Drop port scanners on MikroTik Router

mikrotik

Karena sempet kecolongan open proxy di port 443, tadi coba iseng-iseng cek aktivitas drop packet pada chain input di MikroTik router. Ternyata eh ternyata, ada yang hobby banget port scanning ke network kantor.
Maaf bung, proxy sudah diamankan! Port 443 tidak bisa digunakan lagi ๐Ÿ˜€

Tapi karena gatel liat log yang terus-terusan bertambah, akhirnya nambahin juga deh dynamic port scanning rule di filter.

Berikut rulenya:

/ip firewall filter
add chain=input protocol=tcp psd=21,3s,3,1 action=add-src-to-address-list address-list=”port scanners” address-list-timeout=2w comment=”Port scanners to list ” disabled=no
add chain=input protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg action=add-src-to-address-list address-list=”port scanners” address-list-timeout=2w comment=”NMAP FIN Stealth scan”
add chain=input protocol=tcp tcp-flags=fin,syn action=add-src-to-address-list address-list=”port scanners” address-list-timeout=2w comment=”SYN/FIN scan”
add chain=input protocol=tcp tcp-flags=syn,rst action=add-src-to-address-list address-list=”port scanners” address-list-timeout=2w comment=”SYN/RST scan”
add chain=input protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack action=add-src-to-address-list address-list=”port scanners” address-list-timeout=2w comment=”FIN/PSH/URG scan”
add chain=input protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg action=add-src-to-address-list address-list=”port scanners” address-list-timeout=2w comment=”ALL/ALL scan”
add chain=input protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg action=add-src-to-address-list address-list=”port scanners” address-list-timeout=2w comment=”NMAP NULL scan”
add chain=input src-address-list=”port scanners” action=drop comment=”dropping port scanners” disabled=no

Begitu juga di chain forward, dapat dilakukan hal serupa. (ganti “chain=input” menjadi “chain=forward”)

Sumber: http://wiki.mikrotik.com/wiki/Drop_port_scanners

No Comments

Leave a Reply

Allowed tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>