Hello
I have a virtual router (vps) at point A and a virtual router (vps) at point B. I set up an ipipv 6 tunnel between them. Users by sstp, openvpn protocols. ikev2 are connected to point A and their traffic is directed to the ipipv6 tunnel by Mangal.
The service provider of point B informed me via email that a portscan has happened from this server (point B).
I want to know
1- How can I prevent this incident from which server?
2- How do I find someone who has found this job?
Please please guide me
hello nima,
The service provider of point B informed me via email that a portscan has happened from this server (point B).
for the first part,
you should request any logs from your provider about their claims (to which target your router b did the scans). otherwise you will get busy for nothing.
second,
this firewall guide should be your reference to secure your network - both internally and externally.
https://wiki.mikrotik.com/wiki/Manual:IP/Firewall/Filter
for the scanner part - you might want to read the rate-limit section. do some fw logging for that part.
third,
any vpn clients connected to your router are logged in the MT syslog - so you should take a look at it.
hope this helps.
Please guide us how Mikrotik is involved in that issue?
Hello wiseroute
The provider of the second point, or B, is said to be from an IP with a range of 172.0.0.0
This event has taken place.
And because my IP is blocked, I don’t have access to my server to see the logs.
I saw the link, but unfortunately, I don’t have complete mastery, so I need help