System Critical error on Microtik Router posible Hacking atempt?

If you are going to have a public IP you are going to have script kiddies trying to brute force (on any router/device). There is scripts to block them. I just ignore it.

and it is Mikrotik.
 
If you are not using ssh or telnet I guess you could open a terminal and just ...


Code: 
/ip service disable telnet
/ip service disable ssh
 
dade said:
If you are not using ssh or telnet I guess you could open a terminal and just ...


Code: 
/ip service disable telnet
/ip service disable ssh
Click to expand...

I won't disable ssh completely since it might be handy for other things. Rater block it on interfaces other than your internal LAN interface. For example:

/ip firewall filter add chain=input action=drop protocol=tcp in-interface=!ether1 dst-port=22

Where ether1 is you internal LAN or allowed interface. That will block ssh traffic on all other interfaces. (Notice the !)

Make sure the rule is above any other "action=accept" rules you might have.
 
fixx said:
I won't disable ssh completely since it might be handy for other things. Rater block it on interfaces other than your internal LAN interface. For example:

/ip firewall filter add chain=input action=drop protocol=tcp in-interface=!ether1 dst-port=22

Where ether1 is you internal LAN or allowed interface. That will block ssh traffic on all other interfaces. (Notice the !)

Make sure the rule is above any other "action=accept" rules you might have.
Click to expand...

thanks ill keep in mind, but i don't think i will use ssh (yet) so ill disable it for now.

for interest sake Im assuming ssh is used for remoting into my router from outside my network?
 
You can also use ssh to log into your router's terminal. The terminal is where you enter commands like the format above from fixx's post. I suggest you limit ssh access to your local subnet only.
 
Hi There,
Implement the suggestions in the posts above as far as you possibly can to make it difficult for these people to get in.

Generally though they are trying to get in for bragging rights rather than malicious damage
.
Making it difficult means they will go and play somewhere else which is exactly what you want

Regards

Tim
 
isie said:
Hi Guys

I found the following on my router log this morning:
View attachment 58851[/url]
Click to expand...

Jip that is a hacking attempt. You should be able to block and ip address after x amount of failed attempts.

It looks like an script kiddy that found an dictionary attack for the first time.. THC Hydra i am guessing.

On that service port limit the ip addresses that is allowed to access it. If you are using it to access it via public ip address only allow south african assigned ip blocks to access it.
 
No hacking attempts last night :D

Question exactly how did my IP become public or was it some random dude randomly found my IP at that time.
I assumed our IP's change everyday so its a random thing?

Clearly - I am really not an expert on this stuff .
 
isie said:
No hacking attempts last night :D

Question exactly how did my IP become public or was it some random dude randomly found my IP at that time.
I assumed our IP's change everyday so its a random thing?

Clearly - I am really not an expert on this stuff .
Click to expand...

IP's only change if your internet drops then reconnects or you turn your router off for about 15 min then on again.
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X