May
13

Drop Port Scanner

By

Untuk memprotek router dari port scanner, kita bisa menyimpan IP hacker yang mencoba scan mikrotik anda. Menggunakan address-list kita bisa drop koneksi dari IP-IP yang terindikasi sebagai port scanner.

di /ip firewall filter

add chain=input protocol=tcp psd=21,3s,3,1 action=add-src-to-address-list address-list="port scanners"
address-list-timeout=2w comment="Port scanners to list " disabled=no

Jasa Instalasi Mikrotik

Kombinasi dari TCP flags bisa diindikasikan aktifitas dari port scanner.

add chain=input protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg
action=add-src-to-address-list address-list="port scanners"
address-list-timeout=2w comment="NMAP FIN Stealth scan"
add chain=input protocol=tcp tcp-flags=fin,syn
action=add-src-to-address-list address-list="port scanners"
address-list-timeout=2w comment="SYN/FIN scan"
add chain=input protocol=tcp tcp-flags=syn,rst
action=add-src-to-address-list address-list="port scanners"
address-list-timeout=2w comment="SYN/RST scan"
add chain=input protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack
action=add-src-to-address-list address-list="port scanners"
address-list-timeout=2w comment="FIN/PSH/URG scan"
add chain=input protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg
action=add-src-to-address-list address-list="port scanners"
address-list-timeout=2w comment="ALL/ALL scan"
add chain=input protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
action=add-src-to-address-list address-list="port scanners"
address-list-timeout=2w comment="NMAP NULL scan"

Kemudian anda bisa drop IP tersebut :

add chain=input src-address-list="port scanners" action=drop comment="dropping port scanners" disabled=no

Dengan cara yang sama, anda bisa drop port scanner dalam chain forward, ganti kode diatas dengan “chain=forward”.

search terms
mikrotik menghindari ip scanning (2)cara scan ip di mikrotik (2)block port scanner di mikrotik (2)memblokir nmap dan port scanner di mikrotik (1)mencegah port scanner dengan mikrotik (1)anti port scan di mikrotik (1)mikrotik psd (1)pencegahan port scanning (1)scanning port dan blokir website (1)firewall mikrotik portscanner (1)cegah port scanning mikrotik (1)blok port scanner mikrotik (1)blok port scaner mikrotik (1)blok ip scan dari mikrotik (1)block scanner ports di mikrotik (1)block port scanning mikrotik (1)anti scanning (1)what is psd mikrotik (1)

Related Posts

Categories : Firewall
  • eddy

    mas rule diatas tuh nanti bagi IP yg terdeteksi port scanner dimikrotik akan otomatis membt adress list. dengan nama “port scanners” trus didrop yah.

    awalnya saya kira kita membt daftar adress listnya sendiri. cmiiw.

Jasa Instalasi Freelance

Artikel Baru

Kategori

Komersial Corner

Artikel Populer