Community discussions

MikroTik App
  4. RouterOS
  5. Beginner Basics

Login failure on log

Locked
 
dragonauta
newbie
Topic Author
Posts: 28
Joined: Thu Feb 02, 2017 12:50 am

Login failure on log

Tue Aug 15, 2017 7:27 pm

Hi, I have a RB2011UiAS-2HnD firmware version 3.33 (I have an upgrade planned for next week)
Recently I started to see several login failures on logs
All attempts are from outside (not my lan 10.0.0.0/24):
Code: Select all
login failure for user root from 125.212.226.227 via ssh
login failure for user root from 125.212.226.227 via telnet
Weird thing is that I have no open ports, except a port forward (non standard) to a host inside my lan.
So - if someone tries to login on this open port- it should be registered on my host, not my router.

nmap -sT -P0 says:
Code: Select all
Nmap scan report for aaa.bbb.ccc.ddd
Host is up (0.036s latency).
PORT  STATE    SERVICE
0/tcp filtered unknown

Nmap done: 1 IP address (1 host up) scanned in 0.72 seconds
I tried to ssh from a remote location, but just times out. There's no open port.
Why are these messages logged?
Top
 
pe1chl
Forum Guru
Forum Guru
Posts: 10529
Joined: Mon Jun 08, 2015 12:09 pm

Re: Login failure on log

Tue Aug 15, 2017 7:43 pm

Firmware version is not that important (it is like BIOS version).
What matters more is RouterOS version.
Please show a "/ip firewall export"
Top
 
dragonauta
newbie
Topic Author
Posts: 28
Joined: Thu Feb 02, 2017 12:50 am

Re: Login failure on log

Tue Aug 15, 2017 9:34 pm

Thanks pe1chl, RouterOS is 6.38.1.
Code: Select all
[admin@DL0] > /ip firewall export
# aug/15/2017 15:21:08 by RouterOS 6.38.1
# software id = ****-****
#
/ip firewall filter
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept established,related" connection-state=established,related
add action=drop chain=input comment="defconf: drop all from WAN" in-interface=ether1-wan1
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related" connection-state=established,related
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf:  drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface=ether1-wan1
add action=drop chain=forward dst-address=192.168.10.0/24 src-address=10.0.0.0/24
add action=drop chain=forward dst-address=10.0.0.0/24 src-address=192.168.10.0/24
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" out-interface=ether1-wan1
add action=masquerade chain=srcnat out-interface=ether2-wan2
add action=masquerade chain=srcnat out-interface=ether3-wan3
add action=masquerade chain=srcnat src-address=192.168.10.0/24
add action=dst-nat chain=dstnat dst-port=25389 protocol=tcp to-addresses=10.0.0.25 to-ports=3389
I have planned three ISP as failover (ether1-wan1, ether2-wan2 and ether3-wan3) but actually I have only 2 right now (ether3-wan3 have no cable plugged)

Looking at the output I realize that I never drop incomming from ether2-wan2... could be the reason?
Top
 
darkprocess
Member Candidate
Member Candidate
Posts: 249
Joined: Fri Mar 20, 2015 1:16 pm

Re: Login failure on log

Tue Aug 15, 2017 9:46 pm

Drop for ether2-wan2 is missing
Top
 
dragonauta
newbie
Topic Author
Posts: 28
Joined: Thu Feb 02, 2017 12:50 am

Re: Login failure on log

Tue Aug 15, 2017 10:04 pm

Done!
Code: Select all
[admin@DL0] > /ip firewall export
# aug/15/2017 16:00:38 by RouterOS 6.38.1
# software id = ****-****
#
/ip firewall filter
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept established,related" connection-state=established,related
add action=drop chain=input comment="defconf: drop all from WAN" in-interface=ether1-wan1
add action=drop chain=input comment="drop all from WAN2" in-interface=ether2-wan2
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related" connection-state=established,related
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf:  drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface=ether1-wan1
add action=drop chain=forward comment="drop all from WAN2not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface=ether2-wan2
add action=drop chain=forward dst-address=192.168.10.0/24 src-address=10.0.0.0/24
add action=drop chain=forward dst-address=10.0.0.0/24 src-address=192.168.10.0/24

/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" out-interface=ether1-wan1
add action=masquerade chain=srcnat out-interface=ether2-wan2
add action=masquerade chain=srcnat out-interface=ether3-wan3
add action=masquerade chain=srcnat src-address=192.168.10.0/24
add action=dst-nat chain=dstnat dst-port=25389 protocol=tcp to-addresses=10.0.0.25 to-ports=3389
Top
Locked

Who is online

Users browsing this forum: whuupwhuup and 32 guests
  4. RouterOS
  5. Beginner Basics