Community discussions

MikroTik App
 
kaptain1
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 66
Joined: Sun Jul 18, 2010 3:47 am

Accessing WinBox remotely

Fri Oct 01, 2010 6:44 pm

Good morning,

I opened a port number 8291 on my RB450G to access WinBox remotely, and I have "Secure Mode" box checked in Win-Box as well as the "lock symbol" in top right corner, but I have a few security related concerns:

1. Is this an acceptable way of accessing Mikrotik from outside? (just by opening a port) Any concerns?
2. Is my username/password encrypted when I connect?
3. Is WinBox traffic encrypted? Is it strong encryption, or weak?
4. This "Secure Mode" is it really secure? Or just a bit better than "plain text"?

Do I need to worry about anything? And is there a better/safer way to access Mikrotik via WinBox remotely?

Thank You
 
usmans
Member Candidate
Member Candidate
Posts: 114
Joined: Sun Aug 29, 2010 11:54 pm

Re: Accessing WinBox remotely

Fri Oct 01, 2010 11:00 pm

disable network discovery u will become more secure
sorry for bad english
 
fewi
Forum Guru
Forum Guru
Posts: 7734
Joined: Tue Aug 11, 2009 3:19 am

Re: Accessing WinBox remotely

Sat Oct 02, 2010 2:14 am

On Monday or Tuesday the slides from the 2010 US MUM will be posted here: http://wiki.mikrotik.com/wiki/MUM_2010_US

Steve Discher had a presentation on port knocking, and it's already up. You should take a look at it.
 
nirmal
newbie
Posts: 44
Joined: Fri May 24, 2013 10:15 am

Re: Accessing WinBox remotely

Wed Jul 31, 2013 8:54 am

where we can find the network discovery?

How to make IP access list? which means some of Particular Ip only it will be able to access like tht...
 
Zavi
newbie
Posts: 28
Joined: Thu Jul 05, 2012 1:02 pm
Location: Czech Republic

Re: Accessing WinBox remotely

Wed Jul 31, 2013 11:51 am

/ip neighbor discovery
and disable WAN port, this will stop RB from broadcasting, that it is on network.

If you need to set only one range or address, you can set it right in
/ip service edit winbox address
For more addresses or ranges use firewall and his address lists:
/ip firewall address-list
add list=winboxaccess address=192.168.2.0/24
add list=winboxaccess address=1.1.1.1
add list=winboxaccess address=2.2.2.2
...
/ip firewall filter add chain=input action=accept src-address-list=winboxaccess protocol=tcp dst-port=8291
Don't forget to move this rule above drop/reject rules!
You can do more advacned config such as port knocking with firewall and address lists too.
RB751G-2HnD & RB2011UiAS-2HnD-IN at home
 
nirmal
newbie
Posts: 44
Joined: Fri May 24, 2013 10:15 am

Re: Accessing WinBox remotely

Tue Aug 06, 2013 7:19 am

/ip service edit winbox address - I hope the above comment is working I believe. we will able to control the access with only defind IP's here.

Small dought:
/ip firewall address-list
add list=winboxaccess address=192.168.2.0/24
add list=winboxaccess address=1.1.1.1
add list=winboxaccess address=2.2.2.2
/ip firewall filter add chain=input action=accept src-address-list=winboxaccess protocol=tcp dst-port=8291

I dont thing so the firewall command will help for the secure access, kindly suggest us which one is good to control the mikrotik access control? My consecrate is it's should be able to access form all places, it should be able to access only from defined IP's?

for the above command , I have created the Management servers in the address-list, then I have written the rule in firewall & same time i made the accept for only Management server IP's & made drop for all but it didn't help to block the access. here with i attached config sheets . kindly help me, if this won't work what is the purpose to use this firewall comment.
You do not have the required permissions to view the files attached to this post.

Who is online

Users browsing this forum: No registered users and 64 guests