V
V
Vsevolod Feoktistov2014-12-25 18:26:50
Computer networks
Vsevolod Feoktistov, 2014-12-25 18:26:50

Mikrotik and the number of connections for a certain period of time. How?

Gentlemen, good evening.
There is a certain router, costs RouterOS v6.x.
There is a pattern in l7p:
add name=login regexp="(GET|POST).*(\\/wp-login.php|\\/login.php|\\/admin\\/login)"
And there is a rule which adds the source to the address-list according to some criteria:
add action=add-src-to-address-list address-list=login address-list-timeout=10m chain=forward comment="Prevent password bruteforce" dst-port=80 layer7-protocol=login nth=100,10 protocol=tcp src-address-list=!trusted
The bottom line is that you need to make sure that there are no more than N packets that fall under the pattern in a period of time equal to M. Or N packets out of M must match the rule.
The first thing that came to mind was connection-limit. But it works very unknown.
Also, the current implementation works through the nth directive. But again, the numbers are selected by the "seems to work" method. It is not clear what kind of numbers, there is either no documentation, or it is implicitly interpreted by me.
Guys, has anyone implemented this on Mikrotik, can you tell me how?

Answer the question

In order to leave comments, you need to log in

1 answer(s)
F
Fess, 2015-11-17
@Fess

For history wiki.mikrotik.com/wiki/Bruteforce_login_prevention

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question