Community discussions

 
cubber
just joined
Topic Author
Posts: 5
Joined: Wed Oct 24, 2018 12:51 pm

Mikrotik Port Scanner -> Filezilla (21) Problem

Tue Dec 11, 2018 1:34 pm

Hello,

I took the following steps ;

Our customers are caught by the rules when transferring files via FTP ( 21 PORT )

Image
Image
Image
Image
Image
Last edited by cubber on Tue Dec 11, 2018 7:56 pm, edited 1 time in total.
 
2frogs
Long time Member
Long time Member
Posts: 540
Joined: Fri Dec 03, 2010 1:38 am

Re: Mikrotik Port Scanner -> Filezilla (21) Problem

Tue Dec 11, 2018 6:54 pm

Your screenshot suggests you have the rule on chain=forward instead of chain=input...
 
cubber
just joined
Topic Author
Posts: 5
Joined: Wed Oct 24, 2018 12:51 pm

Re: Mikrotik Port Scanner -> Filezilla (21) Problem

Tue Dec 11, 2018 7:44 pm

Your screenshot suggests you have the rule on chain=forward instead of chain=input...
I want to do a port scan to the routera but not to the servers on the inside
 
2frogs
Long time Member
Long time Member
Posts: 540
Joined: Fri Dec 03, 2010 1:38 am

Re: Mikrotik Port Scanner -> Filezilla (21) Problem

Tue Dec 11, 2018 8:05 pm

in /ip firewall filter -> add chain=input protocol=tcp psd=21,3s,3,1 action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="Port scanners to list” disabled=no
This is correct! chain=input is for traffic going to the router itself.

Image
This is incorrect! chain=forward is any traffic going to/from your clients! This why it is catching your clients.
 
cubber
just joined
Topic Author
Posts: 5
Joined: Wed Oct 24, 2018 12:51 pm

Re: Mikrotik Port Scanner -> Filezilla (21) Problem

Tue Dec 11, 2018 10:32 pm

in /ip firewall filter -> add chain=input protocol=tcp psd=21,3s,3,1 action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="Port scanners to list” disabled=no
This is correct! chain=input is for traffic going to the router itself.

Image
This is incorrect! chain=forward is any traffic going to/from your clients! This why it is catching your clients.
I understand you

does not capture port scaners when set to input

I wonder where I am making a mistake
 
2frogs
Long time Member
Long time Member
Posts: 540
Joined: Fri Dec 03, 2010 1:38 am

Re: Mikrotik Port Scanner -> Filezilla (21) Problem

Tue Dec 11, 2018 10:45 pm

Do you have the FTP service enabled and on port 21 of the router? What other firewall rules do you have?
/ip firewall filter export
 
anav
Forum Guru
Forum Guru
Posts: 3122
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada

Re: Mikrotik Port Scanner -> Filezilla (21) Problem

Wed Dec 12, 2018 3:05 pm

Your requirments are unclear.

1. Are you running an FTP server on your network?
2. Are clients attempting to run FTP servers on your network without permission?
3. Are your clients attempting to connect to FTP servers on the WAN?
4. What exactly are you trying to detect
5. What are you trying to block.
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
 
R1CH
Forum Veteran
Forum Veteran
Posts: 905
Joined: Sun Oct 01, 2006 11:44 pm

Re: Mikrotik Port Scanner -> Filezilla (21) Problem

Wed Dec 12, 2018 7:20 pm

FTP opens many connections (1 per file), you should make sure your PSD rules are not running if a connection is allowed. It's also very questionable to do anything with PSD since you have no guarantees the IPs you are adding to your lists aren't spoofed.

Who is online

Users browsing this forum: No registered users and 118 guests