Community discussions

MUM Europe 2020
 
oceanic1
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 83
Joined: Mon Sep 14, 2009 11:15 am

Critical Logins

Wed Aug 04, 2010 10:09 am

Hi guys,
Can anyone tell and explain this critical logins?????

MMM MMM KKK TTTTTTTTTTT KKK
MMMM MMMM KKK TTTTTTTTTTT KKK
MMM MMMM MMM III KKK KKK RRRRRR OOOOOO TTT III KKK KKK
MMM MM MMM III KKKKK RRR RRR OOO OOO TTT III KKKKK
MMM MMM III KKK KKK RRRRRR OOO OOO TTT III KKK KKK
MMM MMM III KKK KKK RRR RRR OOOOOO TTT III KKK KKK

MikroTik RouterOS 4.4 (c) 1999-2009 http://www.mikrotik.com/





may/27/2005 22:21:14 system,error,critical login failure for user lovasz from 22
0.225.120.238 via ssh
may/27/2005 22:22:11 system,error,critical login failure for user sara from 220.
225.120.238 via ssh
may/27/2005 22:22:20 system,error,critical login failure for user lajos from 220
.225.120.238 via ssh
may/27/2005 22:22:28 system,error,critical login failure for user ani from 220.2
25.120.238 via ssh
[admin@Cyberia] >
echo: system,error,critical login failure for user szaboattila from 220.225.120.
238 via ssh
[admin@Cyberia] >
echo: system,error,critical login failure for user sarvari from 220.225.120.238
via ssh
[admin@Cyberia] > telnet
echo: system,error,critical login failure for user ujvary from 220.225.120.238 v
ia ssh
[admin@Cyberia] >
echo: system,error,critical login failure for user levelmegtart from 220.225.120
.238 via ssh
[admin@Cyberia] >
echo: system,error,critical login failure for user dialog from 220.225.120.238 v
ia ssh
[admin@Cyberia] >
echo: system,error,critical login failure for user szekeres from 220.225.120.238
via ssh
[admin@Cyberia] >
echo: system,error,critical login failure for user zsidai from 220.225.120.238 v
ia ssh
[admin@Cyberia] >
echo: system,error,critical login failure for user szekelykam from 220.225.120.2
38 via ssh
[admin@Cyberia] >
echo: system,error,critical login failure for user peti from 220.225.120.238 via
ssh
[admin@Cyberia] >
echo: system,error,critical login failure for user nagyzsolt from 220.225.120.23
8 via ssh
[admin@Cyberia] >
echo: system,error,critical login failure for user szk from 220.225.120.238 via
ssh
[admin@Cyberia] >
echo: system,error,critical login failure for user zakany from 220.225.120.238 v
ia ssh
[admin@Cyberia] >
echo: system,error,critical login failure for user krivik from 220.225.120.238 v
ia ssh
[admin@Cyberia] >
echo: system,error,critical login failure for user feltolt from 220.225.120.238
via ssh
[admin@Cyberia] >
echo: system,error,critical login failure for user diagnosztika from 220.225.120
.238 via ssh
[admin@Cyberia] >
echo: system,error,critical login failure for user stillerjanos from 220.225.120
.238 via ssh
[admin@Cyberia] >
echo: system,error,critical login failure for user medgyesigabor from 220.225.12
0.238 via ssh
[admin@Cyberia] >
echo: system,error,critical login failure for user fehervaripeter from 220.225.1
20.238 via ssh
[admin@Cyberia] >
echo: system,error,critical login failure for user makraibeata from 220.225.120.
238 via ssh
[admin@Cyberia] >
echo: system,error,critical login failure for user kovacskaroly from 220.225.120
.238 via ssh
[admin@Cyberia] >
echo: system,error,critical login failure for user farkasildiko from 220.225.120
.238 via ssh
[admin@Cyberia] >
echo: system,error,critical login failure for user viaberauto from 220.225.120.2
38 via ssh
[admin@Cyberia] >
echo: system,error,critical login failure for user haviarl from 220.225.120.238
via ssh
[admin@Cyberia] >
echo: system,error,critical login failure for user varhegyisandor from 220.225.1
20.238 via ssh
[admin@Cyberia] >
echo: system,error,critical login failure for user mgy from 220.225.120.238 via
ssh
[admin@Cyberia] >
echo: system,error,critical login failure for user szerviz from 220.225.120.238
via ssh
[admin@Cyberia] >
echo: system,error,critical login failure for user titkarsag from 220.225.120.23
8 via ssh
[admin@Cyberia] >
echo: system,error,critical login failure for user erdelyi from 220.225.120.238
via ssh
[admin@Cyberia] >
echo: system,error,critical login failure for user keresztes from 220.225.120.23
8 via ssh
[admin@Cyberia] >
