If one looks at the logs - there a hundreds of attacks against the router per day.
it would be cool to be able to verify an ip adress against a centraly managed database (like spamhaus…) to block the adresses.
in first step one could block on own “mikrotik farm” but maybe mikrotik will act as a central database for DoS and SSH faild logins to block those adresses on “all mikrotik” who wish to be part of the web of trust.
Oliver
Why is your ssh open to the public?
Sent from my SCH-I545 using Tapatalk
Implement st least bruteforce attack firewall rules described on this forum if you want to keep ssh opened.
some simple port-knocking to get your IP in whitelist and use a router without script kiddie attacks.
It is not that ssh is my real problem - it is that i want those adresses blockt for everything like MAIL, HTTP…
And therefore it would be perfect if not all of us manage there own “bad boys list” but
if there would be a centraly managed adresslist witch blockes everybody witch does
brute-force attacks.
I’ve seen a while ago some firewall rules working on dynamic address lists, maybe is worth looking for them…
Or maybe block everything on input except your address list (office, allowed IPs). Restrictive firewalls are better!
cheers