I have used Splunk to monitor what is blocked on my wan port on my RB750Gv3.
Using Splunk to monitor: viewtopic.php?f=2&t=137338
My last filter rule logs all that is not allowed and send it out using syslog to Splunk.
The result is an average on 100 000 hit each day. Nearly all on port tcp/23.
Code: Select all
chain=input action=drop in-interface=ether1-Wan log=yes log-prefix="FW_Drop_all_from_WAN"
Port tcp/23 get hammered more than 1 time every seconds from different IP.
From the graphs you can see that each source IP do try many times for some days, then gives up.
So do not use telnet port tcp/23.
Use SSH on a random high port like 53244 if you need console access from outside.
Or use port knocking.
Port tcp/23 All ports