Community discussions

MikroTik App
 
User avatar
Ca6ko
Member
Member
Topic Author
Posts: 499
Joined: Wed May 04, 2022 10:59 pm
Location: Kharkiv, Ukraine

Virus attack on the router

Sun Jul 03, 2022 11:14 pm

Hello friends.
Faced with this problem, similar encountered a year ago.
From a computer running WIN7 (IP 192.168.210.21) from the local network the router is attacked. The computer is probably infected with a virus. Has anyone encountered such a problem? The AVG antivirus is up to date. Please advise how to cure where to look.
22:54:31 system,error,critical login failure for user  from 192.168.210.21 via telnet 
22:54:32 system,error,critical login failure for user admin from 192.168.210.21 via telnet 
22:54:33 system,error,critical login failure for user admin from 192.168.210.21 via telnet 
22:54:34 system,error,critical login failure for user admin from 192.168.210.21 via telnet 
22:54:36 system,error,critical login failure for user admin from 192.168.210.21 via telnet 
22:54:37 system,error,critical login failure for user  from 192.168.210.21 via telnet 
22:54:38 system,error,critical login failure for user  from 192.168.210.21 via telnet 
22:54:39 system,error,critical login failure for user MikroTikSystem from 192.168.210.21 via telnet 
22:54:40 system,error,critical login failure for user SolucTec from 192.168.210.21 via telnet 
22:54:41 system,error,critical login failure for user SolucTec from 192.168.210.21 via telnet 
22:54:42 system,error,critical login failure for user dircreate from 192.168.210.21 via telnet 
22:54:43 system,error,critical login failure for user EServicios from 192.168.210.21 via telnet 
22:54:45 system,error,critical login failure for user EServicios from 192.168.210.21 via telnet 
22:54:46 system,error,critical login failure for user admin from 192.168.210.21 via telnet 
22:54:47 system,error,critical login failure for user user from 192.168.210.21 via telnet 
22:54:48 system,error,critical login failure for user user from 192.168.210.21 via telnet 
22:54:49 system,error,critical login failure for user admin from 192.168.210.21 via telnet 
22:54:50 system,error,critical login failure for user root from 192.168.210.21 via telnet 
22:54:52 system,error,critical login failure for user root from 192.168.210.21 via telnet 
22:54:53 system,error,critical login failure for user sysadm from 192.168.210.21 via telnet 
22:54:54 system,error,critical login failure for user root from 192.168.210.21 via telnet 
22:54:55 system,error,critical login failure for user root from 192.168.210.21 via telnet 
22:54:56 system,error,critical login failure for user  from 192.168.210.21 via telnet 
22:54:57 system,error,critical login failure for user Admin from 192.168.210.21 via telnet 
22:54:58 system,error,critical login failure for user Admin from 192.168.210.21 via telnet 
22:54:59 system,error,critical login failure for user root from 192.168.210.21 via telnet 
22:55:00 system,error,critical login failure for user root from 192.168.210.21 via telnet 
22:55:02 system,error,critical login failure for user root from 192.168.210.21 via telnet 
22:55:03 system,error,critical login failure for user admin from 192.168.210.21 via telnet 
22:55:04 system,error,critical login failure for user admin from 192.168.210.21 via telnet 
22:55:05 system,error,critical login failure for user admin from 192.168.210.21 via telnet 
22:55:07 system,error,critical login failure for user admin from 192.168.210.21 via telnet 
22:55:08 system,error,critical login failure for user meo from 192.168.210.21 via telnet 
22:55:09 system,error,critical login failure for user Admin from 192.168.210.21 via telnet 
22:55:10 system,error,critical login failure for user Admin from 192.168.210.21 via telnet 
22:55:11 system,error,critical login failure for user guest from 192.168.210.21 via telnet 
22:55:12 system,error,critical login failure for user ubnt from 192.168.210.21 via telnet 
22:55:13 system,error,critical login failure for user ubnt from 192.168.210.21 via telnet 
22:55:14 system,error,critical login failure for user Administrator from 192.168.210.21 via telnet 
22:55:18 system,error,critical login failure for user admin from 192.168.210.21 via ftp 
22:55:19 system,error,critical login failure for user admin from 192.168.210.21 via ftp 
22:55:20 system,error,critical login failure for user admin from 192.168.210.21 via ftp 
22:55:21 system,error,critical login failure for user MikroTikSystem from 192.168.210.21 via ftp 
22:55:22 system,error,critical login failure for user SolucTec from 192.168.210.21 via ftp 
22:55:23 system,error,critical login failure for user dircreate from 192.168.210.21 via ftp 
22:55:24 system,error,critical login failure for user EServicios from 192.168.210.21 via ftp 
