Community discussions

MikroTik App
 
homerouter
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 58
Joined: Sun Dec 26, 2021 12:52 pm
Location: DK

Firewall, blocking host testing the same port many times?

Sat Aug 13, 2022 9:02 am

Firewall, blocking host testing the same port many times?

I use the "psd" it work nice, but i miss a option:
The param "WeightThreshold": ->total weight of the latest TCP/UDP packets with <different destination ports> coming from the same host to be treated as port scan sequence

In my case many host polling the same port so many times some +10000 over 24h.

For not i just add host to a list(with a timeout of 48h) when trying port 22,23,443,445

-How to find host polling for port some port ex. 22,23 tree times over 60 second, it can be the same port all tree times.
So count every host making SYN at a port_list will be the case.
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3291
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: Firewall, blocking host testing the same port many times?

Sat Aug 13, 2022 10:23 am

I have a two way of doing this.

1. Block any user who tries a port that is not open and block all port for 24 hour.
viewtopic.php?t=178496

2. Some service port as a limit number of reconnecting before blocked.
viewtopic.php?p=677209#p677209
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19099
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Firewall, blocking host testing the same port many times?

Sat Aug 13, 2022 4:18 pm

Who cares, there are tons of bots knocking on doors all day long, why get concerned.
ANother story if you are running a server with no encyrption and are out of your league doing so behind a home router.

Who is online

Users browsing this forum: Bing [Bot], ivicask, onnyloh, tim427 and 98 guests