Hi people, i'm here with an issue after upgrading my mikrotik RB2011 UiAS-2HnD. version 6.42.7
I have a port scanner rule, that adds ip scanners, and then drop packages.
Now in my log, i'm seeing that mikrotik is blocking with this rule a port scanner (UDP) from my server ip.

the log is this:
port scanner drop: 192.x.x.x:59842->192.x.x.255:20561.
i read this 59842 is an UDP protocol, but im scared about thinking i have a virus sending broadcast to my network in the windows server.


NOTE: Windows server 2012 r2, works as dhcp.


Thank you so much for your time

Hi.

port scanner drop: 192.x.x.x:59842->192.x.x.255:20561.

I think, UDP20561 is your router MAC telnet port...

Best regards: CsXen

Hi.

port scanner drop: 192.x.x.x:59842->192.x.x.255:20561.

I think, UDP20561 is your router MAC telnet port...

Best regards: CsXen

Hello men, thank u for answering.
Should i disable telnet from my router ? or what do you mean?
thanks again.

I think only you need, your server ip (src-address) is exception for port scanner
eg; src-address = !your server ip

sorry for my poor english

If you use Winbox to connect to the router via MAC address rather than IP, Winbox sends the packets to the IP broadcast address of the subnet on that UDP port.

https://wiki.mikrotik.com/wiki/Manual:I ... _and_ports

I think only you need, your server ip (src-address) is exception for port scanner
eg; src-address = !your server ip

sorry for my poor english

ye same here, im from uruguay jaja.
but i understood you.
thank you so much!

If you use Winbox to connect to the router via MAC address rather than IP, Winbox sends the packets to the IP broadcast address of the subnet on that UDP port.

https://wiki.mikrotik.com/wiki/Manual:I ... _and_ports

i use mac addres yes, cause with that port scanner once i couldn't connect to it.
so we get there, that's why my logs appear. thank you so much men