UDP Broadcast from my Windows Server

rodrigobenta · September 7, 2018, 11:27pm

Hi people, i’m here with an issue after upgrading my mikrotik RB2011 UiAS-2HnD. version 6.42.7
I have a port scanner rule, that adds ip scanners, and then drop packages.
Now in my log, i’m seeing that mikrotik is blocking with this rule a port scanner (UDP) from my server ip.

the log is this:
port scanner drop: 192.x.x.x:59842->192.x.x.255:20561.
i read this 59842 is an UDP protocol, but im scared about thinking i have a virus sending broadcast to my network in the windows server.

NOTE: Windows server 2012 r2, works as dhcp.

Thank you so much for your time

CsXen · September 9, 2018, 4:09am

Hi.

I think, UDP20561 is your router MAC telnet port…

Best regards: CsXen

rodrigobenta · September 10, 2018, 1:25am

Hello men, thank u for answering.
Should i disable telnet from my router ? or what do you mean?
thanks again.

thingaha · September 10, 2018, 3:14am

I think only you need, your server ip (src-address) is exception for port scanner
eg; src-address = !your server ip

sorry for my poor english

tippenring · September 10, 2018, 3:36am

If you use Winbox to connect to the router via MAC address rather than IP, Winbox sends the packets to the IP broadcast address of the subnet on that UDP port.

https://wiki.mikrotik.com/wiki/Manual:IP/Services#Protocols_and_ports

rodrigobenta · September 11, 2018, 10:12pm

ye same here, im from uruguay jaja.
but i understood you.
thank you so much!

rodrigobenta · September 11, 2018, 10:13pm

i use mac addres yes, cause with that port scanner once i couldn’t connect to it.
so we get there, that’s why my logs appear. thank you so much men