Mon Mar 13, 2023 6:38 am
Periodically, I encounter login failure messages for various users attempting to access my Mikrotik devices (router and access points) via ssh, ftp, and telnet. I have configured logging of these ports and can see connection details from hosts on the local network. Brute-force attacks seem to come from different Windows hosts every time, sometimes even at night when no one is present. I have scanned the last two hosts with multiple antivirus tools, but nothing dangerous was found. Could the malicious code be using address spoofing? How can I identify any potential malware?