Router Security Attack on Ftp port

logger · June 8, 2011, 6:17am

We had a NAT rule listening on 21 port , we found that we are getting continuous attacks from one IP ( SPAM BOtnet) which is scanning and trying to brute force on port 21 .
We disabled the rule and blocked the 21 port , however in log we are still getting continuous message
echo: system,error,critical login failure for user Administrator from 89.107.69.16 via ftp
[admin@MikroTik] >

Please advice how can we stop this.

Regards

Toiletbowl · June 8, 2011, 6:39am

disable your port 21 in ip/services, hope this helps

bburley · June 8, 2011, 9:11am

Perhaps this will help.

http://wiki.mikrotik.com/wiki/Bruteforce_login_prevention_(FTP

yogii · June 8, 2011, 12:57pm

FIREWALL..

denied connection from black list IP. your router will be secure from their attack.