{"id":318,"date":"2012-06-29T18:03:23","date_gmt":"2012-06-29T21:03:23","guid":{"rendered":"http:\/\/www.tech-nico.com\/blog\/?p=318"},"modified":"2012-11-06T18:00:42","modified_gmt":"2012-11-06T21:00:42","slug":"como-detectar-botnet-torpig-en-una-red-desde-mikrotik","status":"publish","type":"post","link":"http:\/\/www.tech-nico.com\/blog\/como-detectar-botnet-torpig-en-una-red-desde-mikrotik\/","title":{"rendered":"Como detectar BOTNET Torpig en una Red desde Mikrotik"},"content":{"rendered":"<div id=\"advads-361395692\" class=\"advads-antes-de-contenido advads-entity-placement\" style=\"float: left;\"><script async src=\"\/\/pagead2.googlesyndication.com\/pagead\/js\/adsbygoogle.js?client=ca-pub-0513087877342686\" crossorigin=\"anonymous\"><\/script><ins class=\"adsbygoogle\" style=\"display:block; text-align:center;\" data-ad-client=\"ca-pub-0513087877342686\" \ndata-ad-slot=\"6331524197\" \ndata-ad-layout=\"in-article\"\ndata-ad-format=\"fluid\"><\/ins>\n<script> \n(adsbygoogle = window.adsbygoogle || []).push({}); \n<\/script>\n<\/div><br style=\"clear: both; display: block; float: none;\"\/><p>Torpig\u00a0o tambi\u00e9n conocido como Sinowal o Anserin es un tipo de botnet (variedad de troyano que pueden afectar a los equipos que utilizan Microsoft Windows). Torpig evita aplicaciones anti-virus a trav\u00e9s del uso de rootkits y busca en el sistema infectado para robar credenciales, las cuentas y contrase\u00f1as de home banking, as\u00ed como potencialmente permite a un atacante el acceso total al equipo. Tambi\u00e9n es supuestamente capaz de modificar los datos en la computadora, e infectar el sector MBR.<\/p><div id=\"advads-2603241249\" class=\"advads-contenido-de-la-entrada advads-entity-placement\"><script async src=\"\/\/pagead2.googlesyndication.com\/pagead\/js\/adsbygoogle.js?client=ca-pub-0513087877342686\" crossorigin=\"anonymous\"><\/script><ins class=\"adsbygoogle\" style=\"display:block; text-align:center;\" data-ad-client=\"ca-pub-0513087877342686\" \ndata-ad-slot=\"6331524197\" \ndata-ad-layout=\"in-article\"\ndata-ad-format=\"fluid\"><\/ins>\n<script> \n(adsbygoogle = window.adsbygoogle || []).push({}); \n<\/script>\n<\/div>\n<p><strong>Entendiendo como bloquearlo mediante Mikrotik<\/strong><\/p>\n<p>Lo que haremos a\u00a0continuaci\u00f3n\u00a0es loggear (crear una lista\u00a0din\u00e1mica\u00a0autom\u00e1tica) con la IP de origen (del cliente infectado) de todo trafico TCP en cualquier puerto con destino <strong>91.19.0.0\/16<\/strong>\u00a0y\u00a0<strong>91.20.0.0\/16.<\/strong><\/p>\n<pre>\/ip firewall filter\r\nadd action=add-src-to-address-list address-list=MebRootVictim address-list-timeout=1d chain=forward comment=\\\r\n    \"Detectamos clientes comprometidos con Torpig\" disabled=no dst-address-list=MebRoot<\/pre>\n<p><span style=\"color: #808080;\">NOTA: Se da por hecho que cualquier trafico saliente que apunte a estas 2 redes \u00ab<strong>91.19.0.0\/16<\/strong>\u00a0y\u00a0<strong>91.20.0.0\/16&#8243;,\u00a0<\/strong>proviene de un cliente comprometido.<\/span><\/p>\n<p><strong><\/strong>Luego eliminamos todo el trafico con destino a estas redes en el input, forward y output.<\/p>\n<pre>add action=drop chain=forward disabled=no dst-address-list=MebRoot\r\nadd action=drop chain=input disabled=no dst-address-list=MebRoot\r\nadd action=drop chain=output disabled=no dst-address-list=MebRoot<\/pre>\n<p>Tambi\u00e9n\u00a0eliminamos todo el trafico del cliente infectado \u00abdistinto al puerto 80 TCP\u00bb y \u00abdistinto al puerto 53 UDP\u00bb. Esto deja sin\u00a0navegaci\u00f3n\u00a0al cliente y solo le permite DNS y HTTP. Entonces queda el cliente filtrado (sin servicio) y lo\u00a0\u00fanico\u00a0que puede ver es la pagina que dice que su equipo esta comprometido y necesita llamar a un\u00a0t\u00e9cnico.