echo: system,error,critical login failure for user kissdorottya from 220.225.120
.238 via ssh
[admin@Cyberia] >
echo: system,error,critical login failure for user bertabernadett from 220.225.1
20.238 via ssh
[admin@Cyberia] >
echo: system,error,critical login failure for user jablonkailaszlo from 220.225.
120.238 via ssh
[admin@Cyberia] >
echo: system,error,critical login failure for user feltoltvital from 220.225.120
.238 via ssh
[admin@Cyberia] >
echo: system,error,critical login failure for user somodicsaba from 220.225.120.
238 via ssh
[admin@Cyberia] >
echo: system,error,critical login failure for user vassbalazs from 220.225.120.2
38 via ssh
[admin@Cyberia] >
echo: system,error,critical login failure for user adraveczattila from 220.225.1
20.238 via ssh
[admin@Cyberia] >
echo: system,error,critical login failure for user blaskovitsanita from 220.225.
120.238 via ssh
[admin@Cyberia] >
echo: system,error,critical login failure for user odortibor from 220.225.120.23
8 via ssh
[admin@Cyberia] >
echo: system,error,critical login failure for user patakinorbert from 220.225.12
0.238 via ssh
[admin@Cyberia] >
echo: system,error,critical login failure for user retizs from 220.225.120.238 v
ia ssh
[admin@Cyberia] >
echo: system,error,critical login failure for user palot from 220.225.120.238 vi
a ssh
[admin@Cyberia] >
echo: system,error,critical login failure for user horvathtunde from 220.225.120
.238 via ssh
[admin@Cyberia] >
echo: system,error,critical login failure for user giczizsolt from 220.225.120.2
38 via ssh
[admin@Cyberia] >
echo: system,error,critical login failure for user sebokilona from 220.225.120.2
38 via ssh
[admin@Cyberia] >
echo: system,error,critical login failure for user tothgergely from 220.225.120.
238 via ssh
[admin@Cyberia] >
echo: system,error,critical login failure for user ringcsaba from 220.225.120.23
8 via ssh
[admin@Cyberia] >
echo: system,error,critical login failure for user pappanita from 220.225.120.23
8 via ssh
[admin@Cyberia] >
echo: system,error,critical login failure for user bukicsaba from 220.225.120.23
8 via ssh
[admin@Cyberia] >
echo: system,error,critical login failure for user dunaiferencne from 220.225.12
0.238 via ssh
[admin@Cyberia] >
echo: system,error,critical login failure for user stefko from 220.225.120.238 v
ia ssh
[admin@Cyberia] >
echo: system,error,critical login failure for user rakoczigabor from 220.225.120
.238 via ssh
[admin@Cyberia] >
echo: system,error,critical login failure for user nagyszabolcs from 220.225.120
.238 via ssh
[admin@Cyberia] >
echo: system,error,critical login failure for user szemesbela from 220.225.120.2
38 via ssh
[admin@Cyberia] >
echo: system,error,critical login failure for user meszaros from 220.225.120.238
via ssh
[admin@Cyberia] >
echo: system,error,critical login failure for user babocsgyongyver from 220.225.
120.238 via ssh
[admin@Cyberia] >
echo: system,error,critical login failure for user babucsgyongyver from 220.225.
120.238 via ssh
[admin@Cyberia] >
echo: system,error,critical login failure for user ratkaieva from 220.225.120.23
8 via ssh
[admin@Cyberia] >
echo: system,error,critical login failure for user horvathakos from 220.225.120.
238 via ssh
[admin@Cyberia] >
echo: system,error,critical login failure for user magyariakos from 220.225.120.
238 via ssh
[admin@Cyberia] >
echo: system,error,critical login failure for user farkas from 220.225.120.238 v
ia ssh
[admin@Cyberia] >
echo: system,error,critical login failure for user vitalcomp from 220.225.120.23
8 via ssh
[admin@Cyberia] >
echo: system,error,critical login failure for user alexandra from 220.225.120.23
8 via ssh
[admin@Cyberia] >
echo: system,error,critical login failure for user makaimelinda from 220.225.120
.238 via ssh
[admin@Cyberia] >
echo: system,error,critical login failure for user patakfalvitamas from 220.225.
120.238 via ssh
[admin@Cyberia] >
echo: system,error,critical login failure for user sanyi from 220.225.120.238 vi
a ssh
[admin@Cyberia] >
echo: system,error,critical login failure for user takacsrobert from 220.225.120
.238 via ssh
[admin@Cyberia] >
echo: system,error,critical login failure for user pallzsombor from 220.225.120.
