Page 1 of 1

MikroTik blacklists (IPv4/IPv6)

Posted: Mon Jul 08, 2019 10:07 pm
by HZsolt
Hello!

Which is the best MikroTik blacklist?

Examples:
https://pawelgrzes.pl/blog/mikrotik-blacklist
https://itexpertoncall.com/promotional/moab.html
http://www.squidblacklist.org/downloads.html
http://joshaven.com/resources/tricks/mi ... ress-list/
etc.

Where can I find free, uptodate IPv6 blacklist for MikroTik routers?

Re: MikroTik blacklists (IPv4/IPv6)

Posted: Fri Jul 12, 2019 2:02 pm
by R1CH
Depends what you want to blacklist. I've found from past experience that many blacklists are outdated and eventually block legitimate traffic, instead focus on securing your environment such that a blacklist of "bad IPs" is not needed.

Re: MikroTik blacklists (IPv4/IPv6)

Posted: Fri Jul 12, 2019 2:18 pm
by Jotne
I do agree with R1CH.
Using resource on securing your router and services are more important than using black list that are not up do date.
Change all admin users on all your exposed system (webserver etc)
Use long and complex password that are changed now and then.
Do not open admin function to your router form internet.
Use VPN if remote access is needed.

Also do log access to your system/router etc and look at the logs.

I have added a rule so that any who tries a port on my system that are not open, get blocked to all access for 24 hour to all ports.
Since this can block my self, I do use white list for my work, and can use port knock to add my self to white list.

+++

Re: MikroTik blacklists (IPv4/IPv6)

Posted: Fri Jul 12, 2019 3:01 pm
by pe1chl
I have added a rule so that any who tries a port on my system that are not open, get blocked to all access for 24 hour to all ports.
Since this can block my self, I do use white list for my work, and can use port knock to add my self to white list.
Please note that this can be insufficient. There are people out on the internet who send TCP SYN packets that appear to originate e.g. from 1.1.1.1
When you have such a rule on your system, it will block 1.1.1.1 for sure.
That can be a problem when you use that for DNS. Of course only when you use it for more than "new incoming trafic from xxxx" but usually people with the mindset to use a blocklist will sooner or later decide they need to block ALL traffic from that source AS SOON AS POSSIBLE so they put it in the raw table, and then they are in trouble,

Re: MikroTik blacklists (IPv4/IPv6)

Posted: Fri Jul 12, 2019 3:11 pm
by msatter
If you don't run any services that can reached from the outside you can drop all NEW traffic coming in on the WAN not even hitting connection tracking.

Dispite that, securing down you router is alway needed.