MikroTik

Community discussions
https://forum.mikrotik.com/

block unknown port number packet

https://forum.mikrotik.com/viewtopic.php?t=52832

Page 1 of 1

block unknown port number packet

Posted: Thu Jun 23, 2011 2:24 pm
by reza.mnp
Please note the attached picture
tourch wan interface

protocol = tcp

source address = known
source port number = known

destination address = known
destination port number = unknown

how can block this packet?
this traffic generate with hping3 command.

Re: block unknown port number packet

Posted: Thu Jun 23, 2011 4:32 pm
by fewi
Unfortunately you decided to blank out essentially all the relevant information in that screen shot.

So you say the source IP, protocol, and port are known, as is the destination IP. Assuming the source IP is 1.1.1.1, the source protocol is TCP, the source port is 1 and the destination IP is 1.1.1.2, simply write a firewall filter rule the specifies the known parts and has an action of drop. Also assuming that the packet is going through the router rather than to the router (the destination IP is not an IP address assigned to a router interface after destination NAT) you would use the forward chain, otherwise use the input chain:
Code: Select all
/ip firewall filter
add chain=forward src-address=1.1.1.1 protocol=tcp src-port=1 dst-address=1.1.1.2 action=drop
All of this is explained in the manual:
Code: Select all
 http://wiki.mikrotik.com/wiki/Manual:IP/Firewall/Filter
Code: Select all
http://wiki.mikrotik.com/wiki/Manual:Packet_Flow

Re: block unknown port number packet

Posted: Thu Jun 23, 2011 10:07 pm
by reza.mnp
please run this command in linux machine

hping2 www.wxample.com -d 654000 --faster

now block generated traffic by several machine on the different places.
its ddos.
All times are UTC+02:00
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/