Community discussions

MikroTik App
 
moeinfrozen
just joined
Topic Author
Posts: 22
Joined: Tue Sep 29, 2020 10:53 pm

Drop Bad Request Input

Thu Aug 11, 2022 9:06 pm

hi
how i can auto add ip of this failure request In firewall for 1 Hour ?

Aug/11/2021 22:33:07 pptp,info TCP connection established from 93.117.180.217
Aug/11/2021 22:33:08 pptp,ppp,error <318>: user test_au210253 authentication failed


this user test_au210253 not exist in serve

thanks
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19103
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Drop Bad Request Input

Thu Aug 11, 2022 11:10 pm

Why bother, the traffic is dropped.
Do you have a source address list to limit those with access.........
 
moeinfrozen
just joined
Topic Author
Posts: 22
Joined: Tue Sep 29, 2020 10:53 pm

Re: Drop Bad Request Input

Thu Aug 11, 2022 11:52 pm

Why bother, the traffic is dropped.
Do you have a source address list to limit those with access.........
No, I don't have a special address to limit users

Any user can connect to the server from anywhere
And no limit should be created for all users

This Is Vpn Server
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: Drop Bad Request Input

Thu Aug 11, 2022 11:59 pm

Unfortunately, RouterOS doesn't provide any direct way how to handle this. There should be either built-in configurable anti-bruteforcer, or some on-login-failed event where you could add own script, but there's neither.

I saw some scripts (use search and you should find something) that handle it by parsing logs and look for failed login attempts. It's bad and even worse when you realize that required info (source address and info that login failed) is split between two lines with nothing directly linking them together (there can be several lines in between). Another approach is firewall-based, that looks for too many new connections from same address. It's even worse, because it works with all connections, including those that log in successfully.

Who is online

Users browsing this forum: Ahrefs [Bot], Amazon [Bot], Bing [Bot], Energizer, Google [Bot], johnson73, sgiglio, straightslant and 94 guests