Hello!
It seems my mikrotik router is under a brute force attack. When I take a look to the /log I see several lines like the following: (a lot of them actually, one every 30 seconds)
“Oct/04/2016 09:35:57 memory ssh, info auth timeout”
Yesterday I configured the recommendation of Mikrotik regarding “Bruteforce login prevention” (see wiki http://wiki.mikrotik.com/wiki/Bruteforce_login_prevention).
But as I understand, SSH connections are not being established because the authorisation failure, so the filtering does not apply, no IP is added to the black-list and auth timeout messages keep appearing in the log.
My question is: how do I prevent this connection attempts? It is really annoying…
I changed my ssh port, but it is a matter of time “they” will find the new one and will continue the attack.
Hope someone can give me a clue, I think this would be really interesting for anyone with a network element under a public IP.
THANKS