Community discussions

 
User avatar
Naweelaly
just joined
Topic Author
Posts: 1
Joined: Fri Mar 29, 2019 3:26 pm
Location: Duluth

how to close all UDP ports on mikrotik?

Fri Mar 29, 2019 8:28 pm

hello guys
i need to some rules for closing all udp ports on mikrotik router. i have received an abuse from hetzner data center regarding to netscan attack through the following ports:
55341 UDP
445 TCP
53047 UDP
its so wire because previously 445 port has been closed through windows registery ( regedit rule) i am wondering how is it possible when this port is closed?
 
R1CH
Forum Veteran
Forum Veteran
Posts: 883
Joined: Sun Oct 01, 2006 11:44 pm

Re: how to close all UDP ports on mikrotik?

Sat Mar 30, 2019 3:28 pm

Add rule to FORWARD chain, protocol UDP, action DROP. Note that this will break a lot of things that rely on UDP, a better solution is to fix whichever client behind your router is infected and trying to scan the internet.
 
User avatar
AlainCasault
Trainer
Trainer
Posts: 601
Joined: Fri Apr 30, 2010 3:25 pm
Location: Laval, QC, Canada
Contact:

Re: how to close all UDP ports on mikrotik?

Fri Apr 05, 2019 7:45 pm

To piggy back on rich1's comment, do it for only THAT host

Shouldn't be hard to find the guilty party. If you don't know who's doing it, add a forward rule that only logs UDP outbound.

Cheers


Sent from my cell phone. Sorry for the errors.

___________________________
Alain Casault, Eng.
If I helped you, let me know!
 
donghoony
just joined
Posts: 2
Joined: Fri Apr 05, 2019 9:26 pm
Location: Republic of Korea
Contact:

Re: how to close all UDP ports on mikrotik?

Fri Apr 05, 2019 9:54 pm

If you want to close all UDP ports on MikroTik, Run this command your terminal on routeros.

Replace dst-address into your destination address. I think that it isn't desirable to drop all.

/ip firewall raw add chain=prerouting dst-address=10.0.0.1 protocol=udp action=drop

Who is online

Users browsing this forum: Google [Bot] and 41 guests