How to Install Anaconda and Create Python Environment

on
0

Block Port Scanner using Mikrotik

on
https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiJlkEvQ6R-MGew1JJZC41qqLwh1Y6RtqLy43MrRG_N70ykgeVoCw8tRi9JEkEECHidr2AEuT0qLrePIKP-CEOSOPhnjcABblczhVKdIeu8TNpNrnFrVMKdOKTBR93GJRk_4FfvjZLlfV0/s1600/Port-Scanner-Revo-Brain.jpg


Port scanning is the first step for hackers to find the open port from your network or server and it's very dangerous if you let them to scan your network without prevention. Even you change and hide your default port e.g. port 8008 for HTTP, they will find your port easily using port scanner software like Nmap, Angry Super Scanner, or Super Scan. When they find the open port on your network, they can move the other step like Bruteforce Attack to crack your username and password.

This below picture as an example when hacker know your port number and attack with brute force technique :
https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhi90VzUTuneoJMq04zZWaaq3xgbZMeRgTaz0Fj1VU-Y5RjKEEwBQ4QKPzMNcxP2hP3s8KchlvWJh96pWrC013NLDaRJfDhb2k7LGnWqDZftTsMgy7wdGHUk4AILGM8z-0Xq-PiWRMh5kk/s640/Capture.PNG

So, we don't want it be happen.
To make a prevention, we should create a firewall rules to block who is scanning your network and also we can record the IPs of hackers. Using this address list we can drop connection from those IP:

in /ip firewall filter

 add chain=input protocol=tcp psd=21,3s,3,1 action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="Port scanners to list " disabled=no

Next, we can detect port scanning from various combinations of TCP flags.

 add chain=input protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="NMAP FIN Stealth scan"  
 add chain=input protocol=tcp tcp-flags=fin,syn action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="SYN/FIN scan"  
 add chain=input protocol=tcp tcp-flags=syn,rst action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="SYN/RST scan"  
 add chain=input protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="FIN/PSH/URG scan"  
 add chain=input protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="ALL/ALL scan"  
 add chain=input protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="NMAP NULL scan"

Then, drop hackers packet data using :

 add chain=input src-address-list="port scanners" action=drop comment="dropping port scanners" disabled=no

And voila, they can not touch your network again, even just test ping your IP address :
https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh_oQvvoM3P_OkHTPBpaYRmCRLUabhgt6qtAyWfi9hBQRZPOTCxaQ3QsCPNntmIC7sWvybCE18tdN-XVUV6KSBKYkoE-q8fajYjv572rF5u7qS2PWLeMx2VwGXK0bF769_KGxEwyzLqW2U/s640/Capture.PNG

Comments

  1. Anonymous24 November 2015 at 23:31

    where do you get the last image? from which menu?

    ReplyDelete
  2. Kevin Eko Cahyo Nugroho25 November 2015 at 08:20

    You can see it on IP->FIrewall->Address Lists.

    Thank you for your visiting. :)

    ReplyDelete
  3. Anonymous18 November 2019 at 16:40

    Informative article. Thanks for sharing such an valuable article.this is best article .
    Epson scanner support
    Epson scanner customer service
    Epson scanner scanner number
    Epson scanner toll-free number

    ReplyDelete

Post a Comment

Please leave your comment politely and do not write a spam message.

Thank you. :)