Hello!

It seems my mikrotik router is under a brute force attack. When I take a look to the /log I see several lines like the following: (a lot of them actually, one every 30 seconds)

"Oct/04/2016 09:35:57 memory ssh, info auth timeout"

Yesterday I configured the recommendation of Mikrotik regarding "Bruteforce login prevention" (see wiki http://wiki.mikrotik.com/wiki/Bruteforc ... prevention).

But as I understand, SSH connections are not being established because the authorisation failure, so the filtering does not apply, no IP is added to the black-list and auth timeout messages keep appearing in the log.

My question is: how do I prevent this connection attempts? It is really annoying...

I changed my ssh port, but it is a matter of time "they" will find the new one and will continue the attack.

Hope someone can give me a clue, I think this would be really interesting for anyone with a network element under a public IP.

THANKS

no answer? i see the same on my log, but just one of my rb3011...

The real question is no sane admin will leave unrestricted access to a router from the Internet.

Best practice: prevent access completely to it from the internet, set up VPN access and allow only that.

If your router IP is not fixed, use IP > Cloud.