MikroTik

DONE
NO IP SCANNERS NO MORE
FIREWALL RULES FIRST BEFORE EVEN HOTSPOT DEFAULT RULES
===========================================================================================
/ip firewall filter
add action=drop chain=output dst-address-list=Scanner src-address=local.lan.pool
add action=jump chain=forward connection-state=new dst-address=local.lan.pool hotspot=from-client,!auth jump-target=block-scan src-address=local.lan.pool
add action=add-src-to-address-list address-list=Scanner address-list-timeout=5m \
chain=block-scan dst-address=!your,hotspot_dns.ip
==========================================================================================
with this setup there is no false alarms
ip scanners flood the server with requests and wait for response so it will be detected before showing any scan results
TESTED on apps
Advanced IP Scanner on windows
fing android
this will limit the unauthorized access to the server and yes hackers can spoof the macs with Wireshark
but to have protection vs novak hackers with just android scanners and mac changers is better than staying like a setting duck for ANYONE to hack with a click
--------------------------------------------------------------------------------------------------------------------------------------------------------------
UPDATE :
after further testing
this method is not working at the blocking part but the scanner detect is very accurate i think these apps use ip or arp dhcp protocol and i will test bridge firewall to block the scan will update soon
any help in the blocking part join in

Any testers? Share results.

Any testers? Share results.

NOT working in blocking part but the local to local scan detect is very accurate

update
a switch rule i think can prevent the scan after detection but my switch chip not supporting any rule
need a tester
if true a script can add from scanner list to the switch rule table on block

UPDATE
Counter measures can prevent these kind of scanning and spoofing with via network map apps
1-/8 pool with random ips and dhcp /32 netmask
a large pool with random ips+ hotspot 1 to 1 nat is very hard to scan for a (novak apk one click hackers)
random pool pic ex
11.54.203.33
11.188.234.11
11.233.43.12
next pool and so on
a 32 net mask on dhcp is a must with this setup + a 1 to 1 hotspot nat pool this must have be on same range as dhcp pool but different ips
like 11.0.0.10-11.0.1.254 this address transition will help !
2- a layer 7 rule to drop and log netcut mappers for extra security with regexp of netCut|arcai.com (detection 100%)

Hello, Please I am in same situation . A lot of problems to block soft such as Angry ip scan, Advanced ip scan. Please Help.