Blocking Mikrotik From Scan Winbox and Neighbor

Embed Doc
Copy Link
Readcast
Collections

CommentGo Back

Download

Blocking Mikrotik from Scan Winbox andNeighbor

Sometimes the ISP or service provider is not too keen to protect theircustomer. Especially when the router protects customers who useRouterOS ™. By running IP>> Neighbor we can see the other mikrotikrouter physically connected to our router via our provider network.For that we can protect it with a variety of ways such as blocking scanof Winbox and our neighbor. Here is the easiest way:admin@mikrotik] interface bridge> filter printFlags: X – disabled, I – invalid, D – dynamic0 ;;; block discovery mikrotikchain=forward in-interface=ether1 mac-protocol=ip dst-port=5678ip-protocol=udp action=drop1 ;;; block discovery mikrotikchain=input in-interface=ether1 mac-protocol=ip dst-port=5678ip-protocol=udp action=drop2 ;;; block discovery mikrotikchain=output mac-protocol=ip dst-port=5678 ip-protocol=udpaction=drop3 ;;; block discovery mikrotikchain=input in-interface=ether1 mac-protocol=ip dst-port=8291ip-protocol=tcp action=drop4 ;;; block winbox mikrotikchain=forward in-interface=ether1 mac-protocol=ip dst-port=8291ip-protocol=tcp action=drop5 ;;; block request DHCPchain=input mac-protocol=ip dst-port=68 ip-protocol=udpaction=drop

of 00

Leave a Comment