Protection and security on your Mikrotik Device is very important to maintain the continuity of your computer network. Mainly to keep the Mikrotik device safe from hacker attacks. There is a simple way to Protect Mikrotik from Hacker Attacks by using the Port Knocking.

Port Knocking is one way to protect the Mikrotik Device of hacking such as brute force. It will block some port such as Telnet, Mac Telnet, SSH or Winbox, and only open access only to administrators. In this way network administrators can make changes to the settings on the router in safer way.

To get this thing done is to block Telnet port, Mac Telnet, SSH or Winbox. Then when administrators want to log in, they have to send ICMP / ping and port 80 / IP access router in the browser that the port is opened. So we will Prevent Hacker Attacks using Mikrotik Firewall.

Step-by-step Tutorial How to Prevent Hacker Attacks on Mikrotik Device using Port Knocking Technique :


1. Login via Winbox. Go to Menu IP –> Firewall –> Filter tab –> Add (+) rule.

2. On the General tab :

– Chain : input

– Protocol : icmp

3. On the Action Tab :

– Action : add src to address list

– Address List : ICMP

– Timeout : 00:01:00 (1 minute)

– Apply –> OK

4. The function of the filter rule above defined as each person who sends ICMP packets to a open port request is only valid for 1 minute, and then the IP will sent into the Source Address List in the Mikrotik Firewall.

5. Then we add a rule so that the router asks you to submit your request by using port 80 or to access the router’s ip on the web.

6. Add the second rule, on the General tab :

– Chain : input

– Protocol : tcp

– Dst. Port : 80

7. On the Advanced tab :

– Src. Address List : ICMP

8. Action tab :

– Action : add src to address list

– Address List : ICMP + HTTP

– Timeout : 00:01:00

9. Now we add the third rule so that Mikrotik can recognize admin’s IP address who send ICMP and Web request. This serves to open port SSH, Telnet and Winbox.

10. General tab :


– Chain : input

– Protocol : tcp

– Dst. Port : 80,22,8291

11. Advanced tab :

– Src. Address List : ! ICMP + HTTP

12. Action tab

– Action : drop

13. After all these rules are made, the composition of the rules should be like this:

14. Now let’s try to test the Port Knocking Firewall Rules. Close the Winbox –> Open Putty (SSH) –> login to Mikrotik via Putty. Then try login again via Winbox. The result is we can not login.

15. To be able to login, open CMD –> ping Mikrotik’s IP address –> Open Web Browser –> Access Mikrotik’s IP address via web browser.

16. Now we can try again to login via Winbox or Putty (SSH). The result is we can login to Mikrotik. Try to check into the address list (IP –> Firewall –> Address List tab). The IP address will be recorded in the list for 1 minute.

17. ATTENTION!! THIS IS IMPORTANT!!! Because our IP Address only recorded for 1 minute in the address list, we need to disable the last firewall filter rule. If we’re not disabling it, then after 1 minute the winbox will be disconnected.

18. After we are done configuring Mikrotik, before loging off, don’t forget to re-enable the third rule. This will turn the Port Knocking Firewall back on.

This Mikrotik Wiki Tutorial will help you to protect your Mikrotik Device from Hacker Attack. Feel free to ask a question if you find something difficult.


About the Author

Leave a Reply

Your email address will not be published. Required fields are marked *


6 + 8 =