Community discussions

MikroTik App
 
egn
just joined
Topic Author
Posts: 3
Joined: Thu May 12, 2022 7:50 am

Mikrotik 450G

Thu May 12, 2022 8:47 pm

Hello,

I'm having an issue where I'm getting a notice from ISP regarding a computer on network running Honeypot HTTP scanner on port 80. Is there a way to block all users from running port scanners using port 80 on Mikrotik router?
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Mikrotik 450G

Thu May 12, 2022 9:03 pm

block port 80?
do you want block http?
use torch or use connection tracking to see who is do outside scan....
 
egn
just joined
Topic Author
Posts: 3
Joined: Thu May 12, 2022 7:50 am

Re: Mikrotik 450G

Fri May 13, 2022 5:42 am

I tried using torch or connection monitoring but all computers use port 80 for traffic. The incident logs show this:

threat: Honeypot HTTP Scanner
type: tcp
source port: 57612
destination port: 80
destination ip: XX.XXX.XXX.XXX

I guess if I block destination port 80 and source range 55000 to 60000 that might do it, how can I apply this rule?
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Mikrotik 450G

Fri May 13, 2022 10:49 am

you must "syslog" all your firewall new connection for discovery who is, based on report date, time, IP and port....
 
egn
just joined
Topic Author
Posts: 3
Joined: Thu May 12, 2022 7:50 am

Re: Mikrotik 450G

Fri May 13, 2022 7:27 pm

Where do I go to do this?

Who is online

Users browsing this forum: gigabyte091, gkoleff, outtahere and 52 guests