Hi,
I have lots of established connections to IPs which are free and not set anywhere in our network :
I believe someone is just sending invalid packets to our network. can someone please point me to proper firewall rules to stop this kind of attack ? I guess the first packet for an incomming TCP connection should be a syn and otherwise it should be discarded.
Regards
/ip firewall filter
add action=drop chain=input connection-state=invalid
add chain=input connection-state=related
add chain=input connection-state=established
add chain=input src-address=wan ip
add chain=input src-address=lan ip
add chain=input comment=Winbox dst-port=8291 protocol=tcp
add chain=input comment=ICMP protocol=icmp
add action=drop chain=input comment=DROP