Community discussions

MikroTik App
 
tesme33
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 66
Joined: Mon May 26, 2014 10:25 pm

network scan protection

Wed Oct 21, 2015 10:02 pm

HI
im looking for a way to prevent poeple blindly scanning the network.
Im having the standart synflood, port scan and spammer rules up and running .

But i have now scans where one ip is just running through the ip range and trying to make connections by selecting stupid/random ports looking if somebody to answers.

See attached picture.
And even if it states established i the üicture. These IPs are not used ! There is no machine answering behind this IP number.

So the question is how can i block this type of scanning ?
You do not have the required permissions to view the files attached to this post.
 
scampbell
Trainer
Trainer
Posts: 487
Joined: Thu Jun 22, 2006 5:20 am
Location: Wellington, NZ
Contact:

Re: network scan protection

Wed Oct 21, 2015 11:43 pm

Use a firewall rule with the PSD matcher to add Port Scanners to an address list (for 5 days perhaps) and have another rule to drop the address list.

RTFM: http://wiki.mikrotik.com/wiki/Drop_port_scanners :D

Who is online

Users browsing this forum: Google [Bot] and 50 guests