Hello all,
I have read through several posts that do similar things to what I want to do but have not been able to figure out a decent solution for what I need.
Basically, on all our routers we have the well known brute force prevention stuff found here http://wiki.mikrotik.com/wiki/Bruteforc ... prevention
What we would like to do is have all these routers combine their dynamic address list for these brute forcers on the edge routers, as we have the edge routers set to not forward any traffic from the brute force source ip downstream. So what would be the best solution to get this done? Is mikrotik scripting the way to go or should I use a linux box to reach out and exchange the address lists that I want? Also, I have not seen anybody want to synchronize a dynamic address list, does this complicate things? I know in a few cases while messing around it will ignore dynamic list unless you specifically specify it.
The forum post I was most interested in was this one http://forum.mikrotik.com/viewtopic.php?t=56167 but I'm not sure how to modify/change it to do specifically what I want.
Please let me know what you think, maybe I'm going about this all wrong.
Thanks in advance!
Synch Address-lists with Master Router
Last edited by omally01 on Thu Feb 16, 2017 2:17 am, edited 1 time in total.
Re: Synch Address-lists with Master Router
There is topic on this forum about blacklisting, You can use this or use it for Your own solution
Blacklist Filter update script
Blacklist Filter update script
Re: Synch Address-lists with Master Router
To synchronize address lists, although not for blacklisting, I use a DNS name based address list.
On a central DNS server I have some local name that expands to many A records, and the routers read this
name periodically and put the entries in a list. The poll frequency is controlled by the TTL of the DNS entry.
The DNS server dynamically updates the list according to my requirements.
On a central DNS server I have some local name that expands to many A records, and the routers read this
name periodically and put the entries in a list. The poll frequency is controlled by the TTL of the DNS entry.
The DNS server dynamically updates the list according to my requirements.
Re: Synch Address-lists with Master Router
Thank you for the replies, I will look into both of these options, had never considered the DNS idea.
As far as the Blacklist, have you found that it blocks the majority of brute force attacks? Perhaps I am over thinking it to have my own dynamic lists if most of that work has already been done for me elsewhere that I can just take advantage of.
Thanks again!
As far as the Blacklist, have you found that it blocks the majority of brute force attacks? Perhaps I am over thinking it to have my own dynamic lists if most of that work has already been done for me elsewhere that I can just take advantage of.
Thanks again!
Re: Synch Address-lists with Master Router
The blacklist will not guarantee that it will stop all or even one DDOS attack. It is daily updated based on recent events collected.
I have suggested to go DNS based delivery like Pe1chl is using and I also do. Thanks to Mikrotik that it works that way and it save a lot of work.
I have suggested to go DNS based delivery like Pe1chl is using and I also do. Thanks to Mikrotik that it works that way and it save a lot of work.
Who is online
Users browsing this forum: No registered users and 26 guests