Simple answer.
If you try a port on my router, why the hell should you see any other stuff on my router.
Trying any port that are not open and you will be blocked for a set off time.
This will prevent the user/script from trying any other attack for that period.
This may be how a port scanner script work.
- Scan a range of port (or all) on a router.
- Make a list of the open ports.
- Use different tools for attacking the open port.
a. RDP
b. HTTP(s)
c. FTP
d. SSH
e. ohter - Entering and misuse the router or destroy it.
Why else do I see 1000-10000 different IP a day tries port that are not open on my router?
Port blocking are not the final solution to prevent attack, but may help just a some.
Other securing prevention are also needed…
\
Use Splunk> to log/monitor your MikroTik Router(s). See link below. 