Sorry to ask I am new to this Mikrotik router, how do stop or block pinging from outsider like below example?
It just wont stop keep pinging at this situation. Just block the IP wont work on this.
dstnat: in:unifi out:(unknown 0), proto TCP (SYN), 109.205.213.22:58587->xxx.xxx.xxx.xxx:xxxxx prio 1->0, len 52
dstnat: in:unifi out:(unknown 0), proto TCP (SYN), 109.205.213.22:65151->xxx.xxx.xxx.xxx:xxxxx, prio 1->0, len 52
dstnat: in:unifi out:(unknown 0), proto TCP (SYN), 109.205.213.22:60556->xxx.xxx.xxx.xxx:xxxxx, prio 1->0, len 52
Indeed scanning, noise and spurious connections are not something you can stop. Any device connected to the internet will have this.
Hate to be pedantic but those are not pings they are TCP SYN connections. You’ve not mentioned if this is to your device (input chain) or perhaps something behind it that’s natted or otherwise (forward chain)
The important thing is to have an appropriate set of firewall rules. Out of the box, input chain is closed to the outside world, as is anything that’s not matter inbound on the forward chain
If I recall correctly however, ping (ICMP) is allowed inbound by default. I prefer to block this via firewall rule.
Feel free to share your firewall rules if you want a second pair of eyes
From there you have 2 choices
be happy with the rules and ignore the noise (there is very little point in logging external traffic hitting your input chain)
disconnect the device from the internet. That’ll stop the noise. And everything else
Other good practice:
don’t use default admin account
Apply IP restrictions to Services
Apply IP restrictions to Users (up to you if you want this triple layer!)
