hi sir
when i open log to see how user can log or not
i see string events
i will upload this image
best regards ..
string log events
You do not have the required permissions to view the files attached to this post.
Re: string log events
Change the "admin" address list below to contain all networks that you want to have SSH, FTP, and winbox access before applying the configuration change, the below allows all private IPs (which probably isn't what you want, but at least won't badly break things):
That's just a stop gap measure. Read the below links until you fully understand them and then secure your router.
http://wiki.mikrotik.com/wiki/Manual:IP/Firewall/Filter
http://wiki.mikrotik.com/wiki/Securing_ ... rOs_Router
http://wiki.mikrotik.com/wiki/Securing_your_router
Code: Select all
/ip firewall address-list
add list=admin address=10.0.0.0/8
add list=admin address=172.16.0.0/12
add list=admin address=192.168.0.0/16
/ip firewall filter
add place-before=0 chain=input protocol=tcp dst-port=21,22,8291 src-address-list=!admin action=drophttp://wiki.mikrotik.com/wiki/Manual:IP/Firewall/Filter
http://wiki.mikrotik.com/wiki/Securing_ ... rOs_Router
http://wiki.mikrotik.com/wiki/Securing_your_router
Re: string log events
sir i don't log in this time
i think this is hacker
i am not trying to log anyway
when i try to login no problem
this is not me
i think this is hacker
i am not trying to log anyway
when i try to login no problem
this is not me
Re: string log events
ip firewall address-list
add list=admin address=10.0.0.0/8
add list=admin address=172.16.0.0/12
add list=admin address=192.168.0.0/16
this is ok
but this is no
[admin@MikroTik] ip firewall filter> add place-before=0 chain=input protocol=tcp dst-port=21,22,8291 src-address
-list=!admin action=drop
item number must be assigned by a print command
use print command before using an item number in a command
[admin@MikroTik] ip firewall filter>
add list=admin address=10.0.0.0/8
add list=admin address=172.16.0.0/12
add list=admin address=192.168.0.0/16
this is ok
but this is no
[admin@MikroTik] ip firewall filter> add place-before=0 chain=input protocol=tcp dst-port=21,22,8291 src-address
-list=!admin action=drop
item number must be assigned by a print command
use print command before using an item number in a command
[admin@MikroTik] ip firewall filter>
Re: string log events
Then do what it asks.
Code: Select all
/ip firewall filter
print
add place-before=0 chain=input protocol=tcp dst-port=21,22,8291 src-address-list=!admin action=dropRe: string log events
[admin@MikroTik] > /ip firewall filter
[admin@MikroTik] ip firewall filter> print
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; Drop Invalid connections
chain=input connection-state=invalid action=drop
1 ;;; Allow Established connections
chain=input connection-state=established action=accept
2 ;;; Allow ICMP
chain=input protocol=icmp action=accept
3 ;;; Drop everything else
chain=input action=drop
4 ;;; Accept established connections
chain=input connection-state=established action=accept
5 ;;; Accept related connections
chain=input connection-state=related action=accept
6 ;;; Drop invalid connections
chain=input connection-state=invalid action=drop
7 ;;; UDP
chain=input protocol=udp action=accept
8 ;;; Allow limited pings
chain=input protocol=icmp limit=50/5s,2 action=accept
9 ;;; Drop excess pings
chain=input protocol=icmp action=drop
10 ;;; SSH for secure shell
chain=input protocol=tcp dst-port=22 action=accept
11 ;;; winbox
chain=input protocol=tcp dst-port=8291 action=accept
12 ;;; From Mikrotikls network
chain=input src-address=159.148.172.192/28 action=accept
13 ;;; From our private LAN
chain=input src-address=10.0.0.0/8 action=accept
14 ;;; Log everything else
chain=input action=log log-prefix="DROP INPUT"
15 ;;; Drop everything else
chain=input action=drop
16 chain=forward src-address=0.0.0.0/8 action=drop
17 chain=forward dst-address=0.0.0.0/8 action=drop
18 chain=forward src-address=127.0.0.0/8 action=drop
19 chain=forward dst-address=127.0.0.0/8 action=drop
20 chain=forward src-address=224.0.0.0/3 action=drop
21 chain=forward dst-address=224.0.0.0/3 action=drop
22 chain=forward protocol=tcp action=jump jump-target=tcp
23 chain=forward protocol=udp action=jump jump-target=udp
24 chain=forward protocol=icmp action=jump jump-target=icmp
[admin@MikroTik] ip firewall filter> add place-before=0 chain=input protocol=tcp dst-port=21,22,8291 src-address
-list=!admin action=drop
invalid value 21,22,8291 for min, an integer required
[admin@MikroTik] ip firewall filter>
[admin@MikroTik] ip firewall filter> print
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; Drop Invalid connections
chain=input connection-state=invalid action=drop
1 ;;; Allow Established connections
chain=input connection-state=established action=accept
2 ;;; Allow ICMP
chain=input protocol=icmp action=accept
3 ;;; Drop everything else
chain=input action=drop
4 ;;; Accept established connections
chain=input connection-state=established action=accept
5 ;;; Accept related connections
chain=input connection-state=related action=accept
6 ;;; Drop invalid connections
chain=input connection-state=invalid action=drop
7 ;;; UDP
chain=input protocol=udp action=accept
8 ;;; Allow limited pings
chain=input protocol=icmp limit=50/5s,2 action=accept
9 ;;; Drop excess pings
chain=input protocol=icmp action=drop
10 ;;; SSH for secure shell
chain=input protocol=tcp dst-port=22 action=accept
11 ;;; winbox
chain=input protocol=tcp dst-port=8291 action=accept
12 ;;; From Mikrotikls network
chain=input src-address=159.148.172.192/28 action=accept
13 ;;; From our private LAN
chain=input src-address=10.0.0.0/8 action=accept
14 ;;; Log everything else
chain=input action=log log-prefix="DROP INPUT"
15 ;;; Drop everything else
chain=input action=drop
16 chain=forward src-address=0.0.0.0/8 action=drop
17 chain=forward dst-address=0.0.0.0/8 action=drop
18 chain=forward src-address=127.0.0.0/8 action=drop
19 chain=forward dst-address=127.0.0.0/8 action=drop
20 chain=forward src-address=224.0.0.0/3 action=drop
21 chain=forward dst-address=224.0.0.0/3 action=drop
22 chain=forward protocol=tcp action=jump jump-target=tcp
23 chain=forward protocol=udp action=jump jump-target=udp
24 chain=forward protocol=icmp action=jump jump-target=icmp
[admin@MikroTik] ip firewall filter> add place-before=0 chain=input protocol=tcp dst-port=21,22,8291 src-address
-list=!admin action=drop
invalid value 21,22,8291 for min, an integer required
[admin@MikroTik] ip firewall filter>
Re: string log events
What version are you running? Post the output of "/system resource print". Please start wrapping output in
Code: Select all
tags.
By the way, according to rule #3 it's absolutely impossible you got those logs you were showing a screenshot of, and impossible for you to be in the router at all via anything but a serial console or MAC telnet or MAC winbox. Something here isn't adding up at all.