I have a large guest network (Wi-Fi), that consists of Unifi APs and a Mikrotik Router as the gateway.
Recently I was alerted to winbox login attempts to the router from 3-4 Laptops on the network. Now I have the router setup to only accept logins from my IP on a management port, and have the firewall set to reject any attempts from the guest network, so I am not to worried about them getting in.
I got my hands on one of the laptops that has the virus(?), and after running several AV scans on it, I was unable to locating the program causing it.
I was able to see the logs roll in on the router while I had the laptop, and at that time I could hear the HDD in the laptop running, but by the time I got to resource monitor it had stopped.
Anyone know what is causing this? I tried searching, but maybe I was using the wrong terms. Let me know if you need more details.
Also if this is in the wrong section of the forum please let me know.