Drop port scanners

From MikroTik Wiki
Revision as of 00:45, 16 November 2005 by Karlisb (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

To protect the Router from port scaners, we can write down the user IP who try scan your box, and then using the address list we can drop connection from those IP

in /ip firewall filter

add chain=input protocol=tcp psd=21,3s,3,1 action=add-src-to-address-list address-list="port scaners" 
address-list-timeout=2w comment="Port scaners to list " disabled=no

Then you can drop those IP:

add chain=input src-address-list="port scaners" action=drop comment="droping port scaners" disabled=no