REQ :: How to protect Router
RouterOS general discussion

12 posts   •   Page 1 of 1
proweb
newbie
 
Posts: 48
Joined: Sat Oct 08, 2005 10:04 pm

REQ :: How to protect Router

by proweb » Wed Nov 02, 2005 6:00 pm

How to setup Mikrotik to protect network router from some that i called hacker. Yesterday until now, some one try to in my router.
this is the log from mikrotik :

06:49:16 system,error,critical login failure for user mail from 65.82.89.30 via ssh
06:49:19 system,error,critical login failure for user mail from 65.82.89.30 via ssh
06:49:22 system,error,critical login failure for user mail from 65.82.89.30 via ssh
06:49:25 system,error,critical login failure for user client from 65.82.89.30 via ssh
06:49:28 system,error,critical login failure for user client from 65.82.89.30 via ssh
06:49:31 system,error,critical login failure for user client from 65.82.89.30 via ssh
06:49:34 system,error,critical login failure for user client from 65.82.89.30 via ssh
06:49:37 system,error,critical login failure for user client from 65.82.89.30 via ssh
06:49:40 system,error,critical login failure for user client from 65.82.89.30 via ssh
06:49:43 system,error,critical login failure for user support from 65.82.89.30 via ssh
06:49:46 system,error,critical login failure for user support from 65.82.89.30 via ssh
06:49:50 system,error,critical login failure for user support from 65.82.89.30 via ssh
06:49:53 system,error,critical login failure for user support from 65.82.89.30 via ssh
06:49:56 system,error,critical login failure for user support from 65.82.89.30 via ssh
06:50:04 system,error,critical login failure for user support from 65.82.89.30 via ssh
06:50:52 system,error,critical login failure for user richard from 65.82.89.30 via ssh
06:50:55 system,error,critical login failure for user richard from 65.82.89.30 via ssh
06:50:58 system,error,critical login failure for user richard from 65.82.89.30 via ssh
06:51:00 system,error,critical login failure for user richard from 65.82.89.30 via ssh
06:51:08 system,error,critical login failure for user richard from 65.82.89.30 via ssh
06:51:11 system,error,critical login failure for user richard from 65.82.89.30 via ssh
06:51:14 system,error,critical login failure for user linda from 65.82.89.30 via ssh


Please help my problem. Thanks...
and note, he came not from my IP network Private.

FredJ
just joined
 
Posts: 6
Joined: Mon Apr 04, 2005 1:18 am

by FredJ » Wed Nov 02, 2005 6:09 pm

Unfortunately these "attacks" are quite common today.
As the user "admin" is often used in these login attempts you should disable this user on your mikrotik systems and use a different user to administrate your routers. Of couse you should have already created such a user before trying to disable admin ;)

Another possibility would be to block ssh connections or disable ssh entirely... which in turn would mean that you would have to use non-encrypted connections to manage your router - which is a VERY VERY bad idea ;)

Third solution: disable ssh connections only on your internet connection and allow ssh from your private network or known IPs only.

But anyway you should rename your admin user just to be sure ;)

changeip
Forum Guru
Forum Guru
 
Posts: 3730
Joined: Fri May 28, 2004 5:22 pm

by changeip » Wed Nov 02, 2005 7:01 pm

Create another login thats admin, disable your admin user, and then move ssh from port 22 to something else.

Thx,
Sam

proweb
newbie
 
Posts: 48
Joined: Sat Oct 08, 2005 10:04 pm

how to set port 22 to swicth to another ports?

by proweb » Wed Nov 02, 2005 9:55 pm

how to set port 22 to swicth to another ports?
is it from firewall or nat?
please give the eassy solution. thanks.

to be honest, really i wanna redirect people come to my router to website like http://www.indosiar.com so they can't through or know my Mikrotik Router.
Please help me, i ' m trouble now...thanks

ebandrew
just joined
 
Posts: 21
Joined: Wed Apr 20, 2005 5:14 pm

by ebandrew » Wed Nov 02, 2005 10:06 pm

Change your administrator username.

-and-

Use the firewall to block out all incoming ssh except from your trusted ips/subnet.

I wouldn't recommend simply moving the ssh service to a different port, since anyone running nmap or similar port scanning software will quickly spot that ssh is running on a different port.

proweb
newbie
 
Posts: 48
Joined: Sat Oct 08, 2005 10:04 pm

How the rule sir...

by proweb » Thu Nov 03, 2005 4:30 am

ebandrew wrote:Change your administrator username.

-and-

Use the firewall to block out all incoming ssh except from your trusted ips/subnet.

I wouldn't recommend simply moving the ssh service to a different port, since anyone running nmap or similar port scanning software will quickly spot that ssh is running on a different port.



can you give the rule on firewall filter, coz I used Mikrotik 2.9.6. thanks, i really appreciate it.
My IP :
1. 203.73.210.82/24
2. 192.168.0.1/24
3. 172.12.14.1/24

thanks...

one question, how to input subnet with
sample : 0.0.0.0/24 is have subnet 255.255.255.0
and how about this : 0.0.0.0/29 ; 0.0.0.0/28; 0.0.0.0/30; 0.0.0.0/32
because i wanna blok all subnet except Ip register on my subnet to go to internet. Thanks

User avatar
sergejs
MikroTik Support
MikroTik Support
 
Posts: 6262
Joined: Thu Mar 31, 2005 3:33 pm
Location: Riga, Latvia

by sergejs » Thu Nov 03, 2005 9:50 am

for Router protect (information going directly to the Router), use folowing example:
http://www.mikrotik.com/docs/ros/2.9/ip ... t#6.38.3.1

To 'protect' (allow only trusted uses pass trough data) customer network you have to modify /ip firewall filter (chain=forward),
or configure ARP table by adding only know hosts to it, and set arp=reply-only for local interface.

contime
just joined
 
Posts: 23
Joined: Thu Sep 15, 2005 10:25 am

by contime » Thu Nov 03, 2005 11:32 am

change ssh service trusted ip subnet in IP > Services
default there 0.0.0.0/0 :wink:

mengong
just joined
 
Posts: 15
Joined: Sat Dec 11, 2004 3:58 am

Re: How the rule sir...

by mengong » Sat Nov 05, 2005 10:31 am

proweb wrote:
ebandrew wrote:one question, how to input subnet with
sample : 0.0.0.0/24 is have subnet 255.255.255.0
and how about this : 0.0.0.0/29 ; 0.0.0.0/28; 0.0.0.0/30; 0.0.0.0/32
because i wanna blok all subnet except Ip register on my subnet to go to internet. Thanks


0.0.0.0/29 = 255.255.255.248
0.0.0.0/28 = 255.255.255.240
0.0.0.0/30 = 255.255.255.252
0.0.0.0/32 = 255.255.255.255

User avatar
jager
Member Candidate
Member Candidate
 
Posts: 296
Joined: Mon Oct 31, 2005 3:44 am
Location: Sierra Leone

by jager » Sat Nov 05, 2005 1:50 pm

ebandrew wrote:Change your administrator username.

-and-

Use the firewall to block out all incoming ssh except from your trusted ips/subnet.

I wouldn't recommend simply moving the ssh service to a different port, since anyone running nmap or similar port scanning software will quickly spot that ssh is running on a different port.


I agree. This is the best solution.

proxy
Frequent Visitor
Frequent Visitor
 
Posts: 81
Joined: Wed Dec 15, 2004 2:18 am

by proxy » Sat Nov 05, 2005 2:31 pm

i had the problem too, u must disable the admin user, and if you don't use the SSH , u can disable it to , go to IP>Services .
i have disabled the ssh and i don't have any problems.

proweb
newbie
 
Posts: 48
Joined: Sat Oct 08, 2005 10:04 pm

How to Block user to share files in one networK?

by proweb » Tue Nov 08, 2005 12:31 am

How to Block user to share files in one networK? I want to set for clients can't access
file sharing in one network or disable. So they can't see the other clients file from one network.
Please give me the rules from firewall filter.
thanks before

12 posts   •   Page 1 of 1

Who is online

Users browsing this forum: Alright71, Holekm, Yahoo [Bot] and 37 guests

It is currently Mon Dec 22, 2014 1:34 pm