After bit googling it says that port 60000 is "deepthroat" trojan attack port.
For now i added firewall rule to catch all source port 60000 attempts to blocked address list(port scanners list which i already use) and for now its catching all Russian addresses.
Anyone any info on this, or maybe wanna check if your router also getting this attacks?
Code: Select all
/ip firewall filter
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input in-interface=pppoe-out1 log=yes log-prefix=DEEPTHROAT protocol=tcp src-port=60000
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input in-interface=pppoe-out1 log=yes log-prefix=DEEPTHROAT protocol=udp src-port=60000
add action=drop chain=input comment="dropping port scanners" log=yes src-address=!192.168.0.0/16 src-address-list="port scanners"