MikroTik

Hello,
I simply can't access FTP or SSH on my RB333.
The services are running and ok.

I found a post under Firewall > Address List : black list | [my internal ip]
If i remove this Address List post, it just pops back again.

Any ideas how to fix this?
Everything worked fine for a week ago.

Edit:
I just tested to login via FTP from my girlfriends computer and that worked just fine.
My ip must have gotten blacklisted somehow..

I know i tested the Bruteforce script a while ago. But it didnt work so i removed it, well i think i did ;P

Any ideas, please?

Greetings!

You might want to check your firewall filter and see if there is an entry there that might put your IP in that list also.

Well i have these rules:
13 ;;; dos atack block
chain=input action=tarpit src-address-list=black list protocol=tcp connection-limit=3,32

14 ;;; dos atack block
chain=input action=add-src-to-address-list address-list=black list address-list-timeout=1d
protocol=tcp connection-limit=10,32

Im pretty sure they have been there from start (i got a pre installed rb333).

Problem is, i can't find the "list" so that i can "un ban" my ip :S

I think these rules are blocking you. The second rule is putting you in the address-list after the 9th connection, and the first rule puts you in the "tarpit" once your IP is in the list after 2 more connections. This is probably why your girfriend's computer is not in the list YET!

Is there a rule before these that lets your IP through without this check? If not, try this:
/ip firewall filter add chain=input src-address=xxx.xxx.xxx.xxx/yy action=accept place-before=0
src-address should be your IP/subnet. That will let all the computers on your net into this box without the DoS check.

If you use Winbox, this should be the first rule.

EDIT: Whoa!! Did I see you can get into this box from your girlfriend's computer? If the correct rules have been entered in the firewall filter in the proper order, (add: if her computer is on the public interface, not localnet) she should not be able to log in from there at all! All you should be able to do from there is ping (ICMP).

Take a look at the docs under Firewall Filter. There are two examples at the bottom of that page. Insure the "Protect your RouterOS router" rules are the first rules in your filter. Add the rule I gave you above first, so you don't lock yourself out! It means:
"I'm the boss! Let me in!"

If you have had this box exposed to the internet for more than just a few minutes, check your log. I will bet there are already foreign IPs being rejected on bad user/password. Fortunately for you, most of these will be spammers looking for an open relay email server, but among them will be those with mal-intent, looking to "hack your box".