<\/p>\n<pre>add action=drop chain=forward disabled=no dst-port=110,25,995,465,1863,20,21,22,23 protocol=tcp src-address-list=MebRootVictim\r\nadd action=drop chain=forward disabled=no dst-port=!53 protocol=udp src-address-list=MebRootVictim<\/pre>\n<p><a href=\"https:\/\/i0.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2012\/06\/trafico_virus_torpig.png\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" class=\"alignnone size-medium wp-image-319\" title=\"Cliente Bloqueado\" src=\"https:\/\/i0.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2012\/06\/trafico_virus_torpig.png?resize=300%2C240\" alt=\"\" width=\"300\" height=\"240\" srcset=\"https:\/\/i0.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2012\/06\/trafico_virus_torpig.png?resize=300%2C240 300w, https:\/\/i0.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2012\/06\/trafico_virus_torpig.png?resize=374%2C300 374w, https:\/\/i0.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2012\/06\/trafico_virus_torpig.png?w=516 516w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/a><\/p>\n<p><strong>En resumen nos quedaria asi:<\/strong><\/p>\n<pre>\/ip firewall filter\r\nadd action=add-src-to-address-list address-list=MebRootVictim address-list-timeout=1d chain=forward comment=\\\r\n    \"Drop Mebroot y Torpig y logueo el cliente de origen.\" disabled=no dst-address-list=MebRoot\r\nadd action=drop chain=forward disabled=no dst-address-list=MebRoot\r\nadd action=drop chain=input disabled=no dst-address-list=MebRoot\r\nadd action=drop chain=output disabled=no dst-address-list=MebRoot\r\nadd action=drop chain=forward disabled=no dst-port=!80 protocol=tcp src-address-list=MebRootVictim\r\nadd action=drop chain=forward disabled=no dst-port=!53 protocol=udp src-address-list=MebRootVictim<\/pre>\n<p>Agregamos las redes de destino a las que apunta el virus:<\/p>\n<pre>\/ip firewall address-list\r\nadd address=91.19.0.0\/16 comment=BOTNET disabled=no list=MebRoot\r\nadd address=91.20.0.0\/16 comment=BOTNET disabled=no list=MebRoot<\/pre>\n<p>En la parte de NAT hacemos el direccionamiento a la pagina de error. (en caso de tenerla). Es una buena manera de que el cliente bloqueado se de cuenta que tiene un virus.<\/p>\n<pre>add action=dst-nat chain=dstnat comment=\"REDIRECT VIRUS TORPIG\" disabled=no dst-port=80 protocol=tcp \\\r\n    src-address-list=MebRootVictim to-addresses=###IP_TU_APACHE### to-ports=#83#<\/pre>\n<p>Reemplazamos <strong>###IP_TU_APACHE###<\/strong> por la IP correspondiente a tu linux. Por ejemplo, pueden probar con la de google: 173.194.42.50 y puerto en este caso reemplazamos <strong>#83#<\/strong> por 80. En mi caso tengo en el puerto 81 el cartel del virus confiker y en el 83 el mensaje del virus Torpig.<\/p>\n<p>Eso es todo. Espero que les sirva de ayuda como a mi.<br \/>\nEsta es mi\u00a0versi\u00f3n\u00a0modificada de la que aparece en el Wiki oficial de Mikrotik<\/p>\n<p>________________________<br \/>\nNicolas <a href=\"http:\/\/tech-nico.com\/blog\">tech-nico.com<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Torpig\u00a0o tambi\u00e9n conocido como Sinowal o Anserin es un tipo de botnet (variedad de troyano que pueden afectar a los equipos que utilizan Microsoft Windows). Torpig evita aplicaciones anti-virus a trav\u00e9s del uso de rootkits y busca en el sistema &hellip; <a href=\"http:\/\/www.tech-nico.com\/blog\/como-detectar-botnet-torpig-en-una-red-desde-mikrotik\/\">Sigue leyendo <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":3,"featured_media":600,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[55,38],"tags":[],"class_list":["post-318","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-redes","category-seguridad"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.5 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Como detectar BOTNET Torpig en una Red desde Mikrotik &#183; Tech-nico.com<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"http:\/\/www.tech-nico.com\/blog\/como-detectar-botnet-torpig-en-una-red-desde-mikrotik\/\" \/>\n<meta property=\"og:locale\" content=\"es_ES\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Como detectar BOTNET Torpig en una Red desde Mikrotik &#183; Tech-nico.com\" \/>\n<meta property=\"og:description\" content=\"Torpig\u00a0o tambi\u00e9n conocido como Sinowal o Anserin es un tipo de botnet (variedad de troyano que pueden afectar a los equipos que utilizan Microsoft Windows). Torpig evita aplicaciones anti-virus a trav\u00e9s del uso de rootkits y busca en el sistema &hellip; Sigue leyendo &rarr;\" \/>\n<meta property=\"og:url\" content=\"http:\/\/www.tech-nico.com\/blog\/como-detectar-botnet-torpig-en-una-red-desde-mikrotik\/\" \/>\n<meta property=\"og:site_name\" content=\"Tech-nico.com\" \/>\n<meta property=\"article:publisher\" content=\"http:\/\/www.facebook.com\/pages\/Tech-nico\/112469155508017\" \/>\n<meta property=\"article:published_time\" content=\"2012-06-29T21:03:23+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2012-11-06T21:00:42+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/i0.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2015\/05\/logo_tech_nico.com_.jpg?fit=1650%2C1400\" \/>\n\t<meta property=\"og:image:width\" content=\"1650\" \/>\n\t<meta property=\"og:image:height\" content=\"1400\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"soporte\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@nicolpo\" \/>\n<meta name=\"twitter:site\" content=\"@nicolpo\" \/>\n<meta name=\"twitter:label1\" content=\"Escrito por\" \/>\n\t<meta name=\"twitter:data1\" content=\"soporte\" \/>\n\t<meta name=\"twitter:label2\" content=\"Tiempo de lectura\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutos\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"http:\\\/\\\/www.tech-nico.com\\\/blog\\\/como-detectar-botnet-torpig-en-una-red-desde-mikrotik\\\/#article\",\"isPartOf\":{\"@id\":\"http:\\\/\\\/www.tech-nico.com\\\/blog\\\/como-detectar-botnet-torpig-en-una-red-desde-mikrotik\\\/\"},\"author\":{\"name\":\"soporte\",\"@id\":\"http:\\\/\\\/www.tech-nico.com\\\/blog\\\/#\\\/schema\\\/person\\\/fbfacdf16e18b339cd034c484e312274\"},\"headline\":\"Como detectar BOTNET Torpig en una Red desde Mikrotik\",\"datePublished\":\"2012-06-29T21:03:23+00:00\",\"dateModified\":\"2012-11-06T21:00:42+00:00\",\"mainEntityOfPage\":{\"@id\":\"http:\\\/\\\/www.tech-nico.com\\\/blog\\\/como-detectar-botnet-torpig-en-una-red-desde-mikrotik\\\/\"},\"wordCount\":355,\"commentCount\":5,\"publisher\":{\"@id\":\"http:\\\/\\\/www.tech-nico.com\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"http:\\\/\\\/www.tech-nico.com\\\/blog\\\/como-detectar-botnet-torpig-en-una-red-desde-mikrotik\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/i0.wp.com\\\/www.tech-nico.com\\\/blog\\\/wp-content\\\/uploads\\\/2015\\\/05\\\/logo_tech_nico.com_.jpg?fit=1650%2C1400\",\"articleSection\":[\"redes\",\"seguridad\"],\"inLanguage\":\"es\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"http:\\\/\\\/www.tech-nico.com\\\/blog\\\/como-detectar-botnet-torpig-en-una-red-desde-mikrotik\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"http:\\\/\\\/www.tech-nico.com\\\/blog\\\/como-detectar-botnet-torpig-en-una-red-desde-mikrotik\\\/\",\"url\":\"http:\\\/\\\/www.tech-nico.com\\\/blog\\\/como-detectar-botnet-torpig-en-una-red-desde-mikrotik\\\/\",\"name\":\"Como detectar BOTNET Torpig en una Red desde Mikrotik &#183; Tech-nico.com\",\"isPartOf\":{\"@id\":\"http:\\\/\\\/www.tech-nico.