Re: [WISPA] Brute Force Attack on Mikrotik Gateway
On Fri, Oct 01, 2010 at 04:00:05PM -0700, Tom Sharples wrote: I've often wondered, is it legal for the receipient of this sort of thing, to retailiate with e.g. ping or curl storms? No. Flat no. And most of the time, your retaliation would be against some poor schmuck who simply hasn't kept up to date on their software updates. Does someone's grandmother's computer deserve to be beaten up? It may be satisfying to to think about, but don't go there. -- Scott LambertKC5MLE Unix SysAdmin lamb...@lambertfam.org WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Brute Force Attack on Mikrotik Gateway
Most of the attacks we've seen have been from Chinese and eastern European IPs. I suppose it could be a Chinese or Russian grandma tho :-) - Original Message - From: Scott Lambert lamb...@lambertfam.org To: WISPA General List wireless@wispa.org Sent: Friday, October 01, 2010 11:43 PM Subject: Re: [WISPA] Brute Force Attack on Mikrotik Gateway On Fri, Oct 01, 2010 at 04:00:05PM -0700, Tom Sharples wrote: I've often wondered, is it legal for the receipient of this sort of thing, to retailiate with e.g. ping or curl storms? No. Flat no. And most of the time, your retaliation would be against some poor schmuck who simply hasn't kept up to date on their software updates. Does someone's grandmother's computer deserve to be beaten up? It may be satisfying to to think about, but don't go there. -- Scott LambertKC5MLE Unix SysAdmin lamb...@lambertfam.org WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Brute Force Attack on Mikrotik Gateway
Checked the logs this morning and guess who was back at it Was trying to do a brute force attack from yet another IP but that script from Butch swatted him like a fly. Worked like a charm! Thanks to both you and Butch, he be gone. Bob- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Josh Luthman Sent: Friday, October 01, 2010 10:38 PM To: WISPA General List Subject: Re: [WISPA] Brute Force Attack on Mikrotik Gateway Compliments of Butch Evans /ip firewal filt add action=accept chain=forward comment=drop ssh brute forcers disabled=\ no dst-port=22 protocol=tcp src-address-list=ssh_blacklist add action=add-src-to-address-list address-list=ssh_blacklist \ address-list-timeout=1w3d chain=forward comment= connection-state=new \ disabled=no dst-port=22 protocol=tcp src-address-list=ssh_stage3 add action=add-src-to-address-list address-list=ssh_stage3 \ address-list-timeout=1m chain=forward comment= connection-state=new \ disabled=no dst-port=22 protocol=tcp src-address-list=ssh_stage2 add action=add-src-to-address-list address-list=ssh_stage2 \ address-list-timeout=1m chain=forward comment= connection-state=new \ disabled=no dst-port=22 protocol=tcp src-address-list=ssh_stage1 add action=add-src-to-address-list address-list=ssh_stage1 \ address-list-timeout=1m chain=forward comment= connection-state=new \ disabled=no dst-port=22 protocol=tcp src-address-list=!heavysshservers Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Fri, Oct 1, 2010 at 10:28 PM, Robert West robert.w...@just-micro.com wrote: Then we'll just send the pigeons over to poop on them. Easy. From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of RickG Sent: Friday, October 01, 2010 9:29 PM To: Tom Sharples; WISPA General List Subject: Re: [WISPA] Brute Force Attack on Mikrotik Gateway I like it but what if the ip is being masqueraded? On Fri, Oct 1, 2010 at 7:00 PM, Tom Sharples tsharp...@qorvus.com wrote: I've often wondered, is it legal for the receipient of this sort of thing, to retailiate with e.g. ping or curl storms? Tom S. - Original Message - From: Robert West mailto:robert.w...@just-micro.com To: 'WISPA mailto:wireless@wispa.org General List' Sent: Friday, October 01, 2010 2:57 PM Subject: [WISPA] Brute Force Attack on Mikrotik Gateway Just had to deal with a brute force attack on a MT router acting as a gateway. Came from these two IP addresses.. 59.42.10.38 61.155.5.247 Looked them up, they turn out to be pretty common for this sort of thing. Added a firewall rule to drop them and they are no longer filling my log. Some may want to do the same for these jokers. Robert West Just Micro Digital Services Inc. 740-335-7020 Logo5 _ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ image001.gif WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Brute Force Attack on Mikrotik Gateway
