hello guys
i need to some rules for closing all udp ports on mikrotik router. i have received an abuse from hetzner data center regarding to netscan attack through the following ports:
55341 UDP
445 TCP
53047 UDP
its so wire because previously 445 port has been closed through windows registery ( regedit rule) i am wondering how is it possible when this port is closed?
Hey, all UDP ports for the first UDP packets are closed by standart firewall rules, except UDP 53 and those services that uses UDP ports in “IP - Services”. In order to close your UDP 53 port you need to untick “allow remote requests” in “IP - DNS” settings.
“Regedit” is not firewall, but upper level service in Windows OS. If you shut down the service, it doesn’t mean that you can not receive TCP or UDP packets that allowed by your router. In your case, I think that:
Otherwise, you have a worm in your operating system on hard drive or ssd that makes these initial packets for you.