Found login attempts in the logs:
Code: Select all
login failure for user admin from 172.20.10.1 via winbox
At first I thought NAT, but even when all NAT rules are disabled, attempts continue.
Tried to search through torch but found only packages from CAPsMAN.
Confused a) that attempts from the local address of the device, b) through winbox
account disabled, temporarily solved the case with a firewall, but I would like to understand the reasons.
Any ideas on how to identify the source of the problem?