Please add the ability for routers in a network to share address list.
For example I have all of my routers set to drop every thing on the input unless you are in my whitelist. I still log and have a staged list based on new connection attempts to ports 21,22,23,80,443,8291,8728,8729, If a cracker attempts to access my system and makes it to the blacklist on one of my devices I would like to share that blacklist with all the other routers in my network. I also have a rule that once you are in the black list on my BGP edge devices it will no longer forward traffic from your IP.
I am working on modifying my backup script to parse my blacklist then cat them together and upload them back to the routers.. but man that is kinda clunky when we know that the routers can a share list they do it all the time with OSPF, Ha Ha you can call this new feature CATD “Close All The Doors”.. LoL
Any way I am starting to see these guys getting smarter. For example they are starting to scan a block at a time and will hit each IP once try as many times as they can on that connection and move to the next IP when they reach the end of the prefix they just start at the top. This is so they don’t trigger any security measures I have had to extend my dynamic stage list to 48 hours as of lately to ensure I get these pricks in the black list.. So if my routers could share list then if they hit me 3 times any place in my network they would end up in the black list.
It would also be nice if Mikrotik would allow us to set the number of password attempts you get before ROS drops the connection.. I myself would like to set this to 1.
Sam