238 via ssh
[admin@Cyberia] >
echo: system,error,critical login failure for user gyeneicsilla from 220.225.120
.238 via ssh
[admin@Cyberia] >
echo: system,error,critical login failure for user nagyaniko from 220.225.120.23
8 via ssh
[admin@Cyberia] >
echo: system,error,critical login failure for user csegzylaszlo from 220.225.120
.238 via ssh
[admin@Cyberia] >
echo: system,error,critical login failure for user frigyescsaba from 220.225.120
.238 via ssh
[admin@Cyberia] >
echo: system,error,critical login failure for user uvegeskatalin from 220.225.12
0.238 via ssh
[admin@Cyberia] >
echo: system,error,critical login failure for user barkimaria from 220.225.120.2
38 via ssh
[admin@Cyberia] >
echo: system,error,critical login failure for user turinegabi from 220.225.120.2
38 via ssh
[admin@Cyberia] >
echo: system,error,critical login failure for user feketeanita from 220.225.120.
238 via ssh
[admin@Cyberia] >
echo: system,error,critical login failure for user takacszsuzsa from 220.225.120
.238 via ssh
[admin@Cyberia] >
echo: system,error,critical login failure for user raktar from 220.225.120.238 v
ia ssh
[admin@Cyberia] >
echo: system,error,critical login failure for user cshenriett from 220.225.120.2
38 via ssh
[admin@Cyberia] >
echo: system,error,critical login failure for user munin from 220.225.120.238 vi
a ssh
[admin@Cyberia] >
echo: system,error,critical login failure for user rendszergazda from 220.225.12
0.238 via ssh
[admin@Cyberia] >
echo: system,error,critical login failure for user stefkokatalin from 220.225.12
0.238 via ssh
[admin@Cyberia] >
echo: system,error,critical login failure for user gazdig from 220.225.120.238 v
ia ssh
[admin@Cyberia] >
echo: system,error,critical login failure for user vikicsaba from 220.225.120.23
8 via ssh
[admin@Cyberia] >
echo: system,error,critical login failure for user gubacsigyorgy from 220.225.12
0.238 via ssh
[admin@Cyberia] >
echo: system,error,critical login failure for user lipothregina from 220.225.120
.238 via ssh
[admin@Cyberia] >
echo: system,error,critical login failure for user hegeduseva from 220.225.120.2
38 via ssh
[admin@Cyberia] >
echo: system,error,critical login failure for user bixdata from 220.225.120.238
via ssh
[admin@Cyberia] >
echo: system,error,critical login failure for user cactiuser from 220.225.120.23
8 via ssh
[admin@Cyberia] >
echo: system,error,critical login failure for user charlie from 220.225.120.238
via ssh
[admin@Cyberia] >
echo: system,error,critical login failure for user srsnews from 220.225.120.238
via ssh
[admin@Cyberia] >
echo: system,error,critical login failure for user letsta from 220.225.120.238 v
ia ssh
[admin@Cyberia] >
echo: system,error,critical login failure for user letstalk from 220.225.120.238
via ssh
[admin@Cyberia] >
echo: system,error,critical login failure for user warren from 220.225.120.238 v
ia ssh
[admin@Cyberia] >
echo: system,error,critical login failure for user vhbackup from 220.225.120.238
via ssh
[admin@Cyberia] >
echo: system,error,critical login failure for user willie from 220.225.120.238 v
ia ssh
[admin@Cyberia] >
echo: system,error,critical login failure for user amanda from 220.225.120.238 v
ia ssh
[admin@Cyberia] >
echo: system,error,critical login failure for user tiptop from 220.225.120.238 v
ia ssh
[admin@Cyberia] >
echo: system,error,critical login failure for user topgui from 220.225.120.238 v
ia ssh
[admin@Cyberia] >
echo: system,error,critical login failure for user toptest from 220.225.120.238
via ssh
[admin@Cyberia] >
echo: system,error,critical login failure for user topstd from 220.225.120.238 v
ia ssh
[admin@Cyberia] >
echo: system,error,critical login failure for user 3703 from 220.225.120.238 via
ssh
[admin@Cyberia] >
echo: system,error,critical login failure for user kladeo from 220.225.120.238 v
ia ssh
[admin@Cyberia] >
echo: system,error,critical login failure for user sabayon from 220.225.120.238
via ssh
[admin@Cyberia] >
echo: system,error,critical login failure for user swp from 220.225.120.238 via
ssh
[admin@Cyberia] >
echo: system,error,critical login failure for user justin from 220.225.120.238 v
ia ssh
[admin@Cyberia] >
 
