Hello I have noticed this kind of attack a few times but lately they cause the CPU to max out
Attached is a screen shot showing the FTP service off and the log. I know it is easy to firewall this and it can be found here
http://wiki.mikrotik.com/wiki/Bruteforc ... %26_SSH%29

Is this a bug because different routers all over my network keep getting attacked like this with the FTP service off. I don't have this firewall rule an all my routers as there are too many. You would imagine with the FTP service disabled that is enough. When I firewall the IP the CPU is normal

I also made a supout.rif when the attack was in progress if that is any help

Hello I have noticed this kind of attack a few times but lately they cause the CPU to max out
Attached is a screen shot showing the FTP service off and the log. I know it is easy to firewall this and it can be found here
http://wiki.mikrotik.com/wiki/Bruteforc ... %26_SSH%29

Is this a bug because different routers all over my network keep getting attacked like this with the FTP service off. I don't have this firewall rule an all my routers as there are too many. You would imagine with the FTP service disabled that is enough. When I firewall the IP the CPU is normal

I also made a supout.rif when the attack was in progress if that is any help

i think that's is a bug if you setup a brute-force login properly the attacker will ban immediately, even in you ip/service the ftp port is disable but the bruteforce still attack.

If FTP is disabled, how is it possible to have a bruteforce attack? The mikrotik shouldn't even be tryint to authenticate FTP if it is disabled.

If it is still showing FTP failures in the log while the FTP service is disabled, that is a definate bug.