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"http:\\\/\\\/www.tech-nico.com\\\/blog\\\/como-detectar-botnet-torpig-en-una-red-desde-mikrotik\\\/#primaryimage\"},\"image\":{\"@id\":\"http:\\\/\\\/www.tech-nico.com\\\/blog\\\/como-detectar-botnet-torpig-en-una-red-desde-mikrotik\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/i0.wp.com\\\/www.tech-nico.com\\\/blog\\\/wp-content\\\/uploads\\\/2015\\\/05\\\/logo_tech_nico.com_.jpg?fit=1650%2C1400\",\"datePublished\":\"2012-06-29T21:03:23+00:00\",\"dateModified\":\"2012-11-06T21:00:42+00:00\",\"breadcrumb\":{\"@id\":\"http:\\\/\\\/www.tech-nico.com\\\/blog\\\/como-detectar-botnet-torpig-en-una-red-desde-mikrotik\\\/#breadcrumb\"},\"inLanguage\":\"es\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"http:\\\/\\\/www.tech-nico.com\\\/blog\\\/como-detectar-botnet-torpig-en-una-red-desde-mikrotik\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"es\",\"@id\":\"http:\\\/\\\/www.tech-nico.com\\\/blog\\\/como-detectar-botnet-torpig-en-una-red-desde-mikrotik\\\/#primaryimage\",\"url\":\"https:\\\/\\\/i0.wp.com\\\/www.tech-nico.com\\\/blog\\\/wp-content\\\/uploads\\\/2015\\\/05\\\/logo_tech_nico.com_.jpg?fit=1650%2C1400\",\"contentUrl\":\"https:\\\/\\\/i0.wp.com\\\/www.tech-nico.com\\\/blog\\\/wp-content\\\/uploads\\\/2015\\\/05\\\/logo_tech_nico.com_.jpg?fit=1650%2C1400\",\"width\":1650,\"height\":1400},{\"@type\":\"BreadcrumbList\",\"@id\":\"http:\\\/\\\/www.tech-nico.com\\\/blog\\\/como-detectar-botnet-torpig-en-una-red-desde-mikrotik\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Portada\",\"item\":\"http:\\\/\\\/www.tech-nico.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Como detectar BOTNET Torpig en una Red desde Mikrotik\"}]},{\"@type\":\"WebSite\",\"@id\":\"http:\\\/\\\/www.tech-nico.com\\\/blog\\\/#website\",\"url\":\"http:\\\/\\\/www.tech-nico.com\\\/blog\\\/\",\"name\":\"Tech-nico.com\",\"description\":\"Mikrotik \\\/ Ubiquiti \\\/ Programacion \\\/ Seguridad\",\"publisher\":{\"@id\":\"http:\\\/\\\/www.tech-nico.com\\\/blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"http:\\\/\\\/www.tech-nico.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"es\"},{\"@type\":\"Organization\",\"@id\":\"http:\\\/\\\/www.tech-nico.com\\\/blog\\\/#organization\",\"name\":\"Tech-Nico.com\",\"url\":\"http:\\\/\\\/www.tech-nico.com\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"es\",\"@id\":\"http:\\\/\\\/www.tech-nico.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/i1.wp.com\\\/www.tech-nico.com\\\/blog\\\/wp-content\\\/uploads\\\/2015\\\/05\\\/logo_tech_nico.com_.jpg?fit=1650%2C1400\",\"contentUrl\":\"https:\\\/\\\/i1.wp.com\\\/www.tech-nico.com\\\/blog\\\/wp-content\\\/uploads\\\/2015\\\/05\\\/logo_tech_nico.com_.jpg?fit=1650%2C1400\",\"width\":1650,\"height\":1400,\"caption\":\"Tech-Nico.com\"},\"image\":{\"@id\":\"http:\\\/\\\/www.tech-nico.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"http:\\\/\\\/www.facebook.com\\\/pages\\\/Tech-nico\\\/112469155508017\",\"https:\\\/\\\/x.com\\\/nicolpo\"]},{\"@type\":\"Person\",\"@id\":\"http:\\\/\\\/www.tech-nico.com\\\/blog\\\/#\\\/schema\\\/person\\\/fbfacdf16e18b339cd034c484e312274\",\"name\":\"soporte\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"es\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/24a22b421037d7d81f3d80abc24dbea53e828637156a03dbd1b768154f81b368?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/24a22b421037d7d81f3d80abc24dbea53e828637156a03dbd1b768154f81b368?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/24a22b421037d7d81f3d80abc24dbea53e828637156a03dbd1b768154f81b368?s=96&d=mm&r=g\",\"caption\":\"soporte\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Como detectar BOTNET Torpig en una Red desde Mikrotik &#183; Tech-nico.com","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"http:\/\/www.tech-nico.com\/blog\/como-detectar-botnet-torpig-en-una-red-desde-mikrotik\/","og_locale":"es_ES","og_type":"article","og_title":"Como detectar BOTNET Torpig en una Red desde Mikrotik &#183; Tech-nico.com","og_description":"Torpig\u00a0o