Community discussions

MikroTik App
  4. RouterOS
  5. Wireless Networking

Hacking problem?

Post Reply
 
tvecis
just joined
Topic Author
Posts: 8
Joined: Tue May 12, 2015 1:46 pm

Hacking problem?

Mon Jun 20, 2016 10:15 pm

Hi.

At the beginning I realised that someone is brute forcing my SSH and Telnet password.
Then I do this >>> http://wiki.mikrotik.com/wiki/Bruteforc ... prevention

After that

Image
But when I blocking this MAC, starts this
Image
Image
and the Internet is going down.

Is this hacking problem? If yes, What can I do against this hacker?
Top
 
User avatar
ZeroByte
Forum Guru
Forum Guru
Posts: 4047
Joined: Wed May 11, 2011 6:08 pm

Re: Hacking problem?

Mon Jun 20, 2016 10:58 pm

Don't use the MAC address because the MAC address on the WAN side will always be the ISP's router, no matter what IP address the packet contains.
Basically, you're blocking communications that go through the ISP's router, which obviously will disconnect you from the Internet.

I recommend that you just block ssh and telnet from the WAN interface entirely, and that will solve your problem.
Top
 
User avatar
BartoszP
Forum Guru
Forum Guru
Posts: 3042
Joined: Mon Jun 16, 2014 1:13 pm
Location: Poland

Re: Hacking problem?

Mon Jun 20, 2016 11:04 pm

Forget MAC :-)

Make rule to add source addresses of offending traffic to ssh port to the "blacksshlist" list and the second rule to block these addresses.
Top
 
tvecis
just joined
Topic Author
Posts: 8
Joined: Tue May 12, 2015 1:46 pm

Re: Hacking problem?

Mon Jun 20, 2016 11:07 pm

Yes you are right. I realised that this is ISP cisco router mac :)
Top
 
tvecis
just joined
Topic Author
Posts: 8
Joined: Tue May 12, 2015 1:46 pm

Re: Hacking problem?

Tue Jun 21, 2016 10:02 am

Hmm...

Image

Now Just turned off SSH&Telnet services :(
P.S.
Is this going from my ISP internet to my AP, or from the hacker's computer directly to my AP?
Top
 
User avatar
BartoszP
Forum Guru
Forum Guru
Posts: 3042
Joined: Mon Jun 16, 2014 1:13 pm
Location: Poland

Re: Hacking problem?

Tue Jun 21, 2016 10:27 am

For SSH, TELNET and FTP try this .. 4 h blocking window for attacker.
Code: Select all
/ip firewall filter
add action=add-src-to-address-list address-list=ATTACK_SSH address-list-timeout=4h chain=input comment=ATTACK_SSH dst-port=21,22,23 in-interface=ETH1-WAN protocol=tcp src-address-list=!MYPRECIOUSIPS
add action=drop chain=input comment="DROP ATTACK_SSH" in-interface=ETH1-WAN src-address-list=ATTACK_SSH
Same for DNS DDOS - block all WAN side traffic to DNS server:
Code: Select all
/ip firewall filter
add action=add-src-to-address-list address-list=DDOS_DNS address-list-timeout=4h chain=input comment=DDOS_DNS dst-port=53 in-interface=ETH1-WAN protocol=udp
add action=drop chain=input comment="DROP DNS DDOS" in-interface=ETH1-WAN src-address-list=DDOS_DNS
Do not forget to accept traffic from your own address if you want to connect via 21,22,23 ports from WAN side ... just put them into MYPRECIOUSIPS address list.
Code: Select all
/ip firewall address-list
add address=x.x.x.x  comment=HomeSweetHome list=MYPRECIOUSIPS
add address=y.y.y.y comment=OfficeSweetOffice list=MYPRECIOUSIPS
Top
 
tvecis
just joined
Topic Author
Posts: 8
Joined: Tue May 12, 2015 1:46 pm

Re: Hacking problem?

Tue Jun 21, 2016 11:54 am

Thanks! Added this rules. Hope this helps  :)
Top
Post Reply
  4. RouterOS
  5. Wireless Networking