How to block ip scanner

mrjewel2002 · July 5, 2013, 7:13pm

How to block ip scanner software like angry, advance ip scanner etc
i am all ready use the following rules
rules…

/ip firewall filter add chain=input protocol=tcp psd=21,3s,3,1 action=add-src-to-address-list address-list=“Blocked IP’s” address-list-timeout=2w comment=“Add Port scanners to Blocked List” disabled=no
/ip firewall filter add chain=input protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg action=add-src-to-address-list address-list=“port scanners” address-list-timeout=2w comment=“NMAP FIN Stealth scan”
add chain=input protocol=tcp tcp-flags=fin,syn action=add-src-to-address-list address-list=“port scanners” address-list-timeout=2w comment=“SYN/FIN scan”
add chain=input protocol=tcp tcp-flags=syn,rst action=add-src-to-address-list address-list=“port scanners” address-list-timeout=2w comment=“SYN/RST scan”
add chain=input protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack action=add-src-to-address-list address-list=“port scanners” address-list-timeout=2w comment=“FIN/PSH/URG scan”
add chain=input protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg action=add-src-to-address-list address-list=“port scanners” address-list-timeout=2w comment=“ALL/ALL scan”
add chain=input protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg action=add-src-to-address-list address-list=“port scanners” address-list-timeout=2w comment="NMAP NULL scan

But not working please help me
I want to like if you scan then show only your ip not show the other user ip and mac address (local Lan)

Robinson · February 18, 2014, 10:53am

I don’t think that is possible in same broadcast zone. (if your custommers are in same subnet)

Robinson · February 19, 2014, 9:52am

I understand he wants to prevent ip scanners in loacal network to detect “live” hosts.

bax · February 19, 2014, 10:08am

If he have RB Ap … probably is posible … i did not try

Robinson · February 19, 2014, 10:18am

Depending on the configuration, if local lan is throw clasic switch, hosts on same broadcast zone…I do not believe that he can block ip scaner.

bax · February 19, 2014, 1:42pm

Hm …
If he have mikrotik as AP … let say like this :

AP MIKROTIK … dummy switch … mikrotik gateway … internet

Then he can block scaning on first AP … then it is posible … because first AP will be block that user …
if AP is not mikrotik brand then is not posible probably …

callme · April 6, 2016, 7:10pm

You need work with Hotspot and encrypt wireless to WPA to prevent IP Scanning