block port scanner apps users

yehia · June 16, 2018, 6:28pm

Hi All
im wondering if there is anyway to know who is using port scanner apps like fing or eznet or netcat and block them

i mean when user just to open or start scan apps then server drop his connection and block his first used mac address in ip binding, is there anyway to do that via firewall or something like that ?

anav · June 16, 2018, 7:01pm

What are the characteristics of a port scanning application?
That may give you a clue.

Number of connections per period of time?
Outgoing ports that make no sense for a typical user?

solar77 · June 16, 2018, 9:03pm

https://wiki.mikrotik.com/wiki/Drop_port_scanners

yehia · June 16, 2018, 9:31pm

i mean that apps scan and show ip and mac address of users that hack use it to access internet by use those macs

yehia · June 16, 2018, 9:51pm

it doesnt work

anav · June 17, 2018, 12:28am

Your posts dont make any sense.

Please choose the correct problem.

I want to find out who on my LANs are running port scans of other routers on the internet.
I want to block port scans on my router (scanning my router from the outside).

CZFan · June 17, 2018, 2:24pm

FIFY:

_"Please choose the correct problem.

I want to find out who on my LANs are running port scans of other routers on the internet.
I want to block port scans to my router / network."_

yehia · June 17, 2018, 6:12pm

1 . i want to fint out who on my lans are running port scan apps of other users address on my network
2 . i want to block port scan apps users on my network.

i suggest some ideas in my post and want to apply it from some network profs.

anav · June 17, 2018, 8:12pm

Weird, so you have a bunch of users that are scanning ports on your LANS?
I dont see this as a problem because By being on the LAN they can access all the IPs on a LAN, as they are on layer 2, so there is no real expectation of security other than what you put on each PC for firewall or AV.

However if you have different subnets, put them on different interfaces and then use FW rules to block subnet to subnet traffic.

yehia · June 17, 2018, 10:22pm

that users who use scan apps can get another users mac addresses then copy it and access in free internet cuz i use hotspot server and use 1 dhcp server
thats why am asking if there someway to block scan apps
my idea is if there a way to get the user who is using scan app then block his first main mac address be4 get any mac or his scan app work … thats my idea and need some1 expert can apply it in some rules

yehia · June 17, 2018, 10:31pm

i share this idea cuz some expert user could make some rules to block freedom app that work before login to hotspot server …the freedom app is like vpn app and can access the hotspot without registering any account , and some expert user made some rules can get any user using freedom app and drop his connection and put his ip address in firewall address list…he depends on put freedom app servers in layer7 firewall address list then drop them in firewall filter
and im thinking if there is away like that to figure out scan apps users and block thier first main mac address..
i will put freedom app block rules down and need some1 to help me making some rules like it but to block scan apps

ip firewall layer7-protocol add name=freedom regexp=“^.+(2yf.de|1yf.de|freedom.net|your-freedom.de|your-freedom)”

ip firewall filter add action=drop comment=“block-freedom-maxupgrade” chain=pre-hs-input layer7-protocol=freedom

ip firewall mangle
add action=add-src-to-address-list address-list=freedom address-list-timeout=1d chain=prerouting layer7-protocol=freedom comment=“freedom-maxupgrade”