Community discussions

MUM Europe 2020
 
2dfx
just joined
Topic Author
Posts: 22
Joined: Tue Mar 05, 2013 6:30 pm

Block LAN scanning

Wed Apr 22, 2015 11:47 am

Hi!
I have mikrotik between networks 10.0.0.0/24 and 192.168.0.0/24.
By using a firewall, I want to protect networks from scanning live hosts.

Computer from 10.0.0.0/24 subnet initiates scanning by ICMP to hosts in network 192.168.0.0/24.
When it sended 10 ICMP packets to random hosts - I want to block this PC by IP.

Please help to do it.
 
lz1dsb
Member Candidate
Member Candidate
Posts: 222
Joined: Wed Aug 07, 2013 11:48 am

Re: Block LAN scanning

Wed Apr 22, 2015 12:02 pm

But how do you define "random hosts"... You can block the ICMP traffic, you can also limit it. In your case you could probably work with ranges of IP addresses. But again, what would be a "random host"...
 
2dfx
just joined
Topic Author
Posts: 22
Joined: Tue Mar 05, 2013 6:30 pm

Re: Block LAN scanning

Wed Apr 22, 2015 1:26 pm

I see around following design:

#Block scanner IP
chain=forward src-address-list=ScanBlocked action=Drop

#GoToScanCheck
chain=forward out-interface=eth2 protocol=ICMP action=jump jump-target=ScanCheckStage1
#Stage1
chain=ScanCheckStage1 dst-address-list=!dst_stage1 src-address-list=!src_stage1 action=add-src-to-address-list adress-list=src_stage1 address-list-timeout=1m
chain=ScanCheckStage1 dst-address-list=!dst_stage1 src-address-list=!src_stage1 action=add-dst-to-address-list adress-list=dst_stage1 address-list-timeout=1m
chain=ScanCheckStage1 dst-address-list=dst_stage1 src-address-list=src_stage1 action=jump jump-target=ScanCheckStage2

#Stage2
chain=ScanCheckStage2 dst-address-list=!dst_stage2 src-address-list=!src_stage2 action=add-src-to-address-list adress-list=src_stage2 address-list-timeout=1m
chain=ScanCheckStage2 dst-address-list=!dst_stage2 src-address-list=!src_stage2 action=add-dst-to-address-list adress-list=dst_stage2 address-list-timeout=1m
chain=ScanCheckStage2 dst-address-list=dst_stage2 src-address-list=src_stage2 action=jump jump-target=ScanCheckStageN

#LastStage
chain=ScanCheckStageN dst-address-list=!dst_stageN src-address-list=!src_stageN action=add-src-to-address-list adress-list=src_stageN address-list-timeout=1m
chain=ScanCheckStageN dst-address-list=!dst_stageN src-address-list=!src_stageN action=add-dst-to-address-list adress-list=dst_stageN address-list-timeout=1m
chain=ScanCheckStage2 dst-address-list=dst_stage2 src-address-list=src_stage2 action=add-src-to-address-list adress-list=ScanBlocked

Who is online

Users browsing this forum: jmcguckin, jonhyg and 49 guests