tambi\u00e9n conocido como Sinowal o Anserin es un tipo de botnet (variedad de troyano que pueden afectar a los equipos que utilizan Microsoft Windows). Torpig evita aplicaciones anti-virus a trav\u00e9s del uso de rootkits y busca en el sistema &hellip; Sigue leyendo &rarr;","og_url":"http:\/\/www.tech-nico.com\/blog\/como-detectar-botnet-torpig-en-una-red-desde-mikrotik\/","og_site_name":"Tech-nico.com","article_publisher":"http:\/\/www.facebook.com\/pages\/Tech-nico\/112469155508017","article_published_time":"2012-06-29T21:03:23+00:00","article_modified_time":"2012-11-06T21:00:42+00:00","og_image":[{"width":1650,"height":1400,"url":"https:\/\/i0.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2015\/05\/logo_tech_nico.com_.jpg?fit=1650%2C1400","type":"image\/jpeg"}],"author":"soporte","twitter_card":"summary_large_image","twitter_creator":"@nicolpo","twitter_site":"@nicolpo","twitter_misc":{"Escrito por":"soporte","Tiempo de lectura":"3 minutos"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"http:\/\/www.tech-nico.com\/blog\/como-detectar-botnet-torpig-en-una-red-desde-mikrotik\/#article","isPartOf":{"@id":"http:\/\/www.tech-nico.com\/blog\/como-detectar-botnet-torpig-en-una-red-desde-mikrotik\/"},"author":{"name":"soporte","@id":"http:\/\/www.tech-nico.com\/blog\/#\/schema\/person\/fbfacdf16e18b339cd034c484e312274"},"headline":"Como detectar BOTNET Torpig en una Red desde Mikrotik","datePublished":"2012-06-29T21:03:23+00:00","dateModified":"2012-11-06T21:00:42+00:00","mainEntityOfPage":{"@id":"http:\/\/www.tech-nico.com\/blog\/como-detectar-botnet-torpig-en-una-red-desde-mikrotik\/"},"wordCount":355,"commentCount":5,"publisher":{"@id":"http:\/\/www.tech-nico.com\/blog\/#organization"},"image":{"@id":"http:\/\/www.tech-nico.com\/blog\/como-detectar-botnet-torpig-en-una-red-desde-mikrotik\/#primaryimage"},"thumbnailUrl":"https:\/\/i0.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2015\/05\/logo_tech_nico.com_.jpg?fit=1650%2C1400","articleSection":["redes","seguridad"],"inLanguage":"es","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["http:\/\/www.tech-nico.com\/blog\/como-detectar-botnet-torpig-en-una-red-desde-mikrotik\/#respond"]}]},{"@type":"WebPage","@id":"http:\/\/www.tech-nico.com\/blog\/como-detectar-botnet-torpig-en-una-red-desde-mikrotik\/","url":"http:\/\/www.tech-nico.com\/blog\/como-detectar-botnet-torpig-en-una-red-desde-mikrotik\/","name":"Como detectar BOTNET Torpig en una Red desde Mikrotik &#183; Tech-nico.com","isPartOf":{"@id":"http:\/\/www.tech-nico.com\/blog\/#website"},"primaryImageOfPage":{"@id":"http:\/\/www.tech-nico.com\/blog\/como-detectar-botnet-torpig-en-una-red-desde-mikrotik\/#primaryimage"},"image":{"@id":"http:\/\/www.tech-nico.com\/blog\/como-detectar-botnet-torpig-en-una-red-desde-mikrotik\/#primaryimage"},"thumbnailUrl":"https:\/\/i0.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2015\/05\/logo_tech_nico.com_.jpg?fit=1650%2C1400","datePublished":"2012-06-29T21:03:23+00:00","dateModified":"2012-11-06T21:00:42+00:00","breadcrumb":{"@id":"http:\/\/www.tech-nico.com\/blog\/como-detectar-botnet-torpig-en-una-red-desde-mikrotik\/#breadcrumb"},"inLanguage":"es","potentialAction":[{"@type":"ReadAction","target":["http:\/\/www.tech-nico.com\/blog\/como-detectar-botnet-torpig-en-una-red-desde-mikrotik\/"]}]},{"@type":"ImageObject","inLanguage":"es","@id":"http:\/\/www.tech-nico.com\/blog\/como-detectar-botnet-torpig-en-una-red-desde-mikrotik\/#primaryimage","url":"https:\/\/i0.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2015\/05\/logo_tech_nico.com_.jpg?fit=1650%2C1400","contentUrl":"https:\/\/i0.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2015\/05\/logo_tech_nico.com_.jpg?fit=1650%2C1400","width":1650,"height":1400},{"@type":"BreadcrumbList","@id":"http:\/\/www.tech-nico.com\/blog\/como-detectar-botnet-torpig-en-una-red-desde-mikrotik\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Portada","item":"http:\/\/www.tech-nico.