Un metoto semplice per bloccare le scansione delle porte sulla rete
/ip firewall filter
add action=add-src-to-address-list address-list=ddos2-attackers address-list-timeout=2h5m30s chain=forward comment=”INIZIO IDS” in-interface=INTERFACCIA_INTERNET log-prefix=MIAO protocol=tcp psd=7,2s,3,1 tcp-flags=syn
add action=jump chain=forward connection-state=new in-interface=INTERFACCIA_INTERNET jump-target=detected-ddos
add action=return chain=detected-ddos dst-limit=16,16,addresses-and-dst-port/100ms
add action=add-src-to-address-list address-list=ddos2-attackers address-list-timeout=5m10s chain=detected-ddos
add action=add-dst-to-address-list address-list=ddos2-targets address-list-timeout=5m10s chain=detected-ddos comment=”FINE IDS”
/ip firewall address-list
add address=ILTUOIPPUBBLICO list=ddos-attackers-Salvi
/ip firewall raw
add action=accept chain=prerouting dst-address-list=ddos2-targets src-address-list=ddos-attackers-Salvi
add action=drop chain=prerouting dst-address-list=ddos2-targets src-address-list=ddos2-attackers
a questo puoi aggiungere un blocco per ICMP spofing
/ip firewall filter
add action=accept chain=input limit=64,10:packet protocol=icmp
add action=drop chain=input protocol=icmp
Buon Lavoro