Virus attack on the router

RouterOS General
1

Hello friends.
Faced with this problem, similar encountered a year ago.
From a computer running WIN7 (IP 192.168.210.21) from the local network the router is attacked. The computer is probably infected with a virus. Has anyone encountered such a problem? The AVG antivirus is up to date. Please advise how to cure where to look.

22:54:31 system,error,critical login failure for user  from 192.168.210.21 via telnet 
22:54:32 system,error,critical login failure for user admin from 192.168.210.21 via telnet 
22:54:33 system,error,critical login failure for user admin from 192.168.210.21 via telnet 
22:54:34 system,error,critical login failure for user admin from 192.168.210.21 via telnet 
22:54:36 system,error,critical login failure for user admin from 192.168.210.21 via telnet 
22:54:37 system,error,critical login failure for user  from 192.168.210.21 via telnet 
22:54:38 system,error,critical login failure for user  from 192.168.210.21 via telnet 
22:54:39 system,error,critical login failure for user MikroTikSystem from 192.168.210.21 via telnet 
22:54:40 system,error,critical login failure for user SolucTec from 192.168.210.21 via telnet 
22:54:41 system,error,critical login failure for user SolucTec from 192.168.210.21 via telnet 
22:54:42 system,error,critical login failure for user dircreate from 192.168.210.21 via telnet 
22:54:43 system,error,critical login failure for user EServicios from 192.168.210.21 via telnet 
22:54:45 system,error,critical login failure for user EServicios from 192.168.210.21 via telnet 
22:54:46 system,error,critical login failure for user admin from 192.168.210.21 via telnet 
22:54:47 system,error,critical login failure for user user from 192.168.210.21 via telnet 
22:54:48 system,error,critical login failure for user user from 192.168.210.21 via telnet 
22:54:49 system,error,critical login failure for user admin from 192.168.210.21 via telnet 
22:54:50 system,error,critical login failure for user root from 192.168.210.21 via telnet 
22:54:52 system,error,critical login failure for user root from 192.168.210.21 via telnet 
22:54:53 system,error,critical login failure for user sysadm from 192.168.210.21 via telnet 
22:54:54 system,error,critical login failure for user root from 192.168.210.21 via telnet 
22:54:55 system,error,critical login failure for user root from 192.168.210.21 via telnet 
22:54:56 system,error,critical login failure for user  from 192.168.210.21 via telnet 
22:54:57 system,error,critical login failure for user Admin from 192.168.210.21 via telnet 
22:54:58 system,error,critical login failure for user Admin from 192.168.210.21 via telnet 
22:54:59 system,error,critical login failure for user root from 192.168.210.21 via telnet 
22:55:00 system,error,critical login failure for user root from 192.168.210.21 via telnet 
22:55:02 system,error,critical login failure for user root from 192.168.210.21 via telnet 
22:55:03 system,error,critical login failure for user admin from 192.168.210.21 via telnet 
22:55:04 system,error,critical login failure for user admin from 192.168.210.21 via telnet 
22:55:05 system,error,critical login failure for user admin from 192.168.210.21 via telnet 
22:55:07 system,error,critical login failure for user admin from 192.168.210.21 via telnet 
22:55:08 system,error,critical login failure for user meo from 192.168.210.21 via telnet 
22:55:09 system,error,critical login failure for user Admin from 192.168.210.21 via telnet 
22:55:10 system,error,critical login failure for user Admin from 192.168.210.21 via telnet 
22:55:11 system,error,critical login failure for user guest from 192.168.210.21 via telnet 
22:55:12 system,error,critical login failure for user ubnt from 192.168.210.21 via telnet 
22:55:13 system,error,critical login failure for user ubnt from 192.168.210.21 via telnet 
22:55:14 system,error,critical login failure for user Administrator from 192.168.210.21 via telnet 
22:55:18 system,error,critical login failure for user admin from 192.168.210.21 via ftp 
22:55:19 system,error,critical login failure for user admin from 192.168.210.21 via ftp 
22:55:20 system,error,critical login failure for user admin from 192.168.210.21 via ftp 
22:55:21 system,error,critical login failure for user MikroTikSystem from 192.168.210.21 via ftp 
22:55:22 system,error,critical login failure for user SolucTec from 192.168.210.21 via ftp 
22:55:23 system,error,critical login failure for user dircreate from 192.168.210.21 via ftp 
22:55:24 system,error,critical login failure for user EServicios from 192.168.210.21 via ftp 
22:55:26 system,error,critical login failure for user admin from 192.168.210.21 via ftp 
22:55:27 system,error,critical login failure for user user from 192.168.210.21 via ftp 
22:55:28 system,error,critical login failure for user admin from 192.168.210.21 via ftp 
22:55:29 system,error,critical login failure for user root from 192.168.210.21 via ftp 
22:55:30 system,error,critical login failure for user sysadm from 192.168.210.21 via ftp 
22:55:31 system,error,critical login failure for user root from 192.168.210.21 via ftp 
22:55:32 system,error,critical login failure for user Admin from 192.168.210.21 via ftp 
22:55:33 system,error,critical login failure for user root from 192.168.210.21 via ftp 
22:55:34 system,error,critical login failure for user root from 192.168.210.21 via ftp 
22:55:35 system,error,critical login failure for user admin from 192.168.210.21 via ftp 
22:55:36 system,error,critical login failure for user admin from 192.168.210.21 via ftp 
22:55:37 system,error,critical login failure for user meo from 192.168.210.21 via ftp 
22:55:38 system,error,critical login failure for user Admin from 192.168.210.21 via ftp 
22:55:39 system,error,critical login failure for user guest from 192.168.210.21 via ftp 
22:55:40 system,error,critical login failure for user ubnt from 192.168.210.21 via ftp 
22:55:41 system,error,critical login failure for user Administrator from 192.168.210.21 via ftp 
22:55:42 system,error,critical login failure for user admin from 192.168.210.21 via ftp 
22:55:43 system,error,critical login failure for user admin from 192.168.210.21 via ftp 
22:55:44 system,error,critical login failure for user admin from 192.168.210.21 via ftp 
22:55:45 system,error,critical login failure for user vodafone from 192.168.210.21 via ftp 
22:55:46 system,error,critical login failure for user root from 192.168.210.21 via ftp 
22:55:47 system,error,critical login failure for user root from 192.168.210.21 via ftp 
22:55:48 system,error,critical login failure for user Administrator from 192.168.210.21 via ftp 
22:55:49 system,error,critical login failure for user root from 192.168.210.21 via ftp 
22:55:50 system,error,critical login failure for user root from 192.168.210.21 via ftp 
22:55:51 system,error,critical login failure for user root from 192.168.210.21 via ftp 
22:55:52 system,error,critical login failure for user root from 192.168.210.21 via ftp 
22:55:53 system,error,critical login failure for user root from 192.168.210.21 via ftp 
22:55:54 system,error,critical login failure for user root from 192.168.210.21 via ftp 
22:55:55 system,error,critical login failure for user admin from 192.168.210.21 via ftp 
22:55:56 system,error,critical login failure for user admin from 192.168.210.21 via ftp 
22:55:57 system,error,critical login failure for user root from 192.168.210.21 via ftp 
22:55:58 system,error,critical login failure for user root from 192.168.210.21 via ftp 
22:55:59 system,error,critical login failure for user root from 192.168.210.21 via ftp 
22:56:00 system,error,critical login failure for user root from 192.168.210.21 via ftp 
22:56:01 system,error,critical login failure for user root from 192.168.210.21 via ftp 
22:56:02 system,error,critical login failure for user admin from 192.168.210.21 via ftp 
22:56:03 system,error,critical login failure for user admin from 192.168.210.21 via ftp 
22:56:04 system,error,critical login failure for user admin from 192.168.210.21 via ftp 
22:56:05 system,error,critical login failure for user admin from 192.168.210.21 via ftp 
22:56:06 system,error,critical login failure for user root from 192.168.210.21 via ftp 
22:56:07 system,error,critical login failure for user root from 192.168.210.21 via ftp 
22:56:08 system,error,critical login failure for user Admin from 192.168.210.21 via ftp 
22:56:09 system,error,critical login failure for user root from 192.168.210.21 via ftp 
22:56:10 system,error,critical login failure for user admin from 192.168.210.21 via ftp 
22:56:11 system,error,critical login failure for user root from 192.168.210.21 via ftp 
22:56:12 system,error,critical login failure for user admin from 192.168.210.21 via ftp 
22:56:13 system,error,critical login failure for user root from 192.168.210.21 via ftp 
22:56:14 system,error,critical login failure for user admin from 192.168.210.21 via ftp 
22:56:15 system,error,critical login failure for user root from 192.168.210.21 via ftp 
22:56:16 system,error,critical login failure for user root from 192.168.210.21 via ftp 
22:56:17 system,error,critical login failure for user user from 192.168.210.21 via ftp 
22:56:18 system,error,critical login failure for user root from 192.168.210.21 via ftp
2

