Hello everybody,
I have PPTP server enabled with a few user name set.
In the log I see the following at random time and random IP (mostly from china):
Log pptp, info - TCP connection established from
And here is the list of IPs for last 24 hours
112.193.88.167
175.184.153.152
110.241.68.223
183.69.220.53
183.60.48.25
99.229.71.133
There is no indication of usual authentication, encoding, connected, etc. from those IP
Do I have to worry about it?
Thank you,
Yuri
This happening the same.
But I do not have active service.
Tracking. 
You can copy list of all Chinese IP addresses ( http://www.ipdeny.com/ipblocks/data/countries/cn.zone ) create address list “Hit List” in Mikrotik and add a following firewall rule:
/ip firewall filter
add action=drop chain=input comment="Drop China" protocol=tcp src-address-list=HitList
All the traffic from chinese IP addresses will be dropped !! It is not nice and neat, but it works !!
regards
I Have This problem too!!
I have the same situation.
See the attached file, is the IP list a solution?
What about new IP’s ?
All,
Please this security threat issues needs to be given serious attention.
Is there a bug that Mikrotik tech team needs to fix?
I am having thesame issues and I don’t believe so many of us will be doing thesame thing wrong.
The strange thing is that you can see a trace of these IP addresses activities on your network.
I can only see a lot of packets out of my network.
How do we stop this security threat.
Thanks
This is not a bug.
The router accepts a connection - and the PPTP server logs this connection. (And frankly, there are way more connections coming in - not every one of which is logged. Here at work I have about 450k foreign and unwanted connection attemps a day (we have two /28 and one /27 subnets facing outside) - and about 10k a day at home).
So the only thing you can do about this is harden your router and lock it down against your WAN side(s).
Just my 2 cents,
-Chris