You say "used legitimately"
Is opening 10th of connection to say to Port 22 in a second sound legitimate ? for me no ... am i right ?
Maybe in a big university lot of students do SSH but in AmprNet certianly no .. its ok to run probers lets say 1 connection a second ......
When I wanted to run Network monitor that do 5 pings every few minutes you all shouted on me not to do it (and my intention was to provide real time network map accessible by web to all the AMPRNET users to see which gateway is up and which no ... So how come that 10th of connection try in a second from same host to same destination consider "legitimate" ?
and this lead me to the second issue question
I want to put a dynamic black list in my router to block this incidents (of lets say more 10 connection from same host to same target in a second) for lets say an hour
I have mikrotik
Are there any experts that can tell me if that cen be done with Mikrotik or i need Celever firewall before it ?
Regared
Ronen - 4Z4ZQ
________________________________ From: 44Net 44net-bounces+ronenp=hotmail.com@hamradio.ucsd.edu on behalf of Brian Kantor Brian@UCSD.Edu Sent: Tuesday, May 23, 2017 3:51 AM To: AMPRNet working group Subject: Re: [44net] probbing and attacks on my router
(Please trim inclusions from previous messages) _______________________________________________ Many of these servers are used legitimately by researchers all around the world, so it's not practical to firewall them off from the outside world.