User avatar
NAB
Trainer
Trainer
Posts: 503
Joined: Tue Feb 10, 2009 4:08 pm
Location: UK
Contact:

Re: Critical Logins

Wed Aug 04, 2010 10:33 am

/ip firewall filter add place-before=0 src-address=220.225.120.238 chain=input action=drop
Nicholas Barnes BSc(hons)
Certified Mikrotik Consultant
Certified Mikrotik Trainer

Vitell - Asterisk, Linux and network consultants
Unofficial IRC channel: #routerboard on irc.z.je
 
blake
Member
Member
Posts: 426
Joined: Mon May 31, 2010 10:46 pm
Location: Arizona

Re: Critical Logins

Wed Aug 04, 2010 10:35 am

You have port 22 (SSH) open to the general internet and someone is trying to gain access to your router through brute force logins. This is 'normal' on the Internet.

You can either turn off SSH altogether.
/ip service disable ssh
Disable access from external sources (update to reflect actual interface name).
/ip firewall filter
add chain=input action=drop dst-port=22 in-interface=public
Or implement an SSH blacklist which will block the host for 1 week & 3 days after four consecutive login failures in under (approx) 5 mins.
add action=drop chain=input dst-port=22 protocol=tcp src-address-list=ssh_blacklist

add action=add-src-to-address-list address-list=ssh_blacklist address-list-timeout=1w3d chain=input connection-state=new dst-port=22 protocol=tcp src-address-list=ssh_stage3

add action=add-src-to-address-list address-list=ssh_stage3 address-list-timeout=1m chain=input connection-state=new dst-port=22 protocol=tcp src-address-list=ssh_stage2

add action=add-src-to-address-list address-list=ssh_stage2 address-list-timeout=1m chain=input connection-state=new dst-port=22 protocol=tcp src-address-list=ssh_stage1

add action=add-src-to-address-list address-list=ssh_stage1 address-list-timeout=1m chain=input connection-state=new dst-port=22 protocol=tcp src-address-type=!local

add action=accept chain=input connection-state=new dst-port=22 protocol=tcp
Last edited by blake on Wed Aug 04, 2010 10:38 am, edited 1 time in total.
IT consultant. Network manager. Packet junkie.
1-928-328-1509
 
kirshteins
MikroTik Support
MikroTik Support
Posts: 592
Joined: Tue Dec 02, 2008 10:55 am

Re: Critical Logins

Wed Aug 04, 2010 10:38 am

Changing SSH port worked best for me.
/ip service set ssh port=2222
 
oceanic1
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 83
Joined: Mon Sep 14, 2009 11:15 am

Re: Critical Logins

Wed Aug 04, 2010 10:41 am

Thanks...... It stop after placing the rule :lol: :D

Who is online

Users browsing this forum: Costa, jo2jo, mktkRB and 114 guests