That script should be the MT default when one checks the protect router check box in the web UI. Greg On Oct 2, 2010, at 8:33 AM, Robert West wrote: Checked the logs this morning and guess who was back at it Was trying to do a brute force attack from yet another IP but that script from Butch swatted him like a fly. Worked like a charm! Thanks to both you and Butch, he be gone. Bob- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Josh Luthman Sent: Friday, October 01, 2010 10:38 PM To: WISPA General List Subject: Re: [WISPA] Brute Force Attack on Mikrotik Gateway Compliments of Butch Evans /ip firewal filt add action=accept chain=forward comment=drop ssh brute forcers disabled=\ no dst-port=22 protocol=tcp src-address-list=ssh_blacklist add action=add-src-to-address-list address-list=ssh_blacklist \ address-list-timeout=1w3d chain=forward comment= connection-state=new \ disabled=no dst-port=22 protocol=tcp src-address-list=ssh_stage3 add action=add-src-to-address-list address-list=ssh_stage3 \ address-list-timeout=1m chain=forward comment= connection-state=new \ disabled=no dst-port=22 protocol=tcp src-address-list=ssh_stage2 add action=add-src-to-address-list address-list=ssh_stage2 \ address-list-timeout=1m chain=forward comment= connection-state=new \ disabled=no dst-port=22 protocol=tcp src-address-list=ssh_stage1 add action=add-src-to-address-list address-list=ssh_stage1 \ address-list-timeout=1m chain=forward comment= connection-state=new \ disabled=no dst-port=22 protocol=tcp src-address-list=!heavysshservers Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Fri, Oct 1, 2010 at 10:28 PM, Robert West robert.w...@just-micro.com wrote: Then we’ll just send the pigeons over to poop on them. Easy. From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of RickG Sent: Friday, October 01, 2010 9:29 PM To: Tom Sharples; WISPA General List Subject: Re: [WISPA] Brute Force Attack on Mikrotik Gateway I like it but what if the ip is being masqueraded? On Fri, Oct 1, 2010 at 7:00 PM, Tom Sharples tsharp...@qorvus.com wrote: I've often wondered, is it legal for the receipient of this sort of thing, to retailiate with e.g. ping or curl storms? Tom S. - Original Message - From: Robert West To: 'WISPA General List' Sent: Friday, October 01, 2010 2:57 PM Subject: [WISPA] Brute Force Attack on Mikrotik Gateway Just had to deal with a brute force attack on a MT router acting as a gateway. Came from these two IP addresses…. 59.42.10.38 61.155.5.247 Looked them up, they turn out to be pretty common for this sort of thing. Added a firewall rule to drop them and they are no longer filling my log. Some may want to do the same for these jokers. Robert West Just Micro Digital Services Inc. 740-335-7020 image001.gif WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless
Re: [WISPA] Brute Force Attack on Mikrotik Gateway
Where is that located in the interface? From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Greg Ihnen Sent: Saturday, October 02, 2010 9:08 AM To: WISPA General List Subject: Re: [WISPA] Brute Force Attack on Mikrotik Gateway That script should be the MT default when one checks the protect router check box in the web UI. Greg On Oct 2, 2010, at 8:33 AM, Robert West wrote: Checked the logs this morning and guess who was back at it Was trying to do a brute force attack from yet another IP but that script from Butch swatted him like a fly. Worked like a charm! Thanks to both you and Butch, he be gone. Bob- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Josh