+1 (506) 500-5957 sales@monovm.com Get US VPS for 50% OFF!

How to block port scanner in MikroTik [Prevent Port Scanning]

With pictures integrated with the article we will show you step by step on how to block the port scanners from your MikroTik operating system.

Posted: 17 Mar, 19 Updated: 14 Dec, 21 by Oliver K 1 Min

Some applications or sites can scan your MikroTik operating system and gain detailed reports about the ports in use (or free). In order to avoid these reports, we should know those IPs and block them. Follow the steps below to add specific regulations to drop these connections.

  • At first, we should know what type of connections are used for scanning. For this, we add a rule to detect the IPs. Open IP> firewall and select the “filter rules” tab and click on “+”. In the opened window select chain as “input” and for protocol type, set on “6(TCP)”. Switch to the action tab and select the action method to “add src to address list”. Then enter a name for the address list field or select from the available.


1
2

  • In the step above we learned to add port scanners, IPs to the list. In this step, we should drop all these IPs. To do this action, click on IP>firewall, and in the filter rules tab, click on “+” icon. Select chain as input and go to the advanced tab. select your IP list name in the “Src. Address List” and at the end click on the action tab and select action as a drop.


3
4
5

People are also reading:

Oliver K

Oliver K

I’m Oliver k. I have MS degree in Computer Engineering. For nearly 5 years that I have been working on web programing and also in last 2 years I have worked on windows and Linux VPS. This is my honor to share my experiences with a new community.

user monovm

Sanan

2020, May, 20

This would add basically every IP connecting to your router to the list. You don't mention anything about thresholds.

user monovm

GB

2020, May, 20

Hello, I did these rules and it seems I lock myself out.

user monovm

Ecnival

2020, Jun, 20

It is exactly how Sanan mentioned. ALL traffic going through 6 (tcp) will be added to the list. Even streaming a video on Netflix would get you automatically added to the Scanner List. You can see where this is a problem, right? However, fear not, I added a link on how to do it. https://wiki.mikrotik.com/wiki/Drop_port_scanners