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Como detectar BOTNET Torpig en una Red desde Mikrotik"}]},{"@type":"WebSite","@id":"http:\/\/www.tech-nico.com\/blog\/#website","url":"http:\/\/www.tech-nico.com\/blog\/","name":"Tech-nico.com","description":"Mikrotik \/ Ubiquiti \/ Programacion \/ Seguridad","publisher":{"@id":"http:\/\/www.tech-nico.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"http:\/\/www.tech-nico.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"es"},{"@type":"Organization","@id":"http:\/\/www.tech-nico.com\/blog\/#organization","name":"Tech-Nico.com","url":"http:\/\/www.tech-nico.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"es","@id":"http:\/\/www.tech-nico.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/i1.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2015\/05\/logo_tech_nico.com_.jpg?fit=1650%2C1400","contentUrl":"https:\/\/i1.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2015\/05\/logo_tech_nico.com_.jpg?fit=1650%2C1400","width":1650,"height":1400,"caption":"Tech-Nico.com"},"image":{"@id":"http:\/\/www.tech-nico.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["http:\/\/www.facebook.com\/pages\/Tech-nico\/112469155508017","https:\/\/x.com\/nicolpo"]},{"@type":"Person","@id":"http:\/\/www.tech-nico.com\/blog\/#\/schema\/person\/fbfacdf16e18b339cd034c484e312274","name":"soporte","image":{"@type":"ImageObject","inLanguage":"es","@id":"https:\/\/secure.gravatar.com\/avatar\/24a22b421037d7d81f3d80abc24dbea53e828637156a03dbd1b768154f81b368?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/24a22b421037d7d81f3d80abc24dbea53e828637156a03dbd1b768154f81b368?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/24a22b421037d7d81f3d80abc24dbea53e828637156a03dbd1b768154f81b368?s=96&d=mm&r=g","caption":"soporte"}}]}},"jetpack_publicize_connections":[],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2015\/05\/logo_tech_nico.com_.jpg?fit=1650%2C1400","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/phA9Q-58","jetpack_likes_enabled":true,"jetpack-related-posts":[{"id":618,"url":"http:\/\/www.tech-nico.com\/blog\/mikrotik-script-marcar-y-controlar-trafico-de-whatsapp-por-dns\/","url_meta":{"origin":318,"position":0},"title":"Mikrotik Script: Marcar y controlar trafico de whatsapp por DNS","author":"soporte","date":"junio 5, 2015","format":false,"excerpt":"Si queremos controlar el ancho de banda de whatsapp por QoS o dropear o simplemente dejar pasar este trafico, podemos ejecutar este maravilloso script desde nuestro RouterOS, que recolecta las IP que usa esta aplicaci\u00f3n de mensajer\u00eda. Las IP que recolecta realmente son MUCHAS!. \u00a0 Entonces, pegamos este codigo en\u2026","rel":"","context":"En \u00abProgramaci\u00f3n\u00bb","block_context":{"text":"Programaci\u00f3n","link":"http:\/\/www.tech-nico.com\/blog\/category\/programacion\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2015\/05\/logo_tech_nico.com_.jpg?fit=1200%2C1018&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2015\/05\/logo_tech_nico.com_.jpg?fit=1200%2C1018&resize=350%2C200 1x, https:\/\/i0.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2015\/05\/logo_tech_nico.com_.jpg?fit=1200%2C1018&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2015\/05\/logo_tech_nico.com_.jpg?fit=1200%2C1018&resize=700%2C400 2x, https:\/\/i0.