I first followed some advice and set up a knock knock rule to give me access to my router from a remote location, so as a proof of concept I wanted to be notified if someone were to somehow figure out the knock knock rule and gain access to my device. My knock knock rule is just 3 ports that when access in succession remotely will give you 15 seconds to SSH into the device, from there you need to go into the address list table and add your IP address to the SAFE list; once on the SAFE list you will have full access to my device.
If anyone is interested here is my Windows telnet batch file which knocks on my router to gain access:
telnet myip 1
telnet myip 2
telnet myip 3
ssh myip
Note that I downloaded putty and renamed it to ssh then placed in my system32 folder, then I downloaded the telnet client and placed that there as well. You could also place elsewhere and add environment variables to point to their location, but this way was easy enough.
Now for my RouterOS script:
#Set currSAFEcount to number of IPs in SAFE list
:local currSAFEcount [/ip firewall address-list print count-only where list=SAFE]
:global SAFEcount
#Compare old number of IPs to current in SAFE list
:if ($SAFEcount != $currSAFEcount) do={
:local A
:foreach address in=[/ip firewall address-list find list=SAFE] do={
:set A ($A, [/ip firewall address-list get $address address])
}
:local C
:foreach B in=[$A] do={:set C "$C
$B"}
/tool e-mail send to="email@gmail.com" subject="NEW ADDRESS ADDED TO SAFE LIST" body="$C" tls=yes
:set SAFEcount $currSAFEcount
}
I have this set to run every 5 seconds and I don't see any sort of physical slowdown (I could be wrong though I just haven't noticed anything awry). You need to set up an email client for this to work. If you have a better way to do this or any comments please let me know. I love my little RB751.
