Thu Aug 11, 2022 11:59 pm
Unfortunately, RouterOS doesn't provide any direct way how to handle this. There should be either built-in configurable anti-bruteforcer, or some on-login-failed event where you could add own script, but there's neither.
I saw some scripts (use search and you should find something) that handle it by parsing logs and look for failed login attempts. It's bad and even worse when you realize that required info (source address and info that login failed) is split between two lines with nothing directly linking them together (there can be several lines in between). Another approach is firewall-based, that looks for too many new connections from same address. It's even worse, because it works with all connections, including those that log in successfully.