Community discussions

MikroTik App
  4. RouterOS
  5. General

Can I allow only specific IPs to login via telnet?

Post Reply
 
ABMT
just joined
Topic Author
Posts: 10
Joined: Wed Sep 21, 2016 1:37 am
Location: Poland

Can I allow only specific IPs to login via telnet?

Thu Dec 01, 2016 11:05 pm

Hello.
Someone from several days trying to break into my router via telnet, he tried more than 300,000 times and he still tries. He tries to break into from more than twenty IPs. I use telnet sometimes so I don't want to turn it off. Is it possible to allow only specific IPs to login?
Top
 
User avatar
rcourtney
Frequent Visitor
Frequent Visitor
Posts: 61
Joined: Wed May 22, 2013 10:55 pm

Re: Can I allow only specific IPs to login via telnet?

Fri Dec 02, 2016 6:23 am

Port knocking
mum.mikrotik.com/presentations/US10/discher.pdf
Top
 
Kindis
Member
Member
Posts: 441
Joined: Tue Nov 01, 2011 6:54 pm
Location: Sweden

Re: Can I allow only specific IPs to login via telnet?

Fri Dec 02, 2016 10:15 am

Hello.
Someone from several days trying to break into my router via telnet, he tried more than 300,000 times and he still tries. He tries to break into from more than twenty IPs. I use telnet sometimes so I don't want to turn it off. Is it possible to allow only specific IPs to login?
Just add the IP that you only want to allow in ip/services
http://wiki.mikrotik.com/wiki/Manual:IP/Services

But as mentioned above have a look at port knock. It's a g8 solution.
Top
 
ABMT
just joined
Topic Author
Posts: 10
Joined: Wed Sep 21, 2016 1:37 am
Location: Poland

Re: Can I allow only specific IPs to login via telnet?

Fri Dec 02, 2016 5:27 pm

Huge thanks. I have set allowed IPs in ip/services. I also have set a blockade in ip/firewall/filter, it looks like this:
Code: Select all
/ip firewall filter
add action=drop chain=input comment="drop telnet brute forcers" dst-port=23 protocol=tcp src-address-list=telnet_blacklist
add action=add-src-to-address-list address-list=telnet_blacklist address-list-timeout=1w3d chain=input connection-state=new dst-port=23 protocol=tcp src-address-list=telnet_stage3
add action=add-src-to-address-list address-list=telnet_stage3 address-list-timeout=1m chain=input connection-state=new dst-port=23 protocol=tcp src-address-list=telnet_stage2
add action=add-src-to-address-list address-list=telnet_stage2 address-list-timeout=1m chain=input connection-state=new dst-port=23 protocol=tcp src-address-list=telnet_stage1
add action=add-src-to-address-list address-list=telnet_stage1 address-list-timeout=1m chain=input connection-state=new dst-port=23 protocol=tcp
Top
 
R1CH
Forum Guru
Forum Guru
Posts: 1108
Joined: Sun Oct 01, 2006 11:44 pm

Re: Can I allow only specific IPs to login via telnet?

Fri Dec 02, 2016 5:44 pm

Why do you even have telnet open? It's an old and insecure protocol, you should only be using SSH.
Top
 
mpreissner
Member
Member
Posts: 357
Joined: Tue Mar 11, 2014 11:16 pm
Location: Columbia, MD

Re: Can I allow only specific IPs to login via telnet?

Fri Dec 02, 2016 7:47 pm

Why do you even have telnet open? It's an old and insecure protocol, you should only be using SSH.
This. Stop using unsecure protocols!
Top
Post Reply
  4. RouterOS
  5. General