Community discussions

MikroTik App
 
khaloudy
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 92
Joined: Mon Jun 29, 2009 6:12 am

string log events

Mon May 23, 2011 3:02 am

hi sir
when i open log to see how user can log or not
i see string events
i will upload this image
best regards ..
You do not have the required permissions to view the files attached to this post.
 
fewi
Forum Guru
Forum Guru
Posts: 7717
Joined: Tue Aug 11, 2009 3:19 am

Re: string log events

Mon May 23, 2011 3:23 am

Change the "admin" address list below to contain all networks that you want to have SSH, FTP, and winbox access before applying the configuration change, the below allows all private IPs (which probably isn't what you want, but at least won't badly break things):
/ip firewall address-list
add list=admin address=10.0.0.0/8
add list=admin address=172.16.0.0/12
add list=admin address=192.168.0.0/16
/ip firewall filter
add place-before=0 chain=input protocol=tcp dst-port=21,22,8291 src-address-list=!admin action=drop
That's just a stop gap measure. Read the below links until you fully understand them and then secure your router.
http://wiki.mikrotik.com/wiki/Manual:IP/Firewall/Filter
http://wiki.mikrotik.com/wiki/Securing_ ... rOs_Router
http://wiki.mikrotik.com/wiki/Securing_your_router
 
khaloudy
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 92
Joined: Mon Jun 29, 2009 6:12 am

Re: string log events

Mon May 23, 2011 3:32 am

sir i don't log in this time
i think this is hacker
i am not trying to log anyway
when i try to login no problem
this is not me
 
khaloudy
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 92
Joined: Mon Jun 29, 2009 6:12 am

Re: string log events

Mon May 23, 2011 3:41 am

ip firewall address-list
add list=admin address=10.0.0.0/8
add list=admin address=172.16.0.0/12
add list=admin address=192.168.0.0/16
this is ok

but this is no
[admin@MikroTik] ip firewall filter> add place-before=0 chain=input protocol=tcp dst-port=21,22,8291 src-address
-list=!admin action=drop
item number must be assigned by a print command
use print command before using an item number in a command
[admin@MikroTik] ip firewall filter>
 
SurferTim
Forum Guru
Forum Guru
Posts: 4636
Joined: Mon Jan 07, 2008 10:31 pm
Location: Miramar Beach, Florida

Re: string log events

Mon May 23, 2011 4:02 am

Then do what it asks.
/ip firewall filter
print
add place-before=0 chain=input protocol=tcp dst-port=21,22,8291 src-address-list=!admin action=drop
 
khaloudy
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 92
Joined: Mon Jun 29, 2009 6:12 am

Re: string log events

Mon May 23, 2011 7:12 am

[admin@MikroTik] > /ip firewall filter
[admin@MikroTik] ip firewall filter> print
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; Drop Invalid connections
chain=input connection-state=invalid action=drop

1 ;;; Allow Established connections
chain=input connection-state=established action=accept

2 ;;; Allow ICMP
chain=input protocol=icmp action=accept

3 ;;; Drop everything else
chain=input action=drop

4 ;;; Accept established connections
chain=input connection-state=established action=accept

5 ;;; Accept related connections
chain=input connection-state=related action=accept

6 ;;; Drop invalid connections
chain=input connection-state=invalid action=drop

7 ;;; UDP
chain=input protocol=udp action=accept

8 ;;; Allow limited pings
chain=input protocol=icmp limit=50/5s,2 action=accept

9 ;;; Drop excess pings
chain=input protocol=icmp action=drop

10 ;;; SSH for secure shell
chain=input protocol=tcp dst-port=22 action=accept

11 ;;; winbox
chain=input protocol=tcp dst-port=8291 action=accept

12 ;;; From Mikrotikls network
chain=input src-address=159.148.172.192/28 action=accept

13 ;;; From our private LAN
chain=input src-address=10.0.0.0/8 action=accept

14 ;;; Log everything else
chain=input action=log log-prefix="DROP INPUT"

15 ;;; Drop everything else
chain=input action=drop

16 chain=forward src-address=0.0.0.0/8 action=drop

17 chain=forward dst-address=0.0.0.0/8 action=drop

18 chain=forward src-address=127.0.0.0/8 action=drop

19 chain=forward dst-address=127.0.0.0/8 action=drop

20 chain=forward src-address=224.0.0.0/3 action=drop

21 chain=forward dst-address=224.0.0.0/3 action=drop

22 chain=forward protocol=tcp action=jump jump-target=tcp

23 chain=forward protocol=udp action=jump jump-target=udp

24 chain=forward protocol=icmp action=jump jump-target=icmp

[admin@MikroTik] ip firewall filter> add place-before=0 chain=input protocol=tcp dst-port=21,22,8291 src-address
-list=!admin action=drop
invalid value 21,22,8291 for min, an integer required
[admin@MikroTik] ip firewall filter>
 
fewi
Forum Guru
Forum Guru
Posts: 7717
Joined: Tue Aug 11, 2009 3:19 am

Re: string log events

Mon May 23, 2011 7:23 am

What version are you running? Post the output of "/system resource print". Please start wrapping output in
 tags.

By the way, according to rule #3 it's absolutely impossible you got those logs you were showing a screenshot of, and impossible for you to be in the router at all via anything but a serial console or MAC telnet or MAC winbox. Something here isn't adding up at all.

Who is online

Users browsing this forum: Ahrefs [Bot], Amazon [Bot], Bing [Bot], bpwl, hendry and 76 guests