Luthman Sent: Friday, October 01, 2010 10:38 PM To: WISPA General List Subject: Re: [WISPA] Brute Force Attack on Mikrotik Gateway Compliments of Butch Evans /ip firewal filt add action=accept chain=forward comment=drop ssh brute forcers disabled=\ no dst-port=22 protocol=tcp src-address-list=ssh_blacklist add action=add-src-to-address-list address-list=ssh_blacklist \ address-list-timeout=1w3d chain=forward comment= connection-state=new \ disabled=no dst-port=22 protocol=tcp src-address-list=ssh_stage3 add action=add-src-to-address-list address-list=ssh_stage3 \ address-list-timeout=1m chain=forward comment= connection-state=new \ disabled=no dst-port=22 protocol=tcp src-address-list=ssh_stage2 add action=add-src-to-address-list address-list=ssh_stage2 \ address-list-timeout=1m chain=forward comment= connection-state=new \ disabled=no dst-port=22 protocol=tcp src-address-list=ssh_stage1 add action=add-src-to-address-list address-list=ssh_stage1 \ address-list-timeout=1m chain=forward comment= connection-state=new \ disabled=no dst-port=22 protocol=tcp src-address-list=!heavysshservers Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Fri, Oct 1, 2010 at 10:28 PM, Robert West robert.w...@just-micro.com wrote: Then we'll just send the pigeons over to poop on them. Easy. From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of RickG Sent: Friday, October 01, 2010 9:29 PM To: Tom Sharples; WISPA General List Subject: Re: [WISPA] Brute Force Attack on Mikrotik Gateway I like it but what if the ip is being masqueraded? On Fri, Oct 1, 2010 at 7:00 PM, Tom Sharples tsharp...@qorvus.com wrote: I've often wondered, is it legal for the receipient of this sort of thing, to retailiate with e.g. ping or curl storms? Tom S. - Original Message - From: Robert West mailto:robert.w...@just-micro.com To: 'WISPA General List' mailto:wireless@wispa.org Sent: Friday, October 01, 2010 2:57 PM Subject: [WISPA] Brute Force Attack on Mikrotik Gateway Just had to deal with a brute force attack on a MT router acting as a gateway. Came from these two IP addresses.. 59.42.10.38 61.155.5.247 Looked them up, they turn out to be pretty common for this sort of thing. Added a firewall rule to drop them and they are no longer filling my log. Some may want to do the same for these jokers. Robert West Just Micro Digital Services Inc. 740-335-7020 image001.gif _ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Brute Force Attack on Mikrotik Gateway
It may have been a coincidence but about an hour before they started hitting us I got a call from a subscriber on that gateway telling me she had just started getting that damn false virus program taking over her PC. Most of them I've seen redirects all internet traffic through their server, always have seen it go to Russia, and I was guessing the two may be related. Phoned home and since that network is Nat'd it would have given the IP for our router. And of course, they can always just sit and scan for active IP's all day as well. Bob- -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Tom Sharples Sent: Saturday, October 02, 2010 3:04 AM To: WISPA General List Subject: Re: [WISPA] Brute Force Attack on Mikrotik Gateway Most of the attacks we've seen have been from Chinese and eastern European IPs. I suppose it could be a Chinese or Russian grandma tho :-) - Original Message - From: Scott Lambert lamb...@lambertfam.org To: WISPA General List wireless@wispa.org Sent: Friday, October 01, 2010 11:43 PM Subject: Re: [WISPA] Brute Force Attack on Mikrotik Gateway On Fri, Oct 01, 2010 at 04:00:05PM -0700, Tom Sharples wrote: I've often wondered, is it legal for the receipient of this sort of thing, to retailiate with e.g. ping or curl storms? No. Flat no. And most of the time, your retaliation would be against some poor schmuck who simply hasn't kept up to date on their software updates. Does someone's grandmother's computer deserve to be beaten up? It may be satisfying to to think about, but don't go there. -- Scott LambertKC5MLE Unix SysAdmin lamb...@lambertfam.org WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Brute Force Attack on Mikrotik Gateway
