Community discussions

 
Kampfwurst
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 64
Joined: Mon Mar 24, 2014 2:53 pm

Detect pptp attack

Tue Aug 13, 2019 9:26 pm

HI,

I would like to detect the PPTP attacks from Bots and put them to a black list.

I tried it with the following rules.
6 ;;; detect PPTP attack
chain=input action=add-src-to-address-list connection-state=new connection-limit=4,32 protocol=tcp src-address-list=!black_list address-list=black_list address-list-timeout=1w dst-port=1723 dst-limit=3/1m,3,src-address/1m40s log=no
log-prefix="PPTP LOG"

7 ;;; drop PPTP Blacklist
chain=input action=drop src-address-list=black_list log=no log-prefix=""
I found very less information about the "Extra" in the firewall rules, I would like put the scr-address to the black list after 4 wrong authentications. Maybe someone can help with the settings or rules.

Chris.
 
mistry7
Forum Guru
Forum Guru
Posts: 1244
Joined: Tue Oct 13, 2009 11:57 am
Location: Germany

Re: Detect pptp attack

Wed Aug 14, 2019 9:02 am

Why you Are Using PPTP, it is outdated, and a Risk.
Why not L2tp with IPSec it is easy to Use as PPTP
 
Kampfwurst
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 64
Joined: Mon Mar 24, 2014 2:53 pm

Re: Detect pptp attack

Wed Aug 14, 2019 11:33 am

because i never had luck with the L2TP/IPsec with the mikrotik. In my mind its to complicated and with every new version something is not working. With the pptp i never had this problems.
 
mistry7
Forum Guru
Forum Guru
Posts: 1244
Joined: Tue Oct 13, 2009 11:57 am
Location: Germany

Re: Detect pptp attack

Wed Aug 14, 2019 12:29 pm

because i never had luck with the L2TP/IPsec with the mikrotik. In my mind its to complicated and with every new version something is not working. With the pptp i never had this problems.
Thats not true we use it on all sites, and it has no problems, most user problems are Firewall related.
PPtP is brocken and easy to hack, eG Apple has removed it form all devices
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 1239
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: Detect pptp attack

Wed Aug 14, 2019 2:37 pm

I did test out PPTP first, but are now running L2TP/IPSec PSK.
It could be using a certificate as well.

There are several tutorials on the net on how to set it up.

PPTP is a non encrypted tunnel, so no security at all. Do not use.
 
How to use Splunk to monitor your MikroTik Router

MikroTik->Splunk
 
 
Kampfwurst
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 64
Joined: Mon Mar 24, 2014 2:53 pm

Re: Detect pptp attack

Wed Aug 14, 2019 7:00 pm

Ok so i tried to set up L2TP with IPsec

I looks not so bad. I get my other router connectet over the "L2TP Client" under Interfaces. Under encoding is writen "cbc(aes) + hmac(sha1)" is this correct?
On my main side i use the hAP ac² with the IPsec hardware acceleration. The other side is using a RB941-2nD. There is not much traffic so that should be ok.

Who is online

Users browsing this forum: Bing [Bot] and 68 guests