Hey all,
This is my first post here, but I reached my limits on an issue and I really wanted some answers so here I am.
My question is pretty simple, why do 'tiks always seem to respond to 161/UDP? I have SNMP disabled, I have filter rules in and raw rules in dropping anything and everything dealing with 161/UDP, yet still nmap and other tools always show the port as open or filtered. Is there some kind of specialty thing Mikrotik uses 161 for other than normal SNMP?
I’ve put my firewall rules below since some may ask for it. Also, running ROS 6.43.12, this specifically is a hAP ac lite.
/ip firewall filter> print
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; dropwinbox042418
chain=input action=drop protocol=tcp src-address=!xxx.xxx.xxx.xxxx dst-port=8291
1 chain=input action=drop protocol=udp src-port="" dst-port=161 log=no log-prefix=""
2 chain=input action=drop protocol=udp src-port=161 log=no log-prefix=""
3 chain=forward action=drop protocol=udp dst-port=161 log=no log-prefix=""
4 chain=forward action=drop protocol=udp src-port=161 log=no log-prefix=""
/ip firewall raw> print
Flags: X - disabled, I - invalid, D - dynamic
0 chain=output action=drop dst-port=161 log=no log-prefix="" protocol=udp
1 chain=output action=drop src-port=161 log=no log-prefix="" protocol=udp
2 chain=prerouting action=drop dst-port=161 log=no log-prefix="SNMP" protocol=udp
3 chain=prerouting action=drop src-port=161 log=no log-prefix="" protocol=udp