Script for Dropping FTP logging attempts

biohazard · September 4, 2009, 3:41pm

Hi all,

I have a Mikrotik 3.20 gateway, and behind it i have a FTP server in my local network.
Recently i have noticed that there are many logging attemts to my FTP server from a different IP address.
There are let say 5-6 attempt from a single IP address for an interval of 1-2 seconds.
I am trying to write a script that will checking my interface and if there are more then 2 retries for a second to port 21 the IP address has to be dropped.
But i got stucked since I am not very good yet in scripting.
So far i have this tiny code:

/ system script add name=“Ftp” source={

/tool torch vl0 src-address=0.0.0.0/0 dst-address=0.0.0.0/0 port=21 interval=1s do={
:local max
:set max ($max-retries-per-second/2)
:if ($max>2) do={
:/ip firewall filter add chain=forward dst-port=21 protocol=tcp action=drop
}
}
}

But i got something wrong probably, since last night there were again too many retries from a single IP and it was not dropped.
Can someone help me, please!

fewi · September 4, 2009, 4:19pm

http://wiki.mikrotik.com/wiki/Drop_port_scanners

Adjust that for FTP.

eakinasila · November 25, 2009, 6:09am

Ftp server wont work outside the internet? I have windowns xp and I try to install the ftp server, and we managed to connect to the Internet outside but I failed to get on my computer. I also try to set the router virtual servers, and we are still not able to get out of line. Please help me.

yahoo keyword tool ~ overture ~ traffic estimator ~ adwords traffic estimator

janisk · November 25, 2009, 7:27am

you have to forward ports 20 and 21 to your server and use passive mode in your ftp client when you connect to that ftp server. you will have to figure it out what you have to do on your windows box to allow connections to ftp server yourself thought.