hi
how i can auto add ip of this failure request In firewall for 1 Hour ?
Aug/11/2021 22:33:07 pptp,info TCP connection established from 93.117.180.217
Aug/11/2021 22:33:08 pptp,ppp,error <318>: user test_au210253 authentication failed
this user test_au210253 not exist in serve
thanks
Why bother, the traffic is dropped.
Do you have a source address list to limit those with access…
No, I don’t have a special address to limit users
Any user can connect to the server from anywhere
And no limit should be created for all users
This Is Vpn Server
Unfortunately, RouterOS doesn’t provide any direct way how to handle this. There should be either built-in configurable anti-bruteforcer, or some on-login-failed event where you could add own script, but there’s neither.
I saw some scripts (use search and you should find something) that handle it by parsing logs and look for failed login attempts. It’s bad and even worse when you realize that required info (source address and info that login failed) is split between two lines with nothing directly linking them together (there can be several lines in between). Another approach is firewall-based, that looks for too many new connections from same address. It’s even worse, because it works with all connections, including those that log in successfully.