Router getting attacked...?? (Vox & Mikrotik)

DrMac6969

New Member
Joined
Sep 8, 2020
Messages
9
What should one make of this scenario...? Looks like someone/something is trying to get into my router...

router.JPG
 

DrMac6969

New Member
Joined
Sep 8, 2020
Messages
9
Could it be the VPN? I did disable ssh and all the other unnecessary protocols for connecting to router.. Should one also then disable HTTP, which is basically disabling the webfig, thus you can only log on with Winbox?
router1.JPG

Not sure exactly what to do. It does look like an automated process... but the changing IP is rather interesting
 

MisterV

Well-Known Member
Joined
Oct 1, 2017
Messages
299
Could it be the VPN? I did disable ssh and all the other unnecessary protocols for connecting to router.. Should one also then disable HTTP, which is basically disabling the webfig, thus you can only log on with Winbox?
View attachment 1026872

Not sure exactly what to do. It does look like an automated process... but the changing IP is rather interesting
disable that web service, or specify your internal range if you want to access the mik through your browser. Its just best to disable it.
 

|tera|

Master of Messengers
Joined
Mar 31, 2006
Messages
25,906
They always are...by definition

However web/ssh authentication should only be enabled on the LAN port not WAN interface.

OP should fix that
These instructions should work.
To make it easier. Only on your internal (LAN) network will you be able to access your router.
Also. Change your WiFi Password. Scan for malware.
If you have some knowledge of Winbox, you'll be able to remove the devices too.
Adding them again (DHCP or static).
PC firewalls should be checked and on too.

That's basically how you can make sure it doesn't happen again.
Don't share WiFi details too casually. :)
 

HavocXphere

Honorary Master
Joined
Oct 19, 2007
Messages
33,155
These instructions should work.
To make it easier. Only on your internal (LAN) network will you be able to access your router.
Also. Change your WiFi Password. Scan for malware.
If you have some knowledge of Winbox, you'll be able to remove the devices too.
Adding them again (DHCP or static).
PC firewalls should be checked and on too.

That's basically how you can make sure it doesn't happen again.
Don't share WiFi details too casually. :)
I'd probably reset the router to default config too if it has ever been accepting incoming authentication from the intertubes (copy down pppoe details first)

I've also learned to configure routers without plugging in the WAN (internet facing) side. I've literally had configs that got the ports switched (!!!) and by default open up internet side with default password but not Lan side. Leaving me very frustrated as to why I can't get in from lan side. Nobody thinks of that as a possibility but apparently it is a thing
 

|tera|

Master of Messengers
Joined
Mar 31, 2006
Messages
25,906
I'd probably reset the router to default config too if it has ever been accepting incoming authentication from the intertubes (copy down pppoe details first)

I've also learned to configure routers without plugging in the WAN (internet facing) side. I've literally had configs that got the ports switched (!!!) and by default open up internet side with default password but not Lan side. Leaving me very frustrated as to why I can't get in from lan side. Nobody thinks of that as a possibility but apparently it is a thing
Weird stuff there.
I've also managed to lock myself out of a Mikrotik once. I took a LAN cable and connected it to each port until I found a working one. (edit: all ports stopped working after I made a port change).

It wouldn't have been much work to restore since I do backups of the config regularly. The issue is. If that config is stuffed, starting from scratch is the only way, as you've said.
 

Moto Guzzi

Expert Member
Joined
Apr 24, 2004
Messages
1,748
Will Wireless MAC adress listed enabled work(Wireless Access Control), only access from listed by mac adresses-?
 

gregmcc

Honorary Master
Joined
Jun 29, 2006
Messages
24,501
You should add an allow list so you can only logon from your local network. Management traffic to the device from the Internet should be dropped.
 
Top