During a full flash of the router and finally getting some better result.. i found out in the winbox terminal lot and lot of Internet hacker or bot trying to access to the router.
Code: Select all
17:37:33 echo: system,error,critical login failure for user user from 165.22.122.201 via
ssh
[admin@RouterOS] /ip firewall filter>
17:37:34 echo: system,error,critical login failure for user fliruser from 165.22.122.201
via ssh
[admin@RouterOS] /ip firewall filter>
17:37:35 echo: system,error,critical login failure for user root from 165.22.122.201 via
ssh
[admin@RouterOS] /ip firewall filter>
17:47:01 echo: system,error,critical login failure for user DUP admin from 165.22.5.131
via ssh
17:47:01 echo: system,error,critical login failure for user DUP admin from 165.22.5.131
via ssh
[admin@RouterOS] /ip firewall filter>
17:47:51 echo: system,error,critical login failure for user DUP admin from 165.22.122.20
1 via ssh
[admin@RouterOS] /ip firewall filter>
17:47:51 echo: system,error,critical login failure for user DUP admin from 165.22.122.20
1 via ssh
[admin@RoutActually i'm running the default when full restart is made.
Code: Select all
/ip firewall filter
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=accept chain=input comment=Voip disabled=yes dst-port=5060-5061 protocol=\
tcp
add action=accept chain=input dst-port=1194 protocol=tcp comment="OpenVPN"
add action=accept chain=input dst-port=1195-1200 protocol=tcp comment="doing nothing no effect softvPN"
add action=accept chain=forward comment="allow dst-nat connections from WAN" \
connection-nat-state=dstnat connection-state=new in-interface-list=WAN
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" \
connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
*funny they don't try to log with : admin. as i never set any password.