The MT webbox causes cancer it is so terrible. On Oct 2, 2010 9:08 AM, Greg Ihnen os10ru...@gmail.com wrote: That script should be the MT default when one checks the protect router check box in the web UI. Greg On Oct 2, 2010, at 8:33 AM, Robert West wrote: Checked the logs this morning and guess who was back at it Was trying to do a brute force attack from yet another IP but that script from Butch swatted him like a fly. Worked like a charm! Thanks to both you and Butch, he be gone. Bob- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Josh Luthman Sent: Friday, October 01, 2010 10:38 PM To: WISPA General List Subject: Re: [WISPA] Brute Force Attack on Mikrotik Gateway Compliments of Butch Evans /ip firewal filt add action=accept chain=forward comment=drop ssh brute forcers disabled=\ no dst-port=22 protocol=tcp src-address-list=ssh_blacklist add action=add-src-to-address-list address-list=ssh_blacklist \ address-list-timeout=1w3d chain=forward comment= connection-state=new \ disabled=no dst-port=22 protocol=tcp src-address-list=ssh_stage3 add action=add-src-to-address-list address-list=ssh_stage3 \ address-list-timeout=1m chain=forward comment= connection-state=new \ disabled=no dst-port=22 protocol=tcp src-address-list=ssh_stage2 add action=add-src-to-address-list address-list=ssh_stage2 \ address-list-timeout=1m chain=forward comment= connection-state=new \ disabled=no dst-port=22 protocol=tcp src-address-list=ssh_stage1 add action=add-src-to-address-list address-list=ssh_stage1 \ address-list-timeout=1m chain=forward comment= connection-state=new \ disabled=no dst-port=22 protocol=tcp src-address-list=!heavysshservers Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Fri, Oct 1, 2010 at 10:28 PM, Robert West robert.w...@just-micro.com wrote: Then we’ll just send the pigeons over to poop on them. Easy. From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of RickG Sent: Friday, October 01, 2010 9:29 PM To: Tom Sharples; WISPA General List Subject: Re: [WISPA] Brute Force Attack on Mikrotik Gateway I like it but what if the ip is being masqueraded? On Fri, Oct 1, 2010 at 7:00 PM, Tom Sharples tsharp...@qorvus.com wrote: I've often wondered, is it legal for the receipient of this sort of thing, to retailiate with e.g. ping or curl storms? Tom S. - Original Message - From: Robert West To: 'WISPA General List' Sent: Friday, October 01, 2010 2:57 PM Subject: [WISPA] Brute Force Attack on Mikrotik Gateway Just had to deal with a brute force attack on a MT router acting as a gateway. Came from these two IP addresses…. 59.42.10.38 61.155.5.247 Looked them up, they turn out to be pretty common for this sort of thing. Added a firewall rule to drop them and they are no longer filling my log. Some may want to do the same for these jokers. Robert West Just Micro Digital Services Inc. 740-335-7020 image001.gif WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives:
[WISPA] Is Running Router OS inside USB Thumb Stick Reliable?
Hi, We just bought a couple HP ML 350 Servers, but Mikrotik RouterOS doesnt have the Smart Array Controller Driver. As its a new server, it dosnt have any IDE or Legacy Sata, just an internal USB Connetor. So i installed RouterOS on it and its running and i´m doing some tests. But i´m a little concerned about the usb thumb stick reliability ( kingston 4gigs). What´s your experience running Mikrotik or Quagga or any linux routing software flavor in an USB Thumb? Thanks! -- Gustavo Santos Analista de Redes -Tecnólogo em Redes de Computadores -Pós Graduando em Redes de Computadores e Telecomunicações -Cisco Certified Network Associate -Juniper Certified Internet Associate - ER -Mikrotik Certified Consultant WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Is Running Router OS inside USB Thumb Stick Reliable?