You could create an address list with specific IP addresses that can access the router either with winbox, telnet or SSH and exclude that IP from the allowed ones…
This would require a correct firewall configuration…

Also, you could set the allowed IPs under ip/services for ssh, telnet, winbox etc…

You could as well disable ftp and telnet if you do not use them or need them …

3

Thanks for the reply.
This I understand, but this computer is the only one in the router’s network, I connect to it via RDP.
The thing is that this list of logins I have already seen in another network about a year ago, someone is purposefully attacking ROS devices.

4

You need to provide a network diagram to better understand your situation.
Why are you RDPing into this PC?
Can access be better served by wireguard??

Why not team viewer or something else…

5

You’re running an OS 2.5 years out of extended support and wondering why you’re having security problems?


22:54:31 system,error,critical login failure for user from 192.168.210.21 via telnet

Telnet should be disabled, even on the LAN. It’s trivially snoopable.


I connect to it via RDP.

RDP has a long list of vulnerabilities. I assume all of those will be patched in current OSes, but I wouldn’t expect that of Windows 7. Since your average Windows 7 box runs as Administrator, once they’re in, they own the computer. Solution is nuke-and-pave.

6

Since this is your computer, reinstall it. You do not now what other problems you will get with it, since its already are infected.

To reach inn to your network wit RDP, you should use VPN from your external device.
Or you could use Portnocking. RDP port will only be open after a Portknock.

I do also monitor all port on my system. If anyone tries any port that are not open, they will be added to a block list for 24 hor.