MikroTik

Posted: **Thu Dec 01, 2016 11:56 pm**

Hello,
Today I realized that there are continuous attacks to my mikrotik from outside. Different ips try to get into through different ports like 22 or 6889 or not so much known ports like 1024 or ports over 11000...
What rules should i write in firewall so to drop immediately every connection try from every ip that continuous try to get connected ?
I want to open some ports for my self (like 22 for ssh) but I am afraid now...

Posted: **Fri Dec 02, 2016 12:15 am**

You could have a look at the RAW rule I use and I have open port 25,80 and 443.

http://forum.mikrotik.com/viewtopic.php ... 19#p570719

If you have a static IP then look at allowing only that IP to is allowed use port 22 (ssh) and if you have trusted second static IP then used that as backup.

Posted: **Fri Dec 02, 2016 1:00 am**

If you are under attack then you should just drop everything except connections you want to accept.
Configure IPSEC tunnel for you to connect safely to your router.

Posted: **Fri Dec 02, 2016 5:47 am**

Locate "port knocking" in a MUM meeting presentation a few years back.
It hinders port scanning as a benefit.

MikroTik

Firewall blocking same continuous "attacks"

Firewall blocking same continuous "attacks"

Re: Firewall blocking same continuous

Re: Firewall blocking same continuous

Re: Firewall blocking same continuous