Community discussions

MikroTik App
 
jphconstantin
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 90
Joined: Fri Sep 22, 2017 7:17 pm
Location: Switzerland

denied winbox/dude message

Sun Dec 10, 2017 7:39 pm

Hello,
Found in my log:
denied winbox/dude connect from 5.39.218.37
Shall I consider that as an attempt of attack ?
Shall I protect better my router ?

Thank you,
 
jarda
Forum Guru
Forum Guru
Posts: 7756
Joined: Mon Oct 22, 2012 4:46 pm

Re: denied winbox/dude message

Sun Dec 10, 2017 11:36 pm

Sure. Especially if it is not your address and the connection attempts are repetitive.
 
User avatar
docmarius
Forum Guru
Forum Guru
Posts: 1222
Joined: Sat Nov 06, 2010 12:04 pm
Location: Timisoara, Romania
Contact:

Re: denied winbox/dude message

Mon Dec 11, 2017 9:16 am

You should assume any connection on any open port possible on your system, because you can not control what people do on the internet. Actually you should expect them to do it and there is nothing you can do except secure your equipment (e.g. closing ports you don't need, restricting access to certain IPs. In this case, do you really need winbox acces from the WAN?). Getting alarmed by every connection attempt due to a port scan or ping is overreacting.
 
jphconstantin
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 90
Joined: Fri Sep 22, 2017 7:17 pm
Location: Switzerland

Re: denied winbox/dude message

Mon Dec 11, 2017 4:01 pm

No I don't want any access to winbox from the WAN.
I suppose I will find how to fix that in the wiki.
Thank you.
 
User avatar
docmarius
Forum Guru
Forum Guru
Posts: 1222
Joined: Sat Nov 06, 2010 12:04 pm
Location: Timisoara, Romania
Contact:

Re: denied winbox/dude message

Mon Dec 11, 2017 5:58 pm

You just need to add a firewall filter rule on chain input, incoming port WAN (use the proper name from you system), protocol 6 (tcp) port 8291.
/ip firewall filter add action=drop chain=input comment="Winbox on WAN" in-interface=WAN dst-port=8291 protocol=tcp
But the best approach on the WAN would be only to accept established/related packets and specific ones you actually want (e.g. tunnel related) and drop the rest.

Something like:
input:
- accept ICMP (optional)
- accept all from LAN
- fasttrack established/related (optional)
- accept established/related
- accept specific ones if needed (optional)
- drop all
forward:
- accept ICMP (optional)
- accept all from LAN
- fasttrack established/related (optional)
- accept established/related
- accept specific port or protocol forwarding (optional)
- drop all
output:
- accept all (default rule, no need to set it explicitly)
 
jphconstantin
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 90
Joined: Fri Sep 22, 2017 7:17 pm
Location: Switzerland

Re: denied winbox/dude message

Mon Dec 11, 2017 6:42 pm

I believed that the fasttrack rules should be the first ones ?
 
jarda
Forum Guru
Forum Guru
Posts: 7756
Joined: Mon Oct 22, 2012 4:46 pm

Re: denied winbox/dude message

Tue Dec 12, 2017 12:47 am

Fasttrack rules can be where you need them. Just follow them by the same accepting rule because not all traffic is fasttrackable.
 
loic69
just joined
Posts: 8
Joined: Mon Dec 28, 2015 3:34 pm

Re: denied winbox/dude message

Mon Mar 05, 2018 11:27 pm

Why can we had this winbox/dude denied in the time we have ACL that restrict IP address in /ip service winbox...
in our case we're aothorizing just one IP.
And we have this winbox/dude from others IP in the internet !

Who is online

Users browsing this forum: chuby and 19 guests