How to Protect Mikrotik from Hacker Attacks with Port Knocking

How to Protect Mikrotik from Hacker Attacks with Port Knocking

Protection and security on Mikrotik routers is very important to maintain the continuity of our computer network. Especially to protect the Mikrotik router from hacker attacks and irresponsible people. One way to protect Mikrotik from Hacker Attacks is to use Port Knocking.

Port Knocking is one way to protect the proxy router from hacking or brute force by blocking Telnet, Mac Telnet, SSH or Winbox, and only opening access for administrators. In this way the network administrator can make changes to the settings on the router more securely.

The trick is to block the Telnet port, Mac Telnet, SSH or Winbox and when the admin wants to do the configuration on the proxy, it must send ICMP / ping packets and also port 80 / access the router’s IP in the browser so that the port is opened. So we will Prevent Hacker Attacks with Mikrotik Firewall.

Here are the steps on how to protect Mikrotik from Hacker Attacks with Port Knocking:

1. Login to Mikrotik via Winbox. Go to IP Menu –> Firewall –> on the Filter tab –> Add (+) rule.

2. On the General tab:

  • Chain : input
  • Protocol : icmp

3. On the Actions tab:

  • Action : add src to address list
  • Address List : ICMP
  • Timeout : 00:01:00 (1 minute)
  • Apply –> OK
Intsall Foam Inside The Keyboards C...
Intsall Foam Inside The Keyboards Case

4. The above rule functions so that everyone who sends an ICMP packet for a request to open a port is only valid for 1 minute, and later the IP will enter the Address List in the Mikrotik Firewall.

5. We also add a rule so that the router asks you to send a request using port 80 or access the router’s ip on the web.

6. Add a second rule. On the General tab:

  • Chain : input
  • Protocol: tcp
  • Etc. Ports: 80

7. On the Advanced tab:

  • Src. Address List : ICMP

8. On the Actions tab:

  • Action : add src to address list
  • Address List : ICMP + HTTP
  • Timeout : 00:01:00

9. Now we add a third rule so that Mikrotik can recognize the IP admin who sends ICMP requests and sends Web requests that function to open SSH, Telnet and Winbox ports.

10. On the General tab:

  • Chain : input
  • Protocol: tcp
  • Etc. Ports : 80,22,8291

11. On the Advanced tab:

  • Src. Address List : ! ICMP + HTTP (Don’t forget to click the box until the “!”)

12. On the Actions tab

  • Action : drop

13. After all the rules are created, the arrangement of the rules is like this:

14. Now we try to test this Port Knocking rule. Close Winbox –> Open PuTTY (SSH) –> Login to Mikrotik via PuTTY. Also try logging in again via Winbox. The result we can not login.

15. So that we can login, open CMD –> to the Mikrotik IP address –> Open the web browser –> access Mikrotik IP via a web browser.

16. Now we try to login via Winbox or PuTTY (SSH). The result we can login. Try checking the address list (IP –> Firewall –> the Address List tab). Our IP will be recorded in the address list for 1 minute.

17. ATTENTION THIS IS IMPORTANT!!! Because our IP address is only recorded for 1 minute in the address list, so that we can still log in to Mikrotik, the last rule must be disabled first. If not, then after 1 minute winbox will disconnect.

18. After we finish configuring Mikrotik, before logging off Winbox, don’t forget to enable (enable) the third rule so that Port Knocking protection can run again.

Thus the Tutorial on How to Protect Mikrotik from Hacker Attacks with Port Knocking. Please try and apply on each Mikrotik to prevent Mikrotik Hacking.