Community discussions

MikroTik App
 
neoknet
just joined
Topic Author
Posts: 16
Joined: Sun May 24, 2009 9:33 pm

Brute Force Security

Thu Mar 16, 2023 7:48 pm

Using packet sniffer, I am able to see the packets where my mail server is getting beat up trying to get in. Here is a copy from packet sniffer:
--------------------------------------------------------------------------------------------------------------------------------
0000 000c 42ea ae6b 001c 23d3 9ca4 0800 ....B..k..#.....
4500 000b 0000 0000 000e 0001 0000 7369 E.............si
b540 0080 06d7 e90a 0105 fb49 6900 0000 .@.........Ii...
0000 0000 0000 0200 5f81 0019 8dca 6622 ........_.....f"
80cd 7b01 cbe4 8018 0000 000f 0000 0000 ..{.............
0003 00ff b59b 8b00 0001 0108 0a02 ef1b ................
0219 a900 0000 0000 0000 0000 0400 c576 ...............v
3533 3520 4175 7468 656e 7469 6361 0053 535 Authentica.S
050a 000e 00ca 0005 0074 696f 6e20 6661 .........tion fa
696c 6564 2e20 5265 7300 00fa 0000 0d00 iled. Res.......
0000 6074 6172 7469 6e67 2061 7574 6865 ..`tarting authe
6e74 6900 0000 000a 000e 0000 0700 6361 nti...........ca
7469 6f6e 2070 726f 6365 7373 2e0d ca00 tion process....
0000 00ce 0000 0008 000a ..........
------------------------------------------------------------------------------------------------------------------------------------------------------------------------


I have tried to add a new Mangle rule using Layer 7 with a Regexp: .535.Authenica to add the Dst address to an Address list.

However, the rule never seems to work. the Bytes and packets do not rise.

Someone help me see what I am doing wrong.

Many thanks!
James
 
404Network
Member Candidate
Member Candidate
Posts: 285
Joined: Wed Feb 16, 2022 2:04 pm

Re: Brute Force Security

Thu Mar 30, 2023 5:08 pm

Wrong forum this is useful user articles???
Try the general or beginner forums.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Brute Force Security

Thu Mar 30, 2023 5:37 pm

Someone help me see what I am doing wrong.
1) You choose wrong forum,
2) You can not see inside connections, layer 7 on not-crypted connection can "see" only first bytes/packet and can not analyze successive request/reply

Who is online

Users browsing this forum: No registered users and 31 guests