hi
im begginer with networking, and for some time i would like to protect pptp vpn server on my router from brute force attacks
after several attempts i didnt find any solution on net, so i decide to write my own (actually i use some examples for different brute force prevention and make my own)
here it is (just a part for pptp):
/ip firewall filter
add action=drop chain=input comment=“pptp brute force drop 1/4 - complete comunication DROP” disabled=no
src-address-list=pptp_blacklist_DROP
add action=add-dst-to-address-list address-list=pptp_blacklist_DROP address-list-timeout=10m chain=output comment=“pptp brute force drop 2/4”
content=“bad username or password” disabled=no dst-address-list=pptp_blacklist_stage_2 protocol=gre
add action=add-dst-to-address-list address-list=pptp_blacklist_stage_2 address-list-timeout=1m chain=output comment=“pptp brute force drop 3/4”
content=“bad username or password” disabled=no dst-address-list=pptp_blacklist_stage_1 protocol=gre
add action=add-dst-to-address-list address-list=pptp_blacklist_stage_1 address-list-timeout=1m chain=output comment=“pptp brute force drop 4/4”
content=“bad username or password” disabled=no protocol=gre
for beginers like me, these rules go up in firewall rules, and on 1st try to establish pptp vpn connection with wrong username or password , stage_1 list is created , on second try stage_2 is created, and on 3rd time final list is created from which all communication from ‘attacker’ ip address is dropped, no more try’s, final list will expire in 10 minutes, so after 10 minutes attacker is ready to try to break in again
this is ‘working’ version of my rules, final list timeouts will be longer later. pptp vpn is mandatory for me because of unexpirienced users
i would like to hear what expirienced mikrotik users have to say, is it bad or it make sense to protect pptp vpn this way
thank you for your comments