I'm using CF so it's the same thing. On Oct 2, 2010 11:33 AM, Gustavo Santos gustkil...@gmail.com wrote: Hi, We just bought a couple HP ML 350 Servers, but Mikrotik RouterOS doesnt have the Smart Array Controller Driver. As its a new server, it dosnt have any IDE or Legacy Sata, just an internal USB Connetor. So i installed RouterOS on it and its running and i´m doing some tests. But i´m a little concerned about the usb thumb stick reliability ( kingston 4gigs). What´s your experience running Mikrotik or Quagga or any linux routing software flavor in an USB Thumb? Thanks! -- Gustavo Santos Analista de Redes -Tecnólogo em Redes de Computadores -Pós Graduando em Redes de Computadores e Telecomunicações -Cisco Certified Network Associate -Juniper Certified Internet Associate - ER -Mikrotik Certified Consultant WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Brute Force Attack on Mikrotik Gateway
Ah.. I always use Winbox. Tried Webbox a few times when I had to but wasn't comfortable with it at all. From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Josh Luthman Sent: Saturday, October 02, 2010 11:18 AM To: WISPA General List Subject: Re: [WISPA] Brute Force Attack on Mikrotik Gateway The MT webbox causes cancer it is so terrible. On Oct 2, 2010 9:08 AM, Greg Ihnen os10ru...@gmail.com wrote: That script should be the MT default when one checks the protect router check box in the web UI. Greg On Oct 2, 2010, at 8:33 AM, Robert West wrote: Checked the logs this morning and guess who was back at it Was trying to do a brute force attack from yet another IP but that script from Butch swatted him like a fly. Worked like a charm! Thanks to both you and Butch, he be gone. Bob- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Josh Luthman Sent: Friday, October 01, 2010 10:38 PM To: WISPA General List Subject: Re: [WISPA] Brute Force Attack on Mikrotik Gateway Compliments of Butch Evans /ip firewal filt add action=accept chain=forward comment=drop ssh brute forcers disabled=\ no dst-port=22 protocol=tcp src-address-list=ssh_blacklist add action=add-src-to-address-list address-list=ssh_blacklist \ address-list-timeout=1w3d chain=forward comment= connection-state=new \ disabled=no dst-port=22 protocol=tcp src-address-list=ssh_stage3 add action=add-src-to-address-list address-list=ssh_stage3 \ address-list-timeout=1m chain=forward comment= connection-state=new \ disabled=no dst-port=22 protocol=tcp src-address-list=ssh_stage2 add action=add-src-to-address-list address-list=ssh_stage2 \ address-list-timeout=1m chain=forward comment= connection-state=new \ disabled=no dst-port=22 protocol=tcp src-address-list=ssh_stage1 add action=add-src-to-address-list address-list=ssh_stage1 \ address-list-timeout=1m chain=forward comment= connection-state=new \ disabled=no dst-port=22 protocol=tcp src-address-list=!heavysshservers Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Fri, Oct 1, 2010 at 10:28 PM, Robert West robert.w...@just-micro.com wrote: Then we'll just send the pigeons over to poop on them. Easy. From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of RickG Sent: Friday, October 01, 2010 9:29 PM To: Tom Sharples; WISPA General List Subject: Re: [WISPA] Brute Force Attack on Mikrotik Gateway I like it but what if the ip is being masqueraded? On Fri, Oct 1, 2010 at 7:00 PM, Tom Sharples tsharp...@qorvus.com wrote: I've often wondered, is it legal for the receipient of this sort of thing, to retailiate with e.g. ping or curl storms? Tom S. - Original Message - From: Robert West To: 'WISPA General List' Sent: Friday, October 01, 2010 2:57 PM Subject: [WISPA] Brute Force Attack on Mikrotik Gateway Just had to deal with a brute force attack on a MT router acting as a gateway. Came from these two IP addresses.. 59.42.10.38 61.155.5.247 Looked them up, they turn out to be pretty common for this sort of thing. Added a firewall rule to drop them and they are no longer filling my log. Some may want to do the same for these jokers. Robert West Just Micro Digital Services Inc. 740-335-7020 image001.gif WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives:
Re: [WISPA] Is Running Router OS inside USB Thumb Stick Reliable?
