I have added allot of rules in my Mikrotik RouterOs like[**] [1:485:4] ICMP Destination Unreachable Communication Administratively Prohibited [**]
[Classification: Misc activity] [Priority: 3]
03/25-00:30:31.190495 213.91.129.37 -> 192.168.195.74
ICMP TTL:253 TOS:0xC0 ID:35535 IpLen:20 DgmLen:56
Type:3 Code:13 DESTINATION UNREACHABLE: ADMINISTRATIVELY PROHIBITED,
PACKET FILTERED
** ORIGINAL DATAGRAM DUMP:
192.168.195.74:12762 -> 69.199.66.39:6881
UDP TTL:123 TOS:0x0 ID:46383 IpLen:20 DgmLen:126
Len: 98
** END OF DUMP
[**] [1:485:4] ICMP Destination Unreachable Communication Administratively Prohibited [**]
[Classification: Misc activity] [Priority: 3]
03/25-00:30:31.735533 213.91.129.37 -> 192.168.195.74
ICMP TTL:253 TOS:0xC0 ID:35539 IpLen:20 DgmLen:56
Type:3 Code:13 DESTINATION UNREACHABLE: ADMINISTRATIVELY PROHIBITED,
PACKET FILTERED
** ORIGINAL DATAGRAM DUMP:
192.168.195.74:12762 -> 219.154.178.106:18000
UDP TTL:123 TOS:0x0 ID:46397 IpLen:20 DgmLen:126
Len: 98
** END OF DUMP
[**] [1:485:4] ICMP Destination Unreachable Communication Administratively Prohibited [**]
[Classification: Misc activity] [Priority: 3]
03/25-00:30:32.236979 213.91.129.37 -> 192.168.195.66
ICMP TTL:253 TOS:0xC0 ID:35545 IpLen:20 DgmLen:56
Type:3 Code:13 DESTINATION UNREACHABLE: ADMINISTRATIVELY PROHIBITED,
PACKET FILTERED
** ORIGINAL DATAGRAM DUMP:
192.168.195.66:7288 -> 82.40.214.33:32733
UDP TTL:124 TOS:0x0 ID:2515 IpLen:20 DgmLen:130
Len: 102
** END OF DUMP
[**] [1:485:4] ICMP Destination Unreachable Communication Administratively Prohibited [**]
[Classification: Misc activity] [Priority: 3]
03/25-00:30:32.834753 213.91.129.37 -> 192.168.195.74
ICMP TTL:253 TOS:0xC0 ID:35547 IpLen:20 DgmLen:56
Type:3 Code:13 DESTINATION UNREACHABLE: ADMINISTRATIVELY PROHIBITED,
PACKET FILTERED
** ORIGINAL DATAGRAM DUMP:
192.168.195.74:12762 -> 84.166.93.156:7719
UDP TTL:123 TOS:0x0 ID:46452 IpLen:20 DgmLen:126
Len: 98
** END OF DUMP
[**] [1:485:4] ICMP Destination Unreachable Communication Administratively Prohibited [**]
[Classification: Misc activity] [Priority: 3]
03/25-00:30:33.342658 213.91.129.37 -> 192.168.195.112
ICMP TTL:253 TOS:0xC0 ID:35549 IpLen:20 DgmLen:56
Type:3 Code:13 DESTINATION UNREACHABLE: ADMINISTRATIVELY PROHIBITED,
PACKET FILTERED
** ORIGINAL DATAGRAM DUMP:
192.168.195.112:61565 -> 82.128.186.85:34503
UDP TTL:124 TOS:0x0 ID:47638 IpLen:20 DgmLen:49
Len: 21
** END OF DUMP
[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
03/25-00:30:33.976166 192.168.193.244:4064 -> 195.149.248.151:80
TCP TTL:127 TOS:0x0 ID:29224 IpLen:20 DgmLen:481 DF
***AP*** Seq: 0x4A249D01 Ack: 0x2E1FEF93 Win: 0xFF3C TcpLen: 20
[**] [1:485:4] ICMP Destination Unreachable Communication Administratively Prohibited [**]
[Classification: Misc activity] [Priority: 3]
03/25-00:30:34.035747 213.91.129.37 -> 192.168.195.74
ICMP TTL:253 TOS:0xC0 ID:35551 IpLen:20 DgmLen:56
Type:3 Code:13 DESTINATION UNREACHABLE: ADMINISTRATIVELY PROHIBITED,
PACKET FILTERED
** ORIGINAL DATAGRAM DUMP:
192.168.195.74:12762 -> 142.163.162.111:61746
UDP TTL:123 TOS:0x0 ID:46497 IpLen:20 DgmLen:126
Len: 98
** END OF DUMP
But still i have the same messeges , how can i stop this traffic ?/ip firewall filter
add chain=input connection-state=established action=accept comment=";;; accept established connection packets"
add chain=input connection-state=related action=accept comment=";;; accept related connection packets"
add chain=input connection-state=invalid action=drop comment=";;; drop invalid packets"
add chain=input protocol=tcp dst-port=80 connection-limit=50,0 action=drop comment=";;; limit total http connections to 50"
add chain=input protocol=tcp psd=21,3s,3,1 action=drop comment=";;; detect and drop port scan connections"
add chain=input protocol=tcp connection-limit=3,32 src-address-list=black_list action=tarpit comment=";;; suppress DoS attack"
add chain=input protocol=tcp connection-limit=10,32 action=add-src-to-address-list address-list=black_list address-list-timeout=1d comment=";;; detect DoS attack"
add chain=input dst-address-type=!local action=drop comment=";;; drop all that is not to local"
add chain=input src-address-type=!unicast action=drop comment=";;; drop all that is not from unicast"
add chain=input protocol=icmp action=jump jump-target=ICMP comment=";;; jump to chain ICMP"
