Hello,
I’m having an issue where I’m getting a notice from ISP regarding a computer on network running Honeypot HTTP scanner on port 80. Is there a way to block all users from running port scanners using port 80 on Mikrotik router?
block port 80?
do you want block http?
use torch or use connection tracking to see who is do outside scan…
I tried using torch or connection monitoring but all computers use port 80 for traffic. The incident logs show this:
threat: Honeypot HTTP Scanner
type: tcp
source port: 57612
destination port: 80
destination ip: XX.XXX.XXX.XXX
I guess if I block destination port 80 and source range 55000 to 60000 that might do it, how can I apply this rule?
you must “syslog” all your firewall new connection for discovery who is, based on report date, time, IP and port…
Where do I go to do this?