Community discussions

MikroTik App
 
Joho00
just joined
Topic Author
Posts: 17
Joined: Wed Jun 12, 2024 1:24 am

Is it useful to block ICMP response for closed UDP ports?

Tue Jul 09, 2024 4:25 pm

Hello!

i am wondering if is it useful and helpful to raise up my security level, if i block the response ICMP messages to avoid the possiblity to find my open UDP ports externally.

if so, what would be the best firewall rule pls? (to block only this response and not all ICMP messages)

i have built up some honeypot and security measures on my firewall, but i need your expertise to help if the above could raise up further the security of my MT router?

i am reffering to those statements about UDP ports:
When a generic UDP packet is sent to a UDP port of a remote host, one of the following occurs:
If the UDP port is open, the packet is accepted, no response packet is sent.
If the UDP port is closed, an ICMP packet is sent in response with the appropriate error code such as Destination Unreachable.
as a result, i am aiming the following: if no ICMP response sent to any UDP port, this is hardly possible to see which port is open/closed. (as no difference between the responses)

thanks for your comments/advises in advance!
 
patrick7
Member
Member
Posts: 351
Joined: Sat Jul 20, 2013 2:40 pm

Re: Is it useful to block ICMP response for closed UDP ports?  [SOLVED]

Tue Jul 09, 2024 4:35 pm

If you block ports using "drop" instead of "reject", no ICMP message is sent.
 
Joho00
just joined
Topic Author
Posts: 17
Joined: Wed Jun 12, 2024 1:24 am

Re: Is it useful to block ICMP response for closed UDP ports?

Tue Jul 09, 2024 4:45 pm

If you block ports using "drop" instead of "reject", no ICMP message is sent.
thanks!

i am using generally the basic rule, to drop everything on input at the end of the other input rules. (top of it of course there is an accept for the opened port for WG for example)

so with this setup, do you think the port scanners cannot see difference between open and closed UDP ports?

(as far as i know WireGuard, if doesn’t get the proper key, packet is dropped, so the scanner cannot see if this port is open)

thanks for advices!
 
llamajaja
Member Candidate
Member Candidate
Posts: 275
Joined: Sat Sep 30, 2023 3:11 pm

Re: Is it useful to block ICMP response for closed UDP ports?

Tue Jul 09, 2024 5:33 pm

There is no security risk to expose ICMP as far as I am aware but it does impeded troubleshooting and some router functionality if needed.

Who is online

Users browsing this forum: steamy and 11 guests