Wed Dec 25, 2019 1:52 am
It's best to use VPN to manage your routers from outside, but if you don't want to, at least do these simple steps:
1) do not use default admin account, create new one with unique name and strong password and disable the original admin
2) change winbox port to a new one
This will help you greatly against basic bots looking for default port open and also bruteforcing or common password testing using default admin user name.
You still might be vulnerable in case new zero-day exploit is discovered, but having changed the port number, you will probably not be that quickly pwned.
Or even better:
3) search for "port knocking" on this forum on how to setup it so winbox port is closed unless you send a specific sequence of packets to router to open it for that one IP only. It's not as good as VPN but helps a lot to hide the port