One of the node owners on our wan has noticed some oddities recently. While logged in on a teminal to a 532 he saw these commands appearing. It seems that someone was logged in with him and was trying something.
VnV4
VoV4
VpV4
VqV4
What I would like to know is if RouterOS has a root account, or has it been disabled? Anyone know?
Dave_W
All RouterOS accounts are listed in 'user print', there are not any other hidden users.
If you did provide login/password to any person and using strong security password, it is very hard to get access to your router.
To set more secure protection use firewall to drop all packets, that are not from your authorized IP addresses.
If you did provide login/password to any person and using strong security password, it is very hard to get access to your router.
To set more secure protection use firewall to drop all packets, that are not from your authorized IP addresses.
In my opinion best practice is to go to ip/services and totally DISABLE all services except FTP and SSH, and then restrict those by IP address. If you have more than one subnet that needs to have access, then use rules in the ip/firewall to filter access.
Any router I've forgotten to do this on, within a few days, will have hundreds of thousands of ftp/ssh login attempts!
Also remember to use strong passwords!
Any router I've forgotten to do this on, within a few days, will have hundreds of thousands of ftp/ssh login attempts!
Also remember to use strong passwords!