Dear All,
Today when I saw log of mikrotik then I found that there was some activity from firewall at night timing which actually worried me because we don't work at night.
So please help me understand the log what exactly is the meaning for no.1 and no.2 as shown in attached pic.
Thanks in advance.

1. a TCP SYN packet, initiating a TCP connection to port 22 (SSH) of your router. Someone (maybe a bot) was trying to SSH on the MikroTik
2. Every DHCP lease has its time. It is specified in "lease-time" parameter of the server. Usually - 3 days. If a DHCP client doesn't refresh the lease for the time - the lease is deassigned. That happened in the logs .

1. a TCP SYN packet, initiating a TCP connection to port 22 (SSH) of your router. Someone (maybe a bot) was trying to SSH on the MikroTik
2. Every DHCP lease has its time. It is specified in "lease-time" parameter of the server. Usually - 3 days. If a DHCP client doesn't refresh the lease for the time - the lease is deassigned. That happened in the logs .

Hi dasiu,
Thanks for explaining this.
someone is trying to ssh my router, so is that bot came in my network? How to block such intrusions which is coming through ssh?
Should I disable ssh from my router?
Please help me.

Do you use SSH to access your router? If not best practice would be to disable the service.

Do you use SSH to access your router? If not best practice would be to disable the service.

Thanks fewi.
One more query I have related to upgradation of OS to v5.9, currently my winbox shows my version as v5.6.
After upgrade if anything goes wrong and I want to rollback to v5.6 with all previous configuration then how can I do that?
I have taken backup (Files>Backup).
Can u please tell me step by step process for taking MT RB450G router to its previous version (v5.6) and making it to working condition?
Thanks in advance.

Search is your friend, that and the manual available at the wiki.
http://wiki.mikrotik.com/wiki/Manual:Ro ... owngrading

Configuration does not change from version to version, just syntax sometimes. Though having a backup of the router is never a bad idea.

Do you use SSH to access your router? If not best practice would be to disable the service.

Hello,
I have disabled my ssh on mikrotik but still I can that firewall info is showing that someone is trying to login.
Now what should I do?
Screen shot is attached.
Thanks in advance.

Nothing. What else is there to do? There's nothing listening on the port anymore, and you can't stop the packet from arriving on your router port (unless you control the other end of the connection as well).

Someone is trying a key on the door to your house. You changed the door so there's no longer a lock at all, but he keeps trying a key. Unless you control the street and can keep him from touching the door at all there's not much else you can do, but there is also little point in worrying about someone using a key if there's no actual lock to put the key in.

Nothing. What else is there to do? There's nothing listening on the port anymore, and you can't stop the packet from arriving on your router port (unless you control the other end of the connection as well).

Someone is trying a key on the door to your house. You changed the door so there's no longer a lock at all, but he keeps trying a key. Unless you control the street and can keep him from touching the door at all there's not much else you can do, but there is also little point in worrying about someone using a key if there's no actual lock to put the key in.

Thanks Fewi...