Community discussions

 
HZsolt
just joined
Topic Author
Posts: 24
Joined: Tue Apr 24, 2018 7:31 pm

MikroTik blacklists (IPv4/IPv6)

Mon Jul 08, 2019 10:07 pm

Hello!

Which is the best MikroTik blacklist?

Examples:
https://pawelgrzes.pl/blog/mikrotik-blacklist
https://itexpertoncall.com/promotional/moab.html
http://www.squidblacklist.org/downloads.html
http://joshaven.com/resources/tricks/mi ... ress-list/
etc.

Where can I find free, uptodate IPv6 blacklist for MikroTik routers?
 
R1CH
Forum Veteran
Forum Veteran
Posts: 890
Joined: Sun Oct 01, 2006 11:44 pm

Re: MikroTik blacklists (IPv4/IPv6)

Fri Jul 12, 2019 2:02 pm

Depends what you want to blacklist. I've found from past experience that many blacklists are outdated and eventually block legitimate traffic, instead focus on securing your environment such that a blacklist of "bad IPs" is not needed.
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 1302
Joined: Sat Dec 24, 2016 11:17 am
Location: jo.overland at gmail.com

Re: MikroTik blacklists (IPv4/IPv6)

Fri Jul 12, 2019 2:18 pm

I do agree with R1CH.
Using resource on securing your router and services are more important than using black list that are not up do date.
Change all admin users on all your exposed system (webserver etc)
Use long and complex password that are changed now and then.
Do not open admin function to your router form internet.
Use VPN if remote access is needed.

Also do log access to your system/router etc and look at the logs.

I have added a rule so that any who tries a port on my system that are not open, get blocked to all access for 24 hour to all ports.
Since this can block my self, I do use white list for my work, and can use port knock to add my self to white list.

+++
 
How to use Splunk to monitor your MikroTik Router

MikroTik->Splunk
 
 
pe1chl
Forum Guru
Forum Guru
Posts: 5811
Joined: Mon Jun 08, 2015 12:09 pm

Re: MikroTik blacklists (IPv4/IPv6)

Fri Jul 12, 2019 3:01 pm

I have added a rule so that any who tries a port on my system that are not open, get blocked to all access for 24 hour to all ports.
Since this can block my self, I do use white list for my work, and can use port knock to add my self to white list.
Please note that this can be insufficient. There are people out on the internet who send TCP SYN packets that appear to originate e.g. from 1.1.1.1
When you have such a rule on your system, it will block 1.1.1.1 for sure.
That can be a problem when you use that for DNS. Of course only when you use it for more than "new incoming trafic from xxxx" but usually people with the mindset to use a blocklist will sooner or later decide they need to block ALL traffic from that source AS SOON AS POSSIBLE so they put it in the raw table, and then they are in trouble,
 
msatter
Forum Guru
Forum Guru
Posts: 1225
Joined: Tue Feb 18, 2014 12:56 am
Location: Netherlands / Nīderlande

Re: MikroTik blacklists (IPv4/IPv6)

Fri Jul 12, 2019 3:11 pm

If you don't run any services that can reached from the outside you can drop all NEW traffic coming in on the WAN not even hitting connection tracking.

Dispite that, securing down you router is alway needed.
Two RB760iGS (hEX S) in series. One does PPPoE and both do IKEv2.
Running:
RouterOS 6.46Beta / Winbox 3.20 / MikroTik APP 1.3.4
Having an Android device, use https://github.com/M66B/NetGuard/releases (no root required)

Who is online

Users browsing this forum: No registered users and 80 guests