Answer the question
In order to leave comments, you need to log in
C
C
comradeRecky2021-03-25 10:44:56
comradeRecky, 2021-03-25 10:44:56
Ban addresses from the log of unsuccessful authorization attempts?
Good day to all.
There was such a situation: a certain phone from the DHCP range tries to log in to the gateway's web face every 10-15 seconds. Obviously, the phone is with some kind of rubbish. I go to Filter Rules and prescribe drops for this MAC.
Naturally, the solution is so-so. I would like to know how best to protect Mikrotik, dear soul, from such methods of enumeration inside the local area, and do you have any working ways to automate this?
4 answer(s)
@comradeRecky
@KonstantineZ
@karabanov
N
nApoBo3, 2021-03-25 @comradeRecky
1. Isolated control network.
2. When you try to access one of the unsafe ports (20,21,22,23,25,110,465,993,3389,5160,8291 add to taste) from any other networks, put it in the address list for a certain time (for example, a day)
3. All connections from the given address list we block.
K
Konstantin Zaitsev, 2021-03-25 @KonstantineZ
According to such initial data, I can suggest two ways:
- the script analyzes the log, looks for unsuccessful login attempts and blacklists
- read about port knocking
A
Alexander Karabanov, 2021-03-25 @karabanov
I recommend to read https://www.youtube.com/watch?v=wGDTWaDL8jc
There is also about fail2ban.
Similar questions
R
K
C
cckfnn2015-11-27 12:32:38
How to combine the Internet from different providers through mikrotik?
1Reply
A
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question