Community discussions

MikroTik App
 
OKNET
Member
Member
Topic Author
Posts: 350
Joined: Mon Jun 22, 2015 9:22 am

Automatically filter a rogue public IP

Thu Sep 09, 2021 7:47 pm

I have few rdp ports opened from wan to lan machines.
Looking to ip connections I've noted two public ip trying to connect (forcing?) to these ports/machines using many source ports
Is there a script to add these ip to filrewall filter (forward, drop) automatically after a number of connections or tries , as I have quickly (but anyway too lately) done ?
Thanks
 
User avatar
inteq
Member
Member
Posts: 402
Joined: Wed Feb 25, 2015 8:15 pm
Location: Romania

Re: Automatically filter a rogue public IP

Thu Sep 09, 2021 8:26 pm

1st: never ever open rdp to public.
Use a VPN or allow RDP port only for certain trusted static IPs or ddns
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Automatically filter a rogue public IP

Thu Sep 09, 2021 11:32 pm

Use anydesk!
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Automatically filter a rogue public IP

Thu Sep 09, 2021 11:40 pm

If correctly done, your computer on near future is under control of someone, without you know it,
because you can only block one IP after some try, but remote desktop for each try close connection after some failed login...
every bot on botnet, each with different IP, can try to hack your remote desktop without know passwords...
 
maigonis
Member Candidate
Member Candidate
Posts: 180
Joined: Sat Jul 20, 2019 8:16 pm

Re: Automatically filter a rogue public IP

Sat Sep 11, 2021 10:16 pm

1st: never ever open rdp to public.
Use a VPN or allow RDP port only for certain trusted static IPs or ddns
Second this, open ports are a bad ides.
 
OKNET
Member
Member
Topic Author
Posts: 350
Joined: Mon Jun 22, 2015 9:22 am

Re: Automatically filter a rogue public IP

Sun Sep 12, 2021 6:25 pm

Well ... I have these port closed now in favour of l2tp/ipsec vpn when needed
I'm asking myself if to have port-forwarding active for any type of service is however a threat nowadays.....
 
User avatar
inteq
Member
Member
Posts: 402
Joined: Wed Feb 25, 2015 8:15 pm
Location: Romania

Re: Automatically filter a rogue public IP

Sun Sep 12, 2021 6:45 pm

Any time you open a port for some specific program, there is a chance it will end badly.
But at least in the case of RDP, we know there are lots of vulnerabilities. Some patched, some not yet found and a lot of them with released patches but not applied.

For example: https://nvd.nist.gov/vuln/detail/CVE-2019-0708 . Long story short: wormable on the whole internal network without authentication.
I know it is an old cve, but there are tons of systems on the internet still vulnerable and exposed.

Who is online

Users browsing this forum: gkoleff, outtahere and 61 guests