Community discussions

MUM Europe 2020
just joined
Topic Author
Posts: 22
Joined: Tue Mar 05, 2013 6:30 pm

Block LAN scanning

Wed Apr 22, 2015 11:47 am

I have mikrotik between networks and
By using a firewall, I want to protect networks from scanning live hosts.

Computer from subnet initiates scanning by ICMP to hosts in network
When it sended 10 ICMP packets to random hosts - I want to block this PC by IP.

Please help to do it.
Member Candidate
Member Candidate
Posts: 222
Joined: Wed Aug 07, 2013 11:48 am

Re: Block LAN scanning

Wed Apr 22, 2015 12:02 pm

But how do you define "random hosts"... You can block the ICMP traffic, you can also limit it. In your case you could probably work with ranges of IP addresses. But again, what would be a "random host"...
just joined
Topic Author
Posts: 22
Joined: Tue Mar 05, 2013 6:30 pm

Re: Block LAN scanning

Wed Apr 22, 2015 1:26 pm

I see around following design:

#Block scanner IP
chain=forward src-address-list=ScanBlocked action=Drop

chain=forward out-interface=eth2 protocol=ICMP action=jump jump-target=ScanCheckStage1
chain=ScanCheckStage1 dst-address-list=!dst_stage1 src-address-list=!src_stage1 action=add-src-to-address-list adress-list=src_stage1 address-list-timeout=1m
chain=ScanCheckStage1 dst-address-list=!dst_stage1 src-address-list=!src_stage1 action=add-dst-to-address-list adress-list=dst_stage1 address-list-timeout=1m
chain=ScanCheckStage1 dst-address-list=dst_stage1 src-address-list=src_stage1 action=jump jump-target=ScanCheckStage2

chain=ScanCheckStage2 dst-address-list=!dst_stage2 src-address-list=!src_stage2 action=add-src-to-address-list adress-list=src_stage2 address-list-timeout=1m
chain=ScanCheckStage2 dst-address-list=!dst_stage2 src-address-list=!src_stage2 action=add-dst-to-address-list adress-list=dst_stage2 address-list-timeout=1m
chain=ScanCheckStage2 dst-address-list=dst_stage2 src-address-list=src_stage2 action=jump jump-target=ScanCheckStageN

chain=ScanCheckStageN dst-address-list=!dst_stageN src-address-list=!src_stageN action=add-src-to-address-list adress-list=src_stageN address-list-timeout=1m
chain=ScanCheckStageN dst-address-list=!dst_stageN src-address-list=!src_stageN action=add-dst-to-address-list adress-list=dst_stageN address-list-timeout=1m
chain=ScanCheckStage2 dst-address-list=dst_stage2 src-address-list=src_stage2 action=add-src-to-address-list adress-list=ScanBlocked

Who is online

Users browsing this forum: jmcguckin, jonhyg and 49 guests