A port is what we call the endpoint of communication and is such a virtual point where a network connection starts and ends. Every port is software-based and always managed by an operating system of a powerful computer.
A Computer can use a single physical network connection to handle many incoming and outgoing requests by allowing a port number to each. The numbers start from 0 to 65535, which we know is a 16-bit number.
What is a port scan attack??
Port scan attack is an old method but the most widely used method used by cybercriminals or hackers. With the help of port scans, hackers basically find the weak point or open doors of a network and find out what information the ports are sending or receiving.
When a cybercriminal or hacker responds after sending a message to a port, it can detect whether the port is being used for and whether an organization is using active security, such as firewalls.
How to detect a port scan attack?
When you use a router or similar device, it has many open ports that you may not be aware of. Hackers identify those open ports and hack your system.
So, if you want to detect if someone is scanning your ports, you need to use any port scanner tool.
For this, you can use the MikroTik firewall.
To identify a port scan attack, you must first open the MikroTik router and go to the IP section, and select the firewall option. To select the firewall option, press the (+) option and go to the general option of filter rules and select forward in the chain option.
Then select TCP in the protocol a little below.
Finally, go to the Extra option on the right and turn on the PSD. On the PSD you will find some default values that you do not need to change.
After turning on the PSD for the forward in chain option, go to the Add src to address list of the Action and enter any name in the address list.
Now those who will try to scan your open ports will be taken to a source address list and you can detect them.
If someone tries to scan your open ports from within your network, go to filter rules and copy your forward action and go to the general section, and select input in the chain option. Then leave the rest of the options unchanged and press Apply and Ok.
How to prevent and block port scans attacks in the network?
If you want to prevent a port scan attack, you must detect a port scan attack.
To do this, you need to turn on the PSD (Port Scan Detection) for forward and input in the chain option.
Since the MikroTik firewall is the most popular and widely used, we will look at how to prevent port scan attacks with the help of the MikroTik firewall.
Now those who went to scan your open ports are in the source list and you have to drop them.
For this, you have to select Chain forward in the General section of the Filter Rules + option. Protocol ‘TCP’ must be selected.
Then in the SRC address list of the Advanced option on the left, you have to write the name that you wrote earlier in the address list.
Then go to the Action option on the left and select ‘Drop’. Then Apply and press Ok.
Now copy this action and go to the General option and select Input. Then leave everything else unchanged and press Apply and Ok. The same configuration will be set for Input.