I guess one better would be to ban anyone that touches that port, but I have a feeling that my solution is "good enough". I don't just block them from port 22 when they get banned, but from the entire network at the edges.
----- Mike Hammett Intelligent Computing Solutions http://www.ics-il.com ----- Original Message ----- From: "Vlad Sedov via Af" <[email protected]> To: [email protected] Sent: Wednesday, December 10, 2014 9:57:19 AM Subject: Re: [AFMUG] Mikrotik brute force securing the input chain should be one of the first things you do when configuring a router.. we usually don't allow input traffic at all, except from our management subnets. the API can be handy when interfacing with a billing system or something similar.. though shell commands work too. vlad On 12/10/2014 9:47 AM, Sterling Jacobson via Af wrote: Butch Evans has a nice inexpensive script for Mikrotik that takes care of this nicely. Why even let it through the input chain is my thought. From: Af [ mailto:[email protected] ] On Behalf Of Ty Featherling via Af Sent: Wednesday, December 10, 2014 7:30 AM To: [email protected] Subject: Re: [AFMUG] Mikrotik brute force Note to self, double check all API services are OFF. -Ty On Tue, Dec 9, 2014 at 4:03 PM, Mike Hammett via Af < [email protected] > wrote: I have seen an increase in API attacks lately. ----- Mike Hammett Intelligent Computing Solutions http://www.ics-il.com From: "George Skorup (Cyber Broadcasting) via Af" < [email protected] > To: [email protected] Sent: Tuesday, December 9, 2014 3:51:18 PM Subject: [AFMUG] Mikrotik brute force Nice. WTF. http://mkbrutusproject.github.io/MKBRUTUS/ This email is free from viruses and malware because avast! Antivirus protection is active.
