Community discussions

MikroTik App
 
User avatar
rextended
Forum Guru
Forum Guru
Topic Author
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Today 2022-06-26: winbox attack from 45.71.115.59

Sun Jun 26, 2022 4:32 pm

Today is the first time I see a single IP address (45.71.115.59) that tries to connect to thousands of IPs to try to bruteforce login on the winbox service...
Not just a range, but thousands of IP addresses from dozens of distant pools of different AS...

Hope no one has left Winbox service open on the WAN side :lol:
 
User avatar
Znevna
Forum Guru
Forum Guru
Posts: 1347
Joined: Mon Sep 23, 2019 1:04 pm

Re: Today 2022-06-26: winbox attack from 45.71.115.59

Sun Jun 26, 2022 5:19 pm

But why do you have winbox open to unknown IPs? 0o
 
User avatar
rextended
Forum Guru
Forum Guru
Topic Author
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Today 2022-06-26: winbox attack from 45.71.115.59

Sun Jun 26, 2022 5:23 pm

that tries to connect
Just log attempts, not open service/port ;)

Is the first time I see the same IP everywhere... :roll:
 
User avatar
vecernik87
Forum Veteran
Forum Veteran
Posts: 882
Joined: Fri Nov 10, 2017 8:19 am

Re: Today 2022-06-26: winbox attack from 45.71.115.59

Sun Jun 26, 2022 5:48 pm

IMHO, that means some script kid logged in. Nothing else than a step backwards in terms of attack quality. Everyone knows for ages, that attacking too many targets from a single IP is a stupid thing to do.
 
sindy
Forum Guru
Forum Guru
Posts: 10205
Joined: Mon Dec 04, 2017 9:19 pm

Re: Today 2022-06-26: winbox attack from 45.71.115.59

Sun Jun 26, 2022 6:58 pm

Or the attack is a reverse one - someone wants that single address to get blacklisted, so it spoofs that address as a source of SYN packets actually sent from somewhere else to make people take action against it. Not every ISP uses source filtering to prevent spoofing.

I'm not saying it definitely is the case, I'm just saying that's one of possible explanations.
 
User avatar
rextended
Forum Guru
Forum Guru
Topic Author
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Today 2022-06-26: winbox attack from 45.71.115.59

Sun Jun 26, 2022 10:29 pm

Thanks @sindy, i do not do any action against that IP, is useless, but your point of view is what now I also think...

Who is online

Users browsing this forum: Kanzler, rhn007 and 82 guests