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2015\/05\/logo_tech_nico.com_.jpg?fit=1200%2C1018&resize=1050%2C600 3x"},"classes":[]},{"id":333,"url":"http:\/\/www.tech-nico.com\/blog\/marcar-ip-de-google-youtube-video-para-dar-calidad-de-servicio\/","url_meta":{"origin":318,"position":1},"title":"Marcar IP de Google Youtube Video para dar Calidad de Servicio","author":"soporte","date":"marzo 26, 2014","format":false,"excerpt":"La manera mas efectiva de marcar el trafico de video youtube en tu red (en este caso mikrotik) es utilizando listas de direcciones. Las recolecte por DNS y Whois. Si queres hacer QoS, vas a necesitar esta lista. . . . . \/ip fire addr add address=173.194.0.0\/16 disabled=no list=Youtube add\u2026","rel":"","context":"En \u00abredes\u00bb","block_context":{"text":"redes","link":"http:\/\/www.tech-nico.com\/blog\/category\/redes\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2015\/05\/logo_tech_nico.com_.jpg?fit=1200%2C1018&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2015\/05\/logo_tech_nico.com_.jpg?fit=1200%2C1018&resize=350%2C200 1x, https:\/\/i0.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2015\/05\/logo_tech_nico.com_.jpg?fit=1200%2C1018&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2015\/05\/logo_tech_nico.com_.jpg?fit=1200%2C1018&resize=700%2C400 2x, https:\/\/i0.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2015\/05\/logo_tech_nico.com_.jpg?fit=1200%2C1018&resize=1050%2C600 3x"},"classes":[]},{"id":446,"url":"http:\/\/www.tech-nico.com\/blog\/mikrotik-script-buscar-en-ppp-las-ip-libres-no-asignadas-en-una-clase-c\/","url_meta":{"origin":318,"position":2},"title":"Mikrotik Script: Buscar en PPP las IP libres no asignadas en una Clase C","author":"soporte","date":"julio 16, 2013","format":false,"excerpt":"Bueno, este es un script muy rebuscado que arme para listar las IP Libres de un \/24. Es muy util ya que hay escasos bloques IPv4. En mi caso doy pppoe con IP fija, entonces es muy facil a veces (por error) saltearnos alguna IP y quede en desuso.","rel":"","context":"En \u00abProgramaci\u00f3n\u00bb","block_context":{"text":"Programaci\u00f3n","link":"http:\/\/www.tech-nico.com\/blog\/category\/programacion\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2015\/05\/logo_tech_nico.com_.jpg?fit=1200%2C1018&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2015\/05\/logo_tech_nico.com_.jpg?fit=1200%2C1018&resize=350%2C200 1x, https:\/\/i0.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2015\/05\/logo_tech_nico.com_.jpg?fit=1200%2C1018&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2015\/05\/logo_tech_nico.com_.jpg?fit=1200%2C1018&resize=700%2C400 2x, https:\/\/i0.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2015\/05\/logo_tech_nico.com_.jpg?fit=1200%2C1018&resize=1050%2C600 3x"},"classes":[]},{"id":1025,"url":"http:\/\/www.tech-nico.com\/blog\/mikrotik-routeros-nat-masquerade-y-netmap\/","url_meta":{"origin":318,"position":3},"title":"Mikrotik RouterOS NAT &#8211; Masquerade y Netmap","author":"soporte","date":"julio 11, 2021","format":false,"excerpt":"Existen varios tipos de NAT para diferentes prop\u00f3sitos. Todos conocemos el cl\u00e1sico \"Masquerade\", que siempre utilizamos en los mikrotik de nuestros clientes, pero a veces trae algunos problemas extra\u00f1os en la navegaci\u00f3n que por suerte resuelve Netmap. Adem\u00e1s de action=masquerade tambi\u00e9n existe action=netmap. Los dos son muy similares entre si\u2026","rel":"","context":"En \u00abredes\u00bb","block_context":{"text":"redes","link":"http:\/\/www.tech-nico.com\/blog\/category\/redes\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2021\/07\/cgnat.png?fit=1200%2C704&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2021\/07\/cgnat.png?fit=1200%2C704&resize=350%2C200 1x, https:\/\/i0.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2021\/07\/cgnat.png?fit=1200%2C704&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2021\/07\/cgnat.png?fit=1200%2C704&resize=700%2C400 2x, https:\/\/i0.