+1.813.321.0987

Malware PatrolMalware Patrol provides a Mikrotik-compatible version of our Malicious Domains and the Tor Exit Nodes data feeds. In this Mikrotik router configuration guide, you will find all the steps necessary. However, feel free to contact our support if you need any help.

MikroTik is a Latvian company founded in 1996 to develop routers and wireless ISP systems. MikroTik now provides hardware and software for Internet connectivity in most countries around the world. Our experience in using industry-standard PC hardware and complete routing systems allowed us in 1997 to create the RouterOS software system that provides extensive stability, controls, and flexibility for all kinds of data interfaces and routing.”

You can follow these simple steps to configure your Mikrotik to filter malicious domains to protect your network, computers, and users from getting infected by malware and ransomware. This includes domains derived from C2s, DGAs, and URLs hosting malware and ransomware binaries.

1) You will need the username and password provided to you by Malware Patrol. If you are evaluating, this will be your evaluation portal credentials. If you are a customer, you will use your account login details and portal URL.

2) Execute the following commands in Mikrotik’s CLI:

Malicious Domains

/system script  add name=”MP_UpdateMaliciousDomains” owner=”admin” policy=ftp,read,write dont-require-permissions=no source={
/tool fetch url=”https://_username_:_password@eval.malwarepatrol.net/feeds/files/MP_malicious_domains.mikrotik.rsc” mode=https

/ip firewall address-list remove [find where comment=”MP_Malicious_domain”]
/import file-name=MP_malicious_domains.mikrotik.rsc ;
}

/ip firewall filter add chain=forward action=drop protocol=tcp dst-address-list=MP_MaliciousDomains log=yes log-prefix=”Blocked_by_MP_MaliciousDomains”

/system scheduler add name=MP_UpdateMaliciousIPsFeed interval=1h on-event=MP_UpdateMaliciousIPs owner=admin policy=ftp,read,write

The code above will create a script that downloads and updates the Malicious Domains list. The system scheduler portion will schedule the download and update processes to happen on an hourly basis. We advise this frequency because our lists are updated every hour.

If you encounter any difficulties during the Mikrotik router configuration process, feel free to contact our tech support at support (@) malwarepatrol.net

Configuration guides for other systems can be found on our Tech Support page.

Share this post: