Community discussions

MikroTik App
 
proweb
newbie
Topic Author
Posts: 43
Joined: Sat Oct 08, 2005 10:04 pm

REQ :: How to protect Router

Wed Nov 02, 2005 5:00 pm

How to setup Mikrotik to protect network router from some that i called hacker. Yesterday until now, some one try to in my router.
this is the log from mikrotik :
06:49:16 system,error,critical login failure for user mail from 65.82.89.30 via ssh
06:49:19 system,error,critical login failure for user mail from 65.82.89.30 via ssh
06:49:22 system,error,critical login failure for user mail from 65.82.89.30 via ssh
06:49:25 system,error,critical login failure for user client from 65.82.89.30 via ssh
06:49:28 system,error,critical login failure for user client from 65.82.89.30 via ssh
06:49:31 system,error,critical login failure for user client from 65.82.89.30 via ssh
06:49:34 system,error,critical login failure for user client from 65.82.89.30 via ssh
06:49:37 system,error,critical login failure for user client from 65.82.89.30 via ssh
06:49:40 system,error,critical login failure for user client from 65.82.89.30 via ssh
06:49:43 system,error,critical login failure for user support from 65.82.89.30 via ssh
06:49:46 system,error,critical login failure for user support from 65.82.89.30 via ssh
06:49:50 system,error,critical login failure for user support from 65.82.89.30 via ssh
06:49:53 system,error,critical login failure for user support from 65.82.89.30 via ssh
06:49:56 system,error,critical login failure for user support from 65.82.89.30 via ssh
06:50:04 system,error,critical login failure for user support from 65.82.89.30 via ssh
06:50:52 system,error,critical login failure for user richard from 65.82.89.30 via ssh
06:50:55 system,error,critical login failure for user richard from 65.82.89.30 via ssh
06:50:58 system,error,critical login failure for user richard from 65.82.89.30 via ssh
06:51:00 system,error,critical login failure for user richard from 65.82.89.30 via ssh
06:51:08 system,error,critical login failure for user richard from 65.82.89.30 via ssh
06:51:11 system,error,critical login failure for user richard from 65.82.89.30 via ssh
06:51:14 system,error,critical login failure for user linda from 65.82.89.30 via ssh
Please help my problem. Thanks...
and note, he came not from my IP network Private.
 
FredJ
just joined
Posts: 6
Joined: Mon Apr 04, 2005 1:18 am

Wed Nov 02, 2005 5:09 pm

Unfortunately these "attacks" are quite common today.
As the user "admin" is often used in these login attempts you should disable this user on your mikrotik systems and use a different user to administrate your routers. Of couse you should have already created such a user before trying to disable admin ;)

Another possibility would be to block ssh connections or disable ssh entirely... which in turn would mean that you would have to use non-encrypted connections to manage your router - which is a VERY VERY bad idea ;)

Third solution: disable ssh connections only on your internet connection and allow ssh from your private network or known IPs only.

But anyway you should rename your admin user just to be sure ;)
 
changeip
Forum Guru
Forum Guru
Posts: 3830
Joined: Fri May 28, 2004 5:22 pm

Wed Nov 02, 2005 6:01 pm

Create another login thats admin, disable your admin user, and then move ssh from port 22 to something else.

Thx,
Sam
 
proweb
newbie
Topic Author
Posts: 43
Joined: Sat Oct 08, 2005 10:04 pm

how to set port 22 to swicth to another ports?

Wed Nov 02, 2005 8:55 pm

how to set port 22 to swicth to another ports?
is it from firewall or nat?
please give the eassy solution. thanks.

to be honest, really i wanna redirect people come to my router to website like http://www.indosiar.com so they can't through or know my Mikrotik Router.
Please help me, i ' m trouble now...thanks
 
ebandrew
just joined
Posts: 21
Joined: Wed Apr 20, 2005 5:14 pm

Wed Nov 02, 2005 9:06 pm

Change your administrator username.

-and-

Use the firewall to block out all incoming ssh except from your trusted ips/subnet.

I wouldn't recommend simply moving the ssh service to a different port, since anyone running nmap or similar port scanning software will quickly spot that ssh is running on a different port.
 
proweb
newbie
Topic Author
Posts: 43
Joined: Sat Oct 08, 2005 10:04 pm

How the rule sir...

Thu Nov 03, 2005 3:30 am

Change your administrator username.

-and-

Use the firewall to block out all incoming ssh except from your trusted ips/subnet.

I wouldn't recommend simply moving the ssh service to a different port, since anyone running nmap or similar port scanning software will quickly spot that ssh is running on a different port.

can you give the rule on firewall filter, coz I used Mikrotik 2.9.6. thanks, i really appreciate it.
My IP :
1. 203.73.210.82/24
2. 192.168.0.1/24
3. 172.12.14.1/24

thanks...

one question, how to input subnet with
sample : 0.0.0.0/24 is have subnet 255.255.255.0
and how about this : 0.0.0.0/29 ; 0.0.0.0/28; 0.0.0.0/30; 0.0.0.0/32
because i wanna blok all subnet except Ip register on my subnet to go to internet. Thanks
 
User avatar
sergejs
MikroTik Support
MikroTik Support
Posts: 6695
Joined: Thu Mar 31, 2005 3:33 pm
Location: Riga, Latvia
Contact:

Thu Nov 03, 2005 8:50 am

for Router protect (information going directly to the Router), use folowing example:
http://www.mikrotik.com/docs/ros/2.9/ip ... t#6.38.3.1

To 'protect' (allow only trusted uses pass trough data) customer network you have to modify /ip firewall filter (chain=forward),
or configure ARP table by adding only know hosts to it, and set arp=reply-only for local interface.
 
contime
just joined
Posts: 23
Joined: Thu Sep 15, 2005 10:25 am

Thu Nov 03, 2005 10:32 am

change ssh service trusted ip subnet in IP > Services
default there 0.0.0.0/0 :wink:
 
mengong
just joined
Posts: 15
Joined: Sat Dec 11, 2004 2:58 am

Re: How the rule sir...

Sat Nov 05, 2005 9:31 am

one question, how to input subnet with
sample : 0.0.0.0/24 is have subnet 255.255.255.0
and how about this : 0.0.0.0/29 ; 0.0.0.0/28; 0.0.0.0/30; 0.0.0.0/32
because i wanna blok all subnet except Ip register on my subnet to go to internet. Thanks
0.0.0.0/29 = 255.255.255.248
0.0.0.0/28 = 255.255.255.240
0.0.0.0/30 = 255.255.255.252
0.0.0.0/32 = 255.255.255.255
 
User avatar
jager
Trainer
Trainer
Posts: 295
Joined: Mon Oct 31, 2005 2:44 am
Location: Germany
Contact:

Sat Nov 05, 2005 12:50 pm

Change your administrator username.

-and-

Use the firewall to block out all incoming ssh except from your trusted ips/subnet.

I wouldn't recommend simply moving the ssh service to a different port, since anyone running nmap or similar port scanning software will quickly spot that ssh is running on a different port.
I agree. This is the best solution.
 
proxy
Frequent Visitor
Frequent Visitor
Posts: 82
Joined: Wed Dec 15, 2004 1:18 am

Sat Nov 05, 2005 1:31 pm

i had the problem too, u must disable the admin user, and if you don't use the SSH , u can disable it to , go to IP>Services .
i have disabled the ssh and i don't have any problems.
 
proweb
newbie
Topic Author
Posts: 43
Joined: Sat Oct 08, 2005 10:04 pm

How to Block user to share files in one networK?

Mon Nov 07, 2005 11:31 pm

How to Block user to share files in one networK? I want to set for clients can't access
file sharing in one network or disable. So they can't see the other clients file from one network.
Please give me the rules from firewall filter.
thanks before

Who is online

Users browsing this forum: Bing [Bot], rogerioqueiroz and 102 guests