How can I see the password (or hash for further study) under which they are trying to log in to my Mikrotik?

B

brar2020-11-25 14:37:07

Mikrotik

brar, 2020-11-25 14:37:07

login failure for user admin from bla-bla-bla via winbox

In the settings of topics (system - logging) I did not find anything that could be added for debugging).

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

D

Denis, 2020-11-25
@brar

Most likely there is no way through the logs, but you can use the built-in sniffer, tools->packet sniffer, set port 8291, if necessary, set up streaming and / or other parameters (for example, the ip / mac of the attacker) and go ahead.

K

Keffer, 2020-11-25
@Keffer

And you won't find it. All this is specially closed from mom's hackers. There is no debug there.

S

SagePtr, 2020-11-26
@SagePtr

Most likely, they try standard combinations like admin:admin. It
usually makes no sense to try different passwords (for a long time and the result is not guaranteed), if this is not a targeted attack specifically on you. It is much easier to scan all network addresses for routers on them and sort through standard combinations on each found, of which there are a small limited number. Well, maybe also the most common passwords like password and 123456.