22:55:26 system,error,critical login failure for user admin from 192.168.210.21 via ftp 
22:55:27 system,error,critical login failure for user user from 192.168.210.21 via ftp 
22:55:28 system,error,critical login failure for user admin from 192.168.210.21 via ftp 
22:55:29 system,error,critical login failure for user root from 192.168.210.21 via ftp 
22:55:30 system,error,critical login failure for user sysadm from 192.168.210.21 via ftp 
22:55:31 system,error,critical login failure for user root from 192.168.210.21 via ftp 
22:55:32 system,error,critical login failure for user Admin from 192.168.210.21 via ftp 
22:55:33 system,error,critical login failure for user root from 192.168.210.21 via ftp 
22:55:34 system,error,critical login failure for user root from 192.168.210.21 via ftp 
22:55:35 system,error,critical login failure for user admin from 192.168.210.21 via ftp 
22:55:36 system,error,critical login failure for user admin from 192.168.210.21 via ftp 
22:55:37 system,error,critical login failure for user meo from 192.168.210.21 via ftp 
22:55:38 system,error,critical login failure for user Admin from 192.168.210.21 via ftp 
22:55:39 system,error,critical login failure for user guest from 192.168.210.21 via ftp 
22:55:40 system,error,critical login failure for user ubnt from 192.168.210.21 via ftp 
22:55:41 system,error,critical login failure for user Administrator from 192.168.210.21 via ftp 
22:55:42 system,error,critical login failure for user admin from 192.168.210.21 via ftp 
22:55:43 system,error,critical login failure for user admin from 192.168.210.21 via ftp 
22:55:44 system,error,critical login failure for user admin from 192.168.210.21 via ftp 
22:55:45 system,error,critical login failure for user vodafone from 192.168.210.21 via ftp 
22:55:46 system,error,critical login failure for user root from 192.168.210.21 via ftp 
22:55:47 system,error,critical login failure for user root from 192.168.210.21 via ftp 
22:55:48 system,error,critical login failure for user Administrator from 192.168.210.21 via ftp 
22:55:49 system,error,critical login failure for user root from 192.168.210.21 via ftp 
22:55:50 system,error,critical login failure for user root from 192.168.210.21 via ftp 
22:55:51 system,error,critical login failure for user root from 192.168.210.21 via ftp 
22:55:52 system,error,critical login failure for user root from 192.168.210.21 via ftp 
22:55:53 system,error,critical login failure for user root from 192.168.210.21 via ftp 
22:55:54 system,error,critical login failure for user root from 192.168.210.21 via ftp 
22:55:55 system,error,critical login failure for user admin from 192.168.210.21 via ftp 
22:55:56 system,error,critical login failure for user admin from 192.168.210.21 via ftp 
22:55:57 system,error,critical login failure for user root from 192.168.210.21 via ftp 
22:55:58 system,error,critical login failure for user root from 192.168.210.21 via ftp 
22:55:59 system,error,critical login failure for user root from 192.168.210.21 via ftp 
22:56:00 system,error,critical login failure for user root from 192.168.210.21 via ftp 
22:56:01 system,error,critical login failure for user root from 192.168.210.21 via ftp 
22:56:02 system,error,critical login failure for user admin from 192.168.210.21 via ftp 
22:56:03 system,error,critical login failure for user admin from 192.168.210.21 via ftp 
22:56:04 system,error,critical login failure for user admin from 192.168.210.21 via ftp 
22:56:05 system,error,critical login failure for user admin from 192.168.210.21 via ftp 
22:56:06 system,error,critical login failure for user root from 192.168.210.21 via ftp 
22:56:07 system,error,critical login failure for user root from 192.168.210.21 via ftp 
22:56:08 system,error,critical login failure for user Admin from 192.168.210.21 via ftp 
22:56:09 system,error,critical login failure for user root from 192.168.210.21 via ftp 
22:56:10 system,error,critical login failure for user admin from 192.168.210.21 via ftp 
22:56:11 system,error,critical login failure for user root from 192.168.210.21 via ftp 
22:56:12 system,error,critical login failure for user admin from 192.168.210.21 via ftp 
22:56:13 system,error,critical login failure for user root from 192.168.210.21 via ftp 
22:56:14 system,error,critical login failure for user admin from 192.168.210.21 via ftp 
22:56:15 system,error,critical login failure for user root from 192.168.210.21 via ftp 
22:56:16 system,error,critical login failure for user root from 192.168.210.21 via ftp 
22:56:17 system,error,critical login failure for user user from 192.168.210.21 via ftp 
22:56:18 system,error,critical login failure for user root from 192.168.210.21 via ftp 
 