Depends on the drive. They all have a write limit but I would suppose if you arent logging to the drive or doing much else other than reading from it, it should be okay. From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Gustavo Santos Sent: Saturday, October 02, 2010 11:33 AM To: WISPA General List Subject: [WISPA] Is Running Router OS inside USB Thumb Stick Reliable? Hi, We just bought a couple HP ML 350 Servers, but Mikrotik RouterOS doesnt have the Smart Array Controller Driver. As its a new server, it dosnt have any IDE or Legacy Sata, just an internal USB Connetor. So i installed RouterOS on it and its running and i´m doing some tests. But i´m a little concerned about the usb thumb stick reliability ( kingston 4gigs). What´s your experience running Mikrotik or Quagga or any linux routing software flavor in an USB Thumb? Thanks! -- Gustavo Santos Analista de Redes -Tecnólogo em Redes de Computadores -Pós Graduando em Redes de Computadores e Telecomunicações -Cisco Certified Network Associate -Juniper Certified Internet Associate - ER -Mikrotik Certified Consultant WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Brute Force Attack on Mikrotik Gateway
It doesn't answer anything. You can't configure anything. It screws up what you have set. Hate it. I would like to see an html copy of winbox, but that's a dream. On Oct 2, 2010 12:33 PM, Robert West robert.w...@just-micro.com wrote: Ah.. I always use Winbox. Tried Webbox a few times when I had to but wasn't comfortable with it at all. From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Josh Luthman Sent: Saturday, October 02, 2010 11:18 AM To: WISPA General List Subject: Re: [WISPA] Brute Force Attack on Mikrotik Gateway The MT webbox causes cancer it is so terrible. On Oct 2, 2010 9:08 AM, Greg Ihnen os10ru...@gmail.com wrote: That script should be the MT default when one checks the protect router check box in the web UI. Greg On Oct 2, 2010, at 8:33 AM, Robert West wrote: Checked the logs this morning and guess who was back at it Was trying to do a brute force attack from yet another IP but that script from Butch swatted him like a fly. Worked like a charm! Thanks to both you and Butch, he be gone. Bob- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Josh Luthman Sent: Friday, October 01, 2010 10:38 PM To: WISPA General List Subject: Re: [WISPA] Brute Force Attack on Mikrotik Gateway Compliments of Butch Evans /ip firewal filt add action=accept chain=forward comment=drop ssh brute forcers disabled=\ no dst-port=22 protocol=tcp src-address-list=ssh_blacklist add action=add-src-to-address-list address-list=ssh_blacklist \ address-list-timeout=1w3d chain=forward comment= connection-state=new \ disabled=no dst-port=22 protocol=tcp src-address-list=ssh_stage3 add action=add-src-to-address-list address-list=ssh_stage3 \ address-list-timeout=1m chain=forward comment= connection-state=new \ disabled=no dst-port=22 protocol=tcp src-address-list=ssh_stage2 add action=add-src-to-address-list address-list=ssh_stage2 \ address-list-timeout=1m chain=forward comment= connection-state=new \ disabled=no dst-port=22 protocol=tcp src-address-list=ssh_stage1 add action=add-src-to-address-list address-list=ssh_stage1 \ address-list-timeout=1m chain=forward comment= connection-state=new \ disabled=no dst-port=22 protocol=tcp src-address-list=!heavysshservers Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Fri, Oct 1, 2010 at 10:28 PM, Robert West robert.w...@just-micro.com wrote: Then we'll just send the pigeons over to poop on them. Easy. From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of RickG Sent: Friday, October 01, 2010 9:29 PM To: Tom Sharples; WISPA General List Subject: Re: [WISPA] Brute Force Attack on Mikrotik Gateway I like it but what if the ip is being masqueraded? On Fri, Oct 1, 2010 at 7:00 PM, Tom Sharples tsharp...@qorvus.com wrote: I've often wondered, is it legal for the receipient of this sort of thing, to retailiate with e.g. ping or curl storms? Tom S. - Original Message - From: Robert West To: 'WISPA General List' Sent: Friday, October 01, 2010 2:57 PM Subject: [WISPA] Brute Force Attack on Mikrotik Gateway Just had to deal with a brute force attack on a MT router acting as a gateway. Came from these two IP addresses.. 59.42.10.38 61.155.5.247 Looked them up, they turn out to be pretty common for this sort of thing. Added a firewall rule to drop them and they are no longer filling my log. Some may want to do the same for these jokers. Robert West Just Micro Digital Services Inc. 740-335-7020 image001.gif WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/
Re: [WISPA] Is Running Router OS inside USB Thumb Stick Reliable?
