Hi,
I am quite very new to mikrotik but so far I am loving it.
I have configured my network properly and everything is fine and well until just less than 24 hours, I started seeing attempted ssh log in from the router log. I don’t know much about firewall but when I created the hotspot network, firewall rules and NAT rules were created which I have been using and everything seems going fine but the log in attempts were still coming in but blocked by the firewall.
But just moment ago I noticed the network was slow and checking my interface, there is intense activities on the WAN interface but very little on my bridge and other LAN interfaces. I tried using TORCH to see what was going on after reading online only to see some strange IP addresses consuming the bandwidth and none from the internal network.
I have tried isolating all other users apart from my own system which is connected so I could verify and the activities still continue.
Please what could be the problem and how can I resolve it?
You most likely opened some service (dns, web proxy, socks) on router to whole world. Use torch again and see which protocol and ports the traffic uses. In any case, you’ll want to block it (in /ip firewall filter, input chain, WAN interface). The best is probably to block everything by default and only allow exceptions for stuff you want to have accessible.
Thanks for the reply. But DNS and the likes have to be enabled or is there a better way to go around it and get the services I need available to my LAN without any compromises?
(I am stil very new to mikrotik and on a low level when it comes to network security generally)
Thanks