MikroTik

Community discussions
https://forum.mikrotik.com/

REQ :: How to protect Router

https://forum.mikrotik.com/viewtopic.php?t=5255

Page 1 of 1

REQ :: How to protect Router

Posted: Wed Nov 02, 2005 5:00 pm
by proweb
How to setup Mikrotik to protect network router from some that i called hacker. Yesterday until now, some one try to in my router.
this is the log from mikrotik :
06:49:16 system,error,critical login failure for user mail from 65.82.89.30 via ssh
06:49:19 system,error,critical login failure for user mail from 65.82.89.30 via ssh
06:49:22 system,error,critical login failure for user mail from 65.82.89.30 via ssh
06:49:25 system,error,critical login failure for user client from 65.82.89.30 via ssh
06:49:28 system,error,critical login failure for user client from 65.82.89.30 via ssh
06:49:31 system,error,critical login failure for user client from 65.82.89.30 via ssh
06:49:34 system,error,critical login failure for user client from 65.82.89.30 via ssh
06:49:37 system,error,critical login failure for user client from 65.82.89.30 via ssh
06:49:40 system,error,critical login failure for user client from 65.82.89.30 via ssh
06:49:43 system,error,critical login failure for user support from 65.82.89.30 via ssh
06:49:46 system,error,critical login failure for user support from 65.82.89.30 via ssh
06:49:50 system,error,critical login failure for user support from 65.82.89.30 via ssh
06:49:53 system,error,critical login failure for user support from 65.82.89.30 via ssh
06:49:56 system,error,critical login failure for user support from 65.82.89.30 via ssh
06:50:04 system,error,critical login failure for user support from 65.82.89.30 via ssh
06:50:52 system,error,critical login failure for user richard from 65.82.89.30 via ssh
06:50:55 system,error,critical login failure for user richard from 65.82.89.30 via ssh
06:50:58 system,error,critical login failure for user richard from 65.82.89.30 via ssh
06:51:00 system,error,critical login failure for user richard from 65.82.89.30 via ssh
06:51:08 system,error,critical login failure for user richard from 65.82.89.30 via ssh
06:51:11 system,error,critical login failure for user richard from 65.82.89.30 via ssh
06:51:14 system,error,critical login failure for user linda from 65.82.89.30 via ssh
Please help my problem. Thanks...
and note, he came not from my IP network Private.

Posted: Wed Nov 02, 2005 5:09 pm
by FredJ
Unfortunately these "attacks" are quite common today.
As the user "admin" is often used in these login attempts you should disable this user on your mikrotik systems and use a different user to administrate your routers. Of couse you should have already created such a user before trying to disable admin ;)

Another possibility would be to block ssh connections or disable ssh entirely... which in turn would mean that you would have to use non-encrypted connections to manage your router - which is a VERY VERY bad idea ;)

Third solution: disable ssh connections only on your internet connection and allow ssh from your private network or known IPs only.

But anyway you should rename your admin user just to be sure ;)

Posted: Wed Nov 02, 2005 6:01 pm
by changeip
Create another login thats admin, disable your admin user, and then move ssh from port 22 to something else.

Thx,
Sam

how to set port 22 to swicth to another ports?

Posted: Wed Nov 02, 2005 8:55 pm
by proweb
how to set port 22 to swicth to another ports?
is it from firewall or nat?
please give the eassy solution. thanks.

to be honest, really i wanna redirect people come to my router to website like http://www.indosiar.com so they can't through or know my Mikrotik Router.
Please help me, i ' m trouble now...thanks

Posted: Wed Nov 02, 2005 9:06 pm
by ebandrew
Change your administrator username.

-and-

Use the firewall to block out all incoming ssh except from your trusted ips/subnet.

I wouldn't recommend simply moving the ssh service to a different port, since anyone running nmap or similar port scanning software will quickly spot that ssh is running on a different port.

How the rule sir...

Posted: Thu Nov 03, 2005 3:30 am
by proweb
Change your administrator username.

-and-

Use the firewall to block out all incoming ssh except from your trusted ips/subnet.

I wouldn't recommend simply moving the ssh service to a different port, since anyone running nmap or similar port scanning software will quickly spot that ssh is running on a different port.

can you give the rule on firewall filter, coz I used Mikrotik 2.9.6. thanks, i really appreciate it.
My IP :
1. 203.73.210.82/24
2. 192.168.0.1/24
3. 172.12.14.1/24

thanks...

one question, how to input subnet with
sample : 0.0.0.0/24 is have subnet 255.255.255.0
and how about this : 0.0.0.0/29 ; 0.0.0.0/28; 0.0.0.0/30; 0.0.0.0/32
because i wanna blok all subnet except Ip register on my subnet to go to internet. Thanks

Posted: Thu Nov 03, 2005 8:50 am
by sergejs
for Router protect (information going directly to the Router), use folowing example:
http://www.mikrotik.com/docs/ros/2.9/ip ... t#6.38.3.1

To 'protect' (allow only trusted uses pass trough data) customer network you have to modify /ip firewall filter (chain=forward),
or configure ARP table by adding only know hosts to it, and set arp=reply-only for local interface.

Posted: Thu Nov 03, 2005 10:32 am
by contime
change ssh service trusted ip subnet in IP > Services
default there 0.0.0.0/0 :wink:

Re: How the rule sir...

Posted: Sat Nov 05, 2005 9:31 am
by mengong
one question, how to input subnet with
sample : 0.0.0.0/24 is have subnet 255.255.255.0
and how about this : 0.0.0.0/29 ; 0.0.0.0/28; 0.0.0.0/30; 0.0.0.0/32
because i wanna blok all subnet except Ip register on my subnet to go to internet. Thanks
0.0.0.0/29 = 255.255.255.248
0.0.0.0/28 = 255.255.255.240
0.0.0.0/30 = 255.255.255.252
0.0.0.0/32 = 255.255.255.255

Posted: Sat Nov 05, 2005 12:50 pm
by jager
Change your administrator username.

-and-

Use the firewall to block out all incoming ssh except from your trusted ips/subnet.

I wouldn't recommend simply moving the ssh service to a different port, since anyone running nmap or similar port scanning software will quickly spot that ssh is running on a different port.
I agree. This is the best solution.

Posted: Sat Nov 05, 2005 1:31 pm
by proxy
i had the problem too, u must disable the admin user, and if you don't use the SSH , u can disable it to , go to IP>Services .
i have disabled the ssh and i don't have any problems.

How to Block user to share files in one networK?

Posted: Mon Nov 07, 2005 11:31 pm
by proweb
How to Block user to share files in one networK? I want to set for clients can't access
file sharing in one network or disable. So they can't see the other clients file from one network.
Please give me the rules from firewall filter.
thanks before
All times are UTC+03:00
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/