Hello.
Someone from several days trying to break into my router via telnet, he tried more than 300,000 times and he still tries. He tries to break into from more than twenty IPs. I use telnet sometimes so I don’t want to turn it off. Is it possible to allow only specific IPs to login?
Port knocking
mum.mikrotik.com/presentations/US10/discher.pdf
Just add the IP that you only want to allow in ip/services
http://wiki.mikrotik.com/wiki/Manual:IP/Services
But as mentioned above have a look at port knock. It’s a g8 solution.
Huge thanks. I have set allowed IPs in ip/services. I also have set a blockade in ip/firewall/filter, it looks like this:
/ip firewall filter
add action=drop chain=input comment="drop telnet brute forcers" dst-port=23 protocol=tcp src-address-list=telnet_blacklist
add action=add-src-to-address-list address-list=telnet_blacklist address-list-timeout=1w3d chain=input connection-state=new dst-port=23 protocol=tcp src-address-list=telnet_stage3
add action=add-src-to-address-list address-list=telnet_stage3 address-list-timeout=1m chain=input connection-state=new dst-port=23 protocol=tcp src-address-list=telnet_stage2
add action=add-src-to-address-list address-list=telnet_stage2 address-list-timeout=1m chain=input connection-state=new dst-port=23 protocol=tcp src-address-list=telnet_stage1
add action=add-src-to-address-list address-list=telnet_stage1 address-list-timeout=1m chain=input connection-state=new dst-port=23 protocol=tcp
Why do you even have telnet open? It’s an old and insecure protocol, you should only be using SSH.
This. Stop using unsecure protocols!