Hi there
First I would like to say that I am VERY new to RouterOS so my question may look silly to more advanced people.
I recently noticed that someone is trying to log in to my router trying to find user - normal dictionary atack - every 4 seconds new username is send.
I put rule on firewall to drop that ip atack comes from, but atacker changed his ip and atack still goes on.
Since ip adress is from china my local ISP told me that there is no point in reporting this to police etc.
Is there any way to set rule that after 2 or 3 failed logins ip goes blacklisted and is droped/rejected ? Is there any other better way ?
Regards
M.
Re: drop ip when authorization fails - probably newbie question
1. change the port of SSH in RouterOS (if the hacker is using SSH to login)
2. allow access ONLY from a local known network with the firewall
3. always use non-default username for the admin
you can also do fancy stuff like temporarily blocking the guy, if you want, but if he changes the IP, no use to do it:
http://wiki.mikrotik.com/wiki/Bruteforc ... prevention
2. allow access ONLY from a local known network with the firewall
3. always use non-default username for the admin
you can also do fancy stuff like temporarily blocking the guy, if you want, but if he changes the IP, no use to do it:
http://wiki.mikrotik.com/wiki/Bruteforc ... prevention