Community discussions

 
User avatar
MarHazK
just joined
Topic Author
Posts: 22
Joined: Wed Mar 29, 2017 8:31 pm

Disallow unknown logins from internet access

Mon Apr 23, 2018 3:13 am

Hello,

How to block unknown logins (specific IP) from the internet to my winbox, telnet & ssh. This ip (118.101.53.152) keep retrying/brute force to login my routerOS since last week till now.

Thanks,

Best regards,
Marhazk
You do not have the required permissions to view the files attached to this post.
 
User avatar
CZFan
Forum Guru
Forum Guru
Posts: 1435
Joined: Sun Oct 09, 2016 8:25 pm
Location: South Africa, Randburg
Contact:

Re: Disallow unknown logins from internet access

Mon Apr 23, 2018 3:44 am

The question is do you "really" need acces to your router devices from Internet side? If not, then best is to disable these service from outside by creating a firewall rule on the input chain, protocol=top port=22, 23, 8192, etc in interface=wan action drop

Then in ip settings, you specify a local lan address that is allowed to access it from lan side.

Some possible nasties going around regarding this and being investigated by mikrotik, see posts of vulnerability
MTCNA, MTCTCE, MTCRE & MTCINE
 
User avatar
MarHazK
just joined
Topic Author
Posts: 22
Joined: Wed Mar 29, 2017 8:31 pm

Re: Disallow unknown logins from internet access

Mon Apr 23, 2018 5:24 am

yep, have to access from internet for backup-solution purposes.. normally i connect through PPTP but incase some "gateway/pptp ip/intranet" down, i have to use the public ip..
just wondering, how about if I change the services ports (22, 23, 8192) to the new ports (2222, 2223, 18192), is it possible to "them" to track it? in most cases what i meant..
 
2frogs
Long time Member
Long time Member
Posts: 540
Joined: Fri Dec 03, 2010 1:38 am

Re: Disallow unknown logins from internet access

Mon Apr 23, 2018 6:33 am

Changing ports will help with most. Using address-list and port knocker to limit access is even better.
 
yhfung
Member Candidate
Member Candidate
Posts: 142
Joined: Tue Nov 20, 2012 6:58 pm

Re: Disallow unknown logins from internet access

Mon Apr 23, 2018 7:23 am

In general, you have to disable all except ssh with other port number. Also the password should be strong enough to against hackers. It means the password should not be very simple. It may contains Upper and local case letters, numbers and symbols. The length should be at least 8 or more. For me I use 16-characters.

YH
 
pe1chl
Forum Guru
Forum Guru
Posts: 5920
Joined: Mon Jun 08, 2015 12:09 pm

Re: Disallow unknown logins from internet access

Mon Apr 23, 2018 10:44 am

yep, have to access from internet for backup-solution purposes.. normally i connect through PPTP but incase some "gateway/pptp ip/intranet" down, i have to use the public ip..
You really need to rethink that backup solution!
It is quite dangerous to leave your MikroTik open for management from outside.
Find some way to allow only a small set of IP addresses.
 
whitbread
Member Candidate
Member Candidate
Posts: 108
Joined: Fri Nov 08, 2013 9:55 pm

Re: Disallow unknown logins from internet access

Mon Apr 23, 2018 12:05 pm

You can restrict access per user to IP(-ranges). So you may allow access only to a restricted user only.

I would tend to think about using port knocking - easy to configure and use and pretty safe if you use a good port combination.
 
anav
Forum Guru
Forum Guru
Posts: 3113
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada

Re: Disallow unknown logins from internet access

Mon Apr 23, 2018 8:57 pm

Suggest use VPN to access the router from external and then use Winbox from the internal side only to do the rest.
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
 
User avatar
ochaconm
Trainer
Trainer
Posts: 28
Joined: Fri Feb 22, 2013 9:39 pm

Re: Disallow unknown logins from internet access

Mon Apr 23, 2018 10:17 pm

Changing the original ports to others will not prevent you from being exposed/hacked unless you also implement some kind of port scan firewall.

Any "serious" hacker will easily find the open ports, even if you change them.

My suggestion is, to connect through a VPN(Suggested IPSec, PPTP is vulnerable).

Who is online

Users browsing this forum: No registered users and 29 guests