block the attempt to access the winbox via ACL
in ip service, where only the registered ip can access the winbox
ok it works very well, however I get a lot of attempts but all unsuccessful
have these attempts by looking in the "log"
the record appears in blue, in "topics" of the "warning" type
I think of it this way:
those who are interested in trying to access the router, may also be interested in Ddos attacks.
To avoid this possible interest, I would like to send this attacking ip to blackhole.
I know that to see this log of attempted access via terminal, it is by the command: /log print where topics = warning
in the example below I will demonstrate how the script dynamics would be:
the script run the command: / log print where topics = warning
this is a real result:
may / 28 12:39:14 warning denied winbox / dude connect from 181.46.136.147
may / 28 12:39:16 warning denied winbox / dude connect from 181.46.136.147
may / 28 12:39:18 warning denied winbox / dude connect from 181.46.136.147
may / 28 12:39:20 warning denied winbox / dude connect from 181.46.136.147
may / 28 12:39:23 warning denied winbox / dude connect from 181.46.136.147
may / 28 12:39:25 warning denied winbox / dude connect from 181.46.136.147
may / 28 12:39:27 warning denied winbox / dude connect from 181.46.136.147
may / 28 12:39:30 warning denied winbox / dude connect from 181.46.136.147
may / 28 12:40:26 warning denied winbox / dude connect from 181.46.136.147
may / 28 12:40:29 warning denied winbox / dude connect from 181.46.136.147
may / 28 12:40:31 warning denied winbox / dude connect from 181.46.136.147
the script then captures the source ip, in this case: 181.46.136.147 and sends it to blackhole with this command:
/ ip route dst-address = 181.46.136.147 type = blackhole
only that! but I never did a script before !!
does anyone have a script or help me build a script for this.
today in my bgp i do good ddos practices, i have fastnetmon with exabgp installed parallel, closing a bgp session
I also have two bgp sessions with cymru, I get 1400 routes
and put my public ips that I don’t use in the blackhole avoiding a static loop
but more security is never too much !!