Zacharias
Forum Guru
Forum Guru
Posts: 3459
Joined: Tue Dec 12, 2017 12:58 am
Location: Greece

Re: Virus attack on the router

Sun Jul 03, 2022 11:20 pm

You could create an address list with specific IP addresses that can access the router either with winbox, telnet or SSH and exclude that IP from the allowed ones...
This would require a correct firewall configuration...

Also, you could set the allowed IPs under ip/services for ssh, telnet, winbox etc...

You could as well disable ftp and telnet if you do not use them or need them ...
 
User avatar
Ca6ko
Member
Member
Topic Author
Posts: 499
Joined: Wed May 04, 2022 10:59 pm
Location: Kharkiv, Ukraine

Re: Virus attack on the router

Sun Jul 03, 2022 11:30 pm

Thanks for the reply.
This I understand, but this computer is the only one in the router's network, I connect to it via RDP.
The thing is that this list of logins I have already seen in another network about a year ago, someone is purposefully attacking ROS devices.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19103
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Virus attack on the router

Mon Jul 04, 2022 12:14 am

You need to provide a network diagram to better understand your situation.
Why are you RDPing into this PC?
Can access be better served by wireguard??

Why not team viewer or something else......
 
tangent
Forum Guru
Forum Guru
Posts: 1351
Joined: Thu Jul 01, 2021 3:15 pm
Contact:

Re: Virus attack on the router

Mon Jul 04, 2022 12:16 am

From a computer running WIN7

You're running an OS 2.5 years out of extended support and wondering why you're having security problems?

22:54:31 system,error,critical login failure for user from 192.168.210.21 via telnet

Telnet should be disabled, even on the LAN. It's trivially snoopable.

I connect to it via RDP.

RDP has a long list of vulnerabilities. I assume all of those will be patched in current OSes, but I wouldn't expect that of Windows 7. Since your average Windows 7 box runs as Administrator, once they're in, they own the computer. Solution is nuke-and-pave.
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3291
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: Virus attack on the router

Mon Jul 04, 2022 8:08 am

but this computer is the only one in the router's network, I connect to it via RDP.
Since this is your computer, reinstall it. You do not now what other problems you will get with it, since its already are infected.

To reach inn to your network wit RDP, you should use VPN from your external device.
Or you could use Portnocking. RDP port will only be open after a Portknock.

I do also monitor all port on my system. If anyone tries any port that are not open, they will be added to a block list for 24 hor.

Who is online

Users browsing this forum: DanMos79, matbcvo and 82 guests