add chain=input action=jump jump-target=services comment=";;; jump to chain services"
add chain=input action=log log-prefix="input" comment=";;; LOG"
add chain=input action=drop ;;; comment="drop everything else"
add chain=ICMP protocol=icmp icmp-options=0:0-255 limit=5,5 action=accept comment=";;; 0:0 and limit for 5pac/s"
add chain=ICMP protocol=icmp icmp-options=3:3 limit=5,5 action=accept comment=";;; 3:3 and limit for 5pac/s"
add chain=ICMP protocol=icmp icmp-options=3:4 limit=5,5 action=accept comment=";;; 3:4 and limit for 5pac/s"
add chain=ICMP protocol=icmp icmp-options=8:0-255 limit=5,5 action=accept comment=";;; 8:0 and limit for 5pac/s"
add chain=ICMP protocol=icmp icmp-options=11:0-255 limit=5,5 action=accept comment=";;; 11:0 and limit for 5pac/s"
add chain=ICMP protocol=icmp action=drop comment=";;; Drop everything else"
add chain=services src-address=127.0.0.1 dst-address=127.0.0.1 action=accept comment=";;; accept localhost"
add chain=services protocol=tcp dst-port=20-21 action=accept comment=";;; allow ftp"
add chain=services protocol=tcp dst-port=22 action=accept comment=";;; allow sftp, ssh"
add chain=services protocol=tcp dst-port=23 action=accept comment=";;; allow telnet"
add chain=services protocol=tcp dst-port=80 action=accept comment=";;; allow http, webbox"
add chain=services protocol=tcp dst-port=8291 action=accept comment=";;; Allow winbox"
add chain=services protocol=udp dst-port=20561 action=accept comment=";;; allow MACwinbox"
add chain=services src-address=192.168.194.200 protocol=tcp dst-port=7828 action=accept comment=";;; ..."
add chain=services protocol=tcp dst-port=2000 action=accept comment=";;; Bandwidth server"
add chain=services protocol=udp dst-port=5678 action=accept comment=";;; MT Discovery Protocol"
add chain=services protocol=tcp dst-port=53 action=accept comment=";;; allow DNS request"
add chain=services protocol=udp dst-port=53 action=accept comment=";;; Allow DNS request"
add chain=services protocol=udp dst-port=1701 action=accept comment=";;; allow L2TP"
add chain=services protocol=tcp dst-port=1723 action=accept comment=";;; allow PPTP"
add chain=services protocol=gre action=accept comment=";;; allow PPTP and EoIP"
add chain=services protocol=ipencap action=accept comment=";;; allow IPIP"
add chain=services protocol=udp dst-port=1900 action=accept comment=";;; UPnP"
add chain=services protocol=tcp dst-port=2828 action=accept comment=";;; UPnP"
add chain=services protocol=udp dst-port=67-68 action=accept comment=";;; allow DHCP"
add chain=services protocol=tcp dst-port=8080 action=accept comment=";;; allow Web Proxy"
add chain=services protocol=tcp dst-port=123 action=accept comment=";;; allow NTP"
add chain=services protocol=tcp dst-port=161 action=accept comment=";;; allow SNMP"
add chain=services protocol=tcp dst-port=443 action=accept comment=";;; allow https for Hotspot"
add chain=services protocol=tcp dst-port=1080 action=accept comment=";;; allow Socks for Hotspot"
add chain=services protocol=udp dst-port=500 action=accept comment=";;; allow IPSec connections"
add chain=services protocol=ipsec-esp action=accept comment=";;; allow IPSec"
add chain=services protocol=ipsec-ah action=accept comment=";;; allow IPSec"
add chain=services protocol=tcp dst-port=179 action=accept comment=";;; Allow BGP"
add chain=services protocol=udp dst-port=520-521 action=accept comment=";;; allow RIP"
add chain=services protocol=ospf action=accept comment=";;; allow OSPF"
add chain=services protocol=udp dst-port=5000-5100 action=accept comment=";;; allow BGP"
add chain=services protocol=tcp dst-port=1720 action=accept comment=";;; allow Telephony"
add chain=services protocol=udp dst-port=1719 action=accept comment=";;; allow Telephony"
add chain=services protocol=vrrp action=accept comment=";;; allow VRRP"
add chain=virus protocol=tcp dst-port=135-139 action=drop comment=";;; Drop Blaster Worm"
add chain=virus protocol=udp dst-port=135-139 action=drop comment=";;; Drop Messenger Worm"
add chain=virus protocol=tcp dst-port=445 action=drop comment=";;; Drop Blaster Worm"
add chain=virus protocol=udp dst-port=445 action=drop comment=";;; Drop Blaster Worm"
add chain=virus protocol=tcp dst-port=593 action=drop comment=";;; ________"
add chain=virus protocol=tcp dst-port=1024-1030 action=drop comment=";;; ________"