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2021\/07\/cgnat.png?fit=1200%2C704&resize=1050%2C600 3x"},"classes":[]},{"id":1092,"url":"http:\/\/www.tech-nico.com\/blog\/mikrotik-script-para-bloquear-intentos-de-login\/","url_meta":{"origin":318,"position":4},"title":"Mikrotik Script para bloquear intentos de login","author":"soporte","date":"julio 18, 2023","format":false,"excerpt":"Leyendo en el foro de mikrotik me encontre con este script que monitorea el log en busca errores , Y bloquea en base a la cantidad de intentos de acceso. Lo interesante es que podemos configurarlo para detectar distintos tipos de acceso. Por ejemplo los famosos intentos de acceso por\u2026","rel":"","context":"En \u00abmikrotik\u00bb","block_context":{"text":"mikrotik","link":"http:\/\/www.tech-nico.com\/blog\/category\/mikrotik\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2015\/05\/logo_tech_nico.com_.jpg?fit=1200%2C1018&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2015\/05\/logo_tech_nico.com_.jpg?fit=1200%2C1018&resize=350%2C200 1x, https:\/\/i0.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2015\/05\/logo_tech_nico.com_.jpg?fit=1200%2C1018&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2015\/05\/logo_tech_nico.com_.jpg?fit=1200%2C1018&resize=700%2C400 2x, https:\/\/i0.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2015\/05\/logo_tech_nico.com_.jpg?fit=1200%2C1018&resize=1050%2C600 3x"},"classes":[]},{"id":651,"url":"http:\/\/www.tech-nico.com\/blog\/api-mikrotik-agregar-una-direccion-al-firewall-address-list\/","url_meta":{"origin":318,"position":5},"title":"API MIKROTIK &#8211; Agregar una direcci\u00f3n al firewall address-list","author":"soporte","date":"agosto 26, 2015","format":false,"excerpt":"En esta ocasi\u00f3n, les traigo algo muy usado por todos los mikroteros. Los address-list que siempre nos\u00a0han facilitado las cosas. He visto ejemplos en otros sitios webs intentando manejarlas, y hasta incluso c\u00f3digos copiados\/editados de este blog\u00a0(sin poner la fuente), pero claro, sin funcionar :p.\u00a0Bueno,\u00a0aca lo tienen!. Por favor, pongan\u2026","rel":"","context":"En \u00abgeneral\u00bb","block_context":{"text":"general","link":"http:\/\/www.tech-nico.com\/blog\/category\/general\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2015\/05\/logo_tech_nico.com_.jpg?fit=1200%2C1018&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2015\/05\/logo_tech_nico.com_.jpg?fit=1200%2C1018&resize=350%2C200 1x, https:\/\/i0.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2015\/05\/logo_tech_nico.com_.jpg?fit=1200%2C1018&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2015\/05\/logo_tech_nico.com_.jpg?fit=1200%2C1018&resize=700%2C400 2x, https:\/\/i0.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2015\/05\/logo_tech_nico.com_.jpg?fit=1200%2C1018&resize=1050%2C600 3x"},"classes":[]}],"amp_enabled":true,"_links":{"self":[{"href":"http:\/\/www.tech-nico.com\/blog\/wp-json\/wp\/v2\/posts\/318","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.tech-nico.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.tech-nico.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.tech-nico.com\/blog\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"http:\/\/www.tech-nico.com\/blog\/wp-json\/wp\/v2\/comments?post=318"}],"version-history":[{"count":6,"href":"http:\/\/www.tech-nico.com\/blog\/wp-json\/wp\/v2\/posts\/318\/revisions"}],"predecessor-version":[{"id":341,"href":"http:\/\/www.tech-nico.com\/blog\/wp-json\/wp\/v2\/posts\/318\/revisions\/341"}],"wp:featuredmedia":[{"embeddable":true,"href":"http:\/\/www.tech-nico.com\/blog\/wp-json\/wp\/v2\/media\/600"}],"wp:attachment":[{"href":"http:\/\/www.tech-nico.com\/blog\/wp-json\/wp\/v2\/media?parent=318"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.tech-nico.com\/blog\/wp-json\/wp\/v2\/categories?post=318"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.tech-nico.com\/blog\/wp-json\/wp\/v2\/tags?post=318"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}