Community discussions

MikroTik App
 
rfritz80
just joined
Topic Author
Posts: 24
Joined: Wed Jan 17, 2018 9:17 pm

Warning BotNet Attacks! Noticing These IP's! Suggest blocking them!

Tue Aug 07, 2018 3:41 am

Hello everyone,

I been keeping tabs on what has been going on with these botnet attacks and I took notice to my Mikrotik routers, I wanted to let you all know about these IP addresses that I found in my Logs in my Router OS. IP Addresses: 185.153.198.228 and 183.131.109.25,
These two IP address have been attempting to get into the router via by winbox, when I look over the log information it says what kind of user was trying to get in, adm1n1start0r, mkdude, rj1tn3tw0rks, captivate, installer, noc, VWSAdmin, service, scurtis, field. I believe these are the botnets trying to get there machines to install the malicous ware content onto the Winbox, with brute force attacks, I went ahead and blocked them, and I suggest doing the same, blocking these two IP addresses.

I would like to know if anyone else is seeing these IP addresses or similar IP addresses trying to attack your Router, I know together we can all figure this out and bring this non-senseless attacks to a halt.
 
IntrusDave
Forum Guru
Forum Guru
Posts: 1290
Joined: Fri May 09, 2014 4:36 am
Location: Rancho Cucamonga, CA

Re: Warning BotNet Attacks! Noticing These IP's! Suggest blocking them!

Tue Aug 07, 2018 8:03 am

Just an FYI - my blacklist service has been locking those IP's for a few months now.
You can check out the development topic here: viewtopic.php?f=9&t=136666

The botnets attacking MikroTik routers is in the smaller Priority 1 list
David Joyce
Network & Security Engineer
Intrus Technologies, LLC.
Rancho Cucamonga, CA, USA
 
R1CH
Forum Veteran
Forum Veteran
Posts: 928
Joined: Sun Oct 01, 2006 11:44 pm

Re: Warning BotNet Attacks! Noticing These IP's! Suggest blocking them!

Tue Aug 07, 2018 2:12 pm

If the bots are even able to try to log in, this means you are exposing winbox / SSH to the internet, and your router will be compromised when the next exploit is found. Any router that has open ports to the internet is not secure according to Mikrotik.

Who is online

Users browsing this forum: dalami, ealeksejev, Kindis, ToMikaa87 and 92 guests