Good Days
i like newbee with mikrotic and like not native English speaker soo sorry for the broken in advantage
this Friday afternoon i experiment some uneasiness some anxiety something was not good but not knowing what
soo become to check everything in mi system and mi network and find this thing in the mikrotick logs
i know is my guilty for not securing correctly the mikrotic
but anyway whit dictionary attack they gonna die from hunger before guessing mi password
i think this was from the wannacrypt virux from the las week, somehow they pinpoint mi mikrotic 8291/tcp port espoused to the INTERNET an begin to attack it
any way i close the active services and set the winbox to only accept inside connections and the attack stop but
i don’t know i still fell the uneasiness like the attack is not stopped but just become invisible to the logs
soo i try i little experiment i set up a syslog-ng server in mi main server and set the mikrotic to send the logs there and its working but is not showing all the activity
i could only logins try by winbox and dhcp asigning ips to the network.
to check how much is logged iconnect remotely to mi server B in the other city and from that server of other factory Location i begin an Nmap scan of the ip with mi mikrotic
then check the logs but anything is logged from this little attack this mikrotic is not registering the nmap cheeking mi ports or is drooping them in other place
#########
now the question how i log all the incoming activite to check if someone its scaning mi ports or blind trying conecctions to mi open/closed ports ???
Good nigths Thanks for reading
