collection of IP addresses.
For Example:

This CIDR notation 0.0.0.0/8
contains 16,777,214 IP addresses

This CIDR notation 1.19.0.0/16
contains 65,534 IP addresses

This CIDR notation 1.32.128.0/18
contains 6,382 IP addresses

Whitelisting IP addresses

The MOAB blacklist is extensive and strict so you may need to whitelist IP addresses like bogons which lists private and reserved IP's for internal use and IP addresses of servers and host [Partners] that you must be able to communicate with. Many servers and Hosts are collocated in data centers [the Cloud] that share space with the 'Bad Guys' unfortunately so you must test those IP addresses for connectivity and if they are blocked by MOAB then add those IP's to your MOAB Whitelist. When you whitelist a block of IP's - that block will be excluded from the MOAB filter and allowed to pass through. To whitelist - the filter rule would be put in IP/Firewall/RAW positioned as the 1st rule and looks as follows:

/ip firewall raw add action=accept chain=prerouting comment="whitelisted SRC-addresses" src-address-list=moabwhitelist

In the Firewall's address-list create moabwhitelist then populate the IP addresses you need to allow passage and MOAB would not filter those IP addresses. Following is example creating the named list and adding an IP address that happens to be a bogon private IP address used by the Office Network that needs to be excluded from MOAB's filter done via Terminal:

/ip firewall address-list add address=10.10.10.0/24 list=moabwhitelist

MOAB Subscription

MOAB subscription Service Payment US $90.00 per Year

« PayPal »  when you're ready to subscribe

Please note that MOAB Subscription Service Payment above and
MOAB Install Service Payment below
are two sperate independent service payments.

MOAB Remote Install Service Payment US $60.00

« PayPal »  when you prefer to have us install MOAB for you.

We use Google Chrome Remote Desktop extension for all remote installation services.

MOAB Remote install service is only available for
broadband capable users
minimum 100Mbps Down 10Mbps Up.

Disclaimer: You may cancel your subscription at any time, all sales are final we do not issue refunds

Are You a cloud hosting VoIP provider and getting a lot of SIP/VoIP attacks?

Engineered for MikroTik RouterOS Firewall.

voipTIK - "Wow ...its working ...a perfect voip shield" a direct quote from one of our clients

Is your public facing PBX's getting a lot of SIP/VoIP attacks?

If your answer is YES then you need to consider our voipTIK Blacklist service - a perfect voip shield to protect your business and PBX's against VoIP Fraud and minimize the risks of attacks on your Telephony Server.

Currently recording 11,171 IPset entries that cover 11,710 IP Addresses of known attackers

The VoipTIK blacklist is specifically engineered to run on MikroTik Routers like the CHR [Cloud Hosted Router] and CCR's [Cloud Core Router series] utilizing MikroTik's RouterOS Firewall. When using our voipTIK blacklist service - in the MikroTik Firewall - you will need to whitelist all your core servers for all ports, hosted PBX's and Interconnection partners to specific required ports before implementing the drop rule for the voipTIK blacklist. On the Tik Router the voipTIK blacklist is scheduled to update every 4 hours when ipset addresses are triggered for adds/subtractions on a 24/7 365 basis.

VOIP Providers wishing to subscribe to voipTIK Blacklist Service please » e-mail «  for 30 day Free Trial. The price for a voipTIK subscription is US$7.50 per month or US$90 per year.

To qualify for the Free Trial please provide us with info as shown in this link.


Close Window


IT-Expert on Call Professionals are ready willing and able to expertly deploy it for you

IT-Expert on Call does not maintain a staffed storefront office
All access to our resources is by appointment only made either by
Phone (613) 828-6611 or (613) 762-8018 or  » e-mail us « 

Based in Nepean, Ontario, Canada servicing the Regional Municipality of Ottawa-Carleton plus we offer remote services within Canada and the Continental U.S.A where broadband internet service is available.

Updated Thursday 9 July, 2020 4:22 PM
Webmaster: David Mozer