Hello,
Today I realized that there are continuous attacks to my mikrotik from outside. Different ips try to get into through different ports like 22 or 6889 or not so much known ports like 1024 or ports over 11000…
What rules should i write in firewall so to drop immediately every connection try from every ip that continuous try to get connected ?
I want to open some ports for my self (like 22 for ssh) but I am afraid now…
You could have a look at the RAW rule I use and I have open port 25,80 and 443.
http://forum.mikrotik.com/t/blacklist-filter-update-script/89817/126
If you have a static IP then look at allowing only that IP to is allowed use port 22 (ssh) and if you have trusted second static IP then used that as backup.
If you are under attack then you should just drop everything except connections you want to accept.
Configure IPSEC tunnel for you to connect safely to your router.
Locate “port knocking” in a MUM meeting presentation a few years back.
It hinders port scanning as a benefit.