Community discussions

 
tesme33
newbie
Topic Author
Posts: 48
Joined: Mon May 26, 2014 10:25 pm

network scan protection

Wed Oct 21, 2015 10:02 pm

HI
im looking for a way to prevent poeple blindly scanning the network.
Im having the standart synflood, port scan and spammer rules up and running .

But i have now scans where one ip is just running through the ip range and trying to make connections by selecting stupid/random ports looking if somebody to answers.

See attached picture.
And even if it states established i the üicture. These IPs are not used ! There is no machine answering behind this IP number.

So the question is how can i block this type of scanning ?
You do not have the required permissions to view the files attached to this post.
 
scampbell
Trainer
Trainer
Posts: 457
Joined: Thu Jun 22, 2006 5:20 am
Location: Wellington, NZ
Contact:

Re: network scan protection

Wed Oct 21, 2015 11:43 pm

Use a firewall rule with the PSD matcher to add Port Scanners to an address list (for 5 days perhaps) and have another rule to drop the address list.

RTFM: http://wiki.mikrotik.com/wiki/Drop_port_scanners :D
MTCNA, MTCWE, MTCRE, MTCTCE, MTCSE, MTCINE, Trainer
___________________
Mikrotik Distributor - New Zealand
http://www.campbell.co.nz

Who is online

Users browsing this forum: No registered users and 30 guests