Have a good day. Please help. I discovered that since recently they have been trying to pick up a password from vpn from early addresses. I have vpn l2tp ipsec configured.
In the logs I see this: 12:18:57 ipsec,info respond new phase 1 (Identity Protection): xxx.xxx.xxx.xxx[500]<=>65.49.20.112[56668]
12:18:57 ipsec,error 65.49.20.xxx failed to get valid proposal.
12:18:57 ipsec,error 65.49.20.xxx failed to pre-process ph1 packet (side: 1, status 1).
12:18:57 ipsec, error 65.49.20.xxx phase1 negotiation failed
and the like.
I thought to make a script and rules for the firewall. if there is such an attempt, it will send the ip to the blacklist for an hour, if the second attempt, then for 72 hours. if after 72 hours it repeats, then send it to a permanent blacklist. But I'm not good at writing scripts for Mikrotik (new user). Please help me with this. thanks.