Disallow unknown logins from internet access

MarHazK · April 23, 2018, 12:13am

Hello,

How to block unknown logins (specific IP) from the internet to my winbox, telnet & ssh. This ip (118.101.53.152) keep retrying/brute force to login my routerOS since last week till now.

Thanks,

Best regards,
Marhazk

CZFan · April 23, 2018, 12:44am

The question is do you “really” need acces to your router devices from Internet side? If not, then best is to disable these service from outside by creating a firewall rule on the input chain, protocol=top port=22, 23, 8192, etc in interface=wan action drop

Then in ip settings, you specify a local lan address that is allowed to access it from lan side.

Some possible nasties going around regarding this and being investigated by mikrotik, see posts of vulnerability

MarHazK · April 23, 2018, 2:24am

yep, have to access from internet for backup-solution purposes.. normally i connect through PPTP but incase some “gateway/pptp ip/intranet” down, i have to use the public ip..
just wondering, how about if I change the services ports (22, 23, 8192) to the new ports (2222, 2223, 18192), is it possible to “them” to track it? in most cases what i meant..

2frogs · April 23, 2018, 3:33am

Changing ports will help with most. Using address-list and port knocker to limit access is even better.

yhfung · April 23, 2018, 4:23am

In general, you have to disable all except ssh with other port number. Also the password should be strong enough to against hackers. It means the password should not be very simple. It may contains Upper and local case letters, numbers and symbols. The length should be at least 8 or more. For me I use 16-characters.

YH

pe1chl · April 23, 2018, 7:44am

You really need to rethink that backup solution!
It is quite dangerous to leave your MikroTik open for management from outside.
Find some way to allow only a small set of IP addresses.

whitbread · April 23, 2018, 9:05am

You can restrict access per user to IP(-ranges). So you may allow access only to a restricted user only.

I would tend to think about using port knocking - easy to configure and use and pretty safe if you use a good port combination.

anav · April 23, 2018, 5:57pm

Suggest use VPN to access the router from external and then use Winbox from the internal side only to do the rest.

ochaconm · April 23, 2018, 7:17pm

Changing the original ports to others will not prevent you from being exposed/hacked unless you also implement some kind of port scan firewall.

Any “serious” hacker will easily find the open ports, even if you change them.

My suggestion is, to connect through a VPN(Suggested IPSec, PPTP is vulnerable).