add chain=virus protocol=tcp dst-port=1080 action=drop comment=";;; Drop MyDoom"
add chain=virus protocol=tcp dst-port=1214 action=drop comment=";;; ________"
add chain=virus protocol=tcp dst-port=1363 action=drop comment=";;; ndm requester"
add chain=virus protocol=tcp dst-port=1364 action=drop comment=";;; ndm server"
add chain=virus protocol=tcp dst-port=1368 action=drop comment=";;; screen cast"
add chain=virus protocol=tcp dst-port=1373 action=drop comment=";;; hromgrafx"
add chain=virus protocol=tcp dst-port=1377 action=drop comment=";;; cichlid"
add chain=virus protocol=tcp dst-port=1433-1434 action=drop comment=";;; Worm"
add chain=virus protocol=tcp dst-port=2745 action=drop comment=";;; Bagle Virus"
add chain=virus protocol=tcp dst-port=2283 action=drop comment=";;; Drop Dumaru.Y"
add chain=virus protocol=tcp dst-port=2535 action=drop comment=";;; Drop Beagle"
add chain=virus protocol=tcp dst-port=2745 action=drop comment=";;; Drop Beagle.C-K"
add chain=virus protocol=tcp dst-port=3127-3128 action=drop comment=";;; Drop MyDoom"
add chain=virus protocol=tcp dst-port=3410 action=drop comment=";;; Drop Backdoor OptixPro"
add chain=virus protocol=tcp dst-port=4444 action=drop comment=";;; Worm"
add chain=virus protocol=udp dst-port=4444 action=drop comment=";;; Worm"
add chain=virus protocol=tcp dst-port=5554 action=drop comment=";;; Drop Sasser"
add chain=virus protocol=tcp dst-port=8866 action=drop comment=";;; Drop Beagle.B"
add chain=virus protocol=tcp dst-port=9898 action=drop comment=";;; Drop Dabber.A-B"
add chain=virus protocol=tcp dst-port=10000 action=drop comment=";;; Drop Dumaru.Y"
add chain=virus protocol=tcp dst-port=10080 action=drop comment=";;; Drop MyDoom.B"
add chain=virus protocol=tcp dst-port=12345 action=drop comment=";;; Drop NetBus"
add chain=virus protocol=tcp dst-port=17300 action=drop comment=";;; Drop Kuang2"
add chain=virus protocol=tcp dst-port=27374 action=drop comment=";;; Drop SubSeven"
add chain=virus protocol=tcp dst-port=65506 action=drop comment=";;; Drop PhatBot, Gaobot"
add chain=forward connection-state=established action=accept comment=";;; accept established packets"
add chain=forward connection-state=related action=accept comment=";;; accept related packets"
add chain=forward connection-state=invalid action=drop comment=";;; drop invalid packets"
add chain=forward src-address-type=!unicast action=drop comment=";;; drop all that is not from unicast"
add chain=forward in-interface=internet src-address-list=not_in_internet action=drop comment=";;; drop data from bogon IP's"
add chain=forward in-interface=!internet dst-address-list=not_in_internet action=drop comment=";;; drop data to bogon IP's"
add chain=forward protocol=icmp action=jump jump-target=ICMP comment=";;; jump to chain ICMP"
add chain=forward action=jump jump-target=virus comment=";;; jump to virus chain"
add chain=forward action=accept comment=";;; Accept everything else"
add chain=output connection-state=invalid action=drop comment=";;; drop invalid packets"
add chain=output connection-state=related action=accept comment=";;; accept related packets"
add chain=output connection-state=established action=accept comment=";;; accept established packets"
Port Scanners
/ip firewall filter add chain=input protocol=tcp psd=21,3s,3,1 action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="Port scanners to list " disabled=no
/ip firewall filter add chain=input protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="NMAP FIN Stealth scan"
/ip firewall filter add chain=input protocol=tcp tcp-flags=fin,syn action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="SYN/FIN scan"
/ip firewall filter add chain=input protocol=tcp tcp-flags=syn,rst action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="SYN/RST scan"
/ip firewall filter add chain=input protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="FIN/PSH/URG scan"
/ip firewall filter add chain=input protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="ALL/ALL scan"
/ip firewall filter add chain=input protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="NMAP NULL scan"
/ip firewall filter add chain=input src-address-list="port scanners" action=drop comment="dropping port scanners" disabled=no
Thks all !
