Hi,
What are these services ? I am sure that i don’t have any DHCP server or client on my Router-OS config…
These services are not allow to be disable and they come and disappear by their self !
Hi,
Ports 67,68: do you have DHCP client or server enabled?
Port 137: SMB sharing enabled?
If you don't have a DHCP client configured. It could be /interface/detect-internet being enabled, as that causes a dynamic DHCP client, which then be a dynamic service appearing.
FWIW, in recent RouterOS versions, they now show "dynamic" service that are added by other RouterOS process. So items marked with a "D" mean you have some configuration somewhere that's using a listening port. So the feature is to at least show all listeners in one place, but to disable them you need to remove the config.
all DHCPs are disable
Do export configuration, post it and we could check it:
/export hide-sensitive file=any-filename-you-wish
1 Like
It might still be Detect Internet. There is this bugfix in 7.21beta:
- detnet - fixed unnecessary process starting even when feature is not enabled;
As you are running the x86 version in VMware. Maybe you can take a snapshot and temporary upgrade to 7.21beta5 to see if those processes are still there?
# 2025-11-02 09:59:50 by RouterOS 7.20.1
# software id = ZJ3M-ESHW
#
/interface ethernet
set \[ find default-name=ether1 \] disable-running-check=no
/interface vlan
add interface=ether1 name=AsiaTech vlan-id=100
add interface=ether1 name=SabaNet vlan-id=101
/interface list
add name=WAN
add name=LAN
/system logging action
set 0 memory-lines=2000
/ip smb
set enabled=no
/ip neighbor discovery-settings
set discover-interface-list=none
/interface list member
add interface=AsiaTech list=WAN
add interface=SabaNet list=WAN
add interface=ether1 list=LAN
/ip address
add address=192.168.100.3/24 interface=SabaNet network=192.168.100.0
add address=185.109.247.67/29 interface=AsiaTech network=185.109.247.64
add address=192.168.1.250/24 interface=ether1 network=192.168.1.0
/ip dns
set servers=8.8.8.8
/ip firewall filter
add action=drop chain=input comment="Invalid Detector Block"
connection-state=invalid in-interface=AsiaTech log=yes log-prefix=
INVALID-FIREWALL protocol=tcp
add action=passthrough chain=input dst-address=185.109.247.67 log=yes
log-prefix=ARVIN-LOG
add action=add-src-to-address-list address-list=Asia-Tech-Ping
address-list-timeout=none-dynamic chain=input disabled=yes in-interface=
AsiaTech protocol=icmp
add action=add-src-to-address-list address-list=Asia-Tech-PortScan
address-list-timeout=4h chain=input comment="Detect PortScan"
in-interface=AsiaTech protocol=tcp psd=4,1m,1,1
add action=add-src-to-address-list address-list=Asia-Tech-PortScan
address-list-timeout=4h chain=input comment="Detect PortScan"
in-interface=AsiaTech protocol=udp psd=2,1m,1,1
add action=add-src-to-address-list address-list=Saba-Net-Ping
address-list-timeout=none-dynamic chain=input in-interface=SabaNet
protocol=icmp
add action=add-src-to-address-list address-list=Saba-Net-PortScan
address-list-timeout=none-dynamic chain=input in-interface=SabaNet
protocol=tcp psd=21,3s,3,1
add action=add-src-to-address-list address-list=Winbox-attack
address-list-timeout=none-dynamic chain=input dst-port=8291 protocol=tcp
add action=drop chain=input comment="ping block" in-interface=AsiaTech
protocol=icmp src-address=!8.8.8.8
add action=drop chain=input comment="8291 access Block" dst-port=8291
protocol=tcp src-address=!192.168.1.0/24
/ip firewall nat
add action=masquerade chain=srcnat
/ip firewall raw
add action=drop chain=prerouting log=yes log-prefix=RAWINVALID-DROPP
protocol=tcp tcp-flags=fin,psh,urg
add action=drop chain=prerouting log=yes log-prefix=RAWINVALID-DROPP
protocol=tcp tcp-flags=fin,syn
add action=drop chain=prerouting log=yes log-prefix=RAWINVALID-DROPP
protocol=tcp tcp-flags=syn,ack
add action=drop chain=prerouting log=yes log-prefix=RAWINVALID-DROPP
protocol=tcp tcp-flags=rst,ack
add action=drop chain=prerouting comment="Block Scanners for 4 hours"
src-address-list=Asia-Tech-PortScan
/ip hotspot profile
set \[ find default=yes \] html-directory=hotspot
/ip route
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=
185.109.247.65 routing-table=main scope=30 suppress-hw-offload=no
target-scope=10
add check-gateway=ping disabled=no distance=2 dst-address=0.0.0.0/0 gateway=
192.168.100.1 routing-table=main scope=30 suppress-hw-offload=no
target-scope=10
/ip service
set ftp disabled=yes
set ssh disabled=yes
set telnet disabled=yes
set www address=192.168.1.0/24,192.168.100.0/24
set winbox address=192.168.100.0/24,192.168.1.0/24
set api disabled=yes
set api-ssl disabled=yes
/system clock
set time-zone-name=Iran
/system ntp client
set enabled=yes
/system ntp client servers
add address=1.asia.pool.ntp.org
add address=0.asia.pool.ntp.org
/tool bandwidth-server
set enabled=no