All logging is redirected to a syslog server, no /tool graphing enabled. Só the only write operation is when we change some settings.. ( add queues, bgp peers, route filters). Thanks! 2010/10/2 Robert West robert.w...@just-micro.com Depends on the drive. They all have a write limit but I would suppose if you aren’t logging to the drive or doing much else other than reading from it, it “should” be okay. *From:* wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] *On Behalf Of *Gustavo Santos *Sent:* Saturday, October 02, 2010 11:33 AM *To:* WISPA General List *Subject:* [WISPA] Is Running Router OS inside USB Thumb Stick Reliable? Hi, We just bought a couple HP ML 350 Servers, but Mikrotik RouterOS doesnt have the Smart Array Controller Driver. As its a new server, it dosnt have any IDE or Legacy Sata, just an internal USB Connetor. So i installed RouterOS on it and its running and i´m doing some tests. But i´m a little concerned about the usb thumb stick reliability ( kingston 4gigs). What´s your experience running Mikrotik or Quagga or any linux routing software flavor in an USB Thumb? Thanks! -- Gustavo Santos Analista de Redes -Tecnólogo em Redes de Computadores -Pós Graduando em Redes de Computadores e Telecomunicações -Cisco Certified Network Associate -Juniper Certified Internet Associate - ER -Mikrotik Certified Consultant WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ -- Gustavo Santos Analista de Redes -Tecnólogo em Redes de Computadores -Pós Graduando em Redes de Computadores e Telecomunicações -Cisco Certified Network Associate -Juniper Certified Internet Associate - ER -Mikrotik Certified Consultant WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Is Running Router OS inside USB Thumb Stick Reliable?
I have a box that has been running off a PNY usb drive for two years. Basic logging and interface graphing is enabled. On Oct 2, 2010 10:33 AM, Gustavo Santos gustkil...@gmail.com wrote: Hi, We just bought a couple HP ML 350 Servers, but Mikrotik RouterOS doesnt have the Smart Array Controller Driver. As its a new server, it dosnt have any IDE or Legacy Sata, just an internal USB Connetor. So i installed RouterOS on it and its running and i´m doing some tests. But i´m a little concerned about the usb thumb stick reliability ( kingston 4gigs). What´s your experience running Mikrotik or Quagga or any linux routing software flavor in an USB Thumb? Thanks! -- Gustavo Santos Analista de Redes -Tecnólogo em Redes de Computadores -Pós Graduando em Redes de Computadores e Telecomunicações -Cisco Certified Network Associate -Juniper Certified Internet Associate - ER -Mikrotik Certified Consultant WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Brute Force Attack on Mikrotik Gateway
The new web admin in 5.0 looks like a web clone of winbox. On Oct 2, 2010 11:57 AM, Josh Luthman j...@imaginenetworksllc.com wrote: It doesn't answer anything. You can't configure anything. It screws up what you have set. Hate it. I would like to see an html copy of winbox, but that's a dream. On Oct 2, 2010 12:33 PM, Robert West robert.w...@just-micro.com wrote: Ah.. I always use Win... WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Brute Force Attack on Mikrotik Gateway
Or Java would be nice. But really anything that is cross platform would be good. Then I wouldn't have to run Parallels or Fusion all day. Greg On Oct 2, 2010, at 12:27 PM, Josh Luthman wrote: It doesn't answer anything. You can't configure anything. It screws up what you have set. Hate it. I would like to see an html copy of winbox, but that's a dream. On Oct 2, 2010 12:33 PM, Robert West robert.w...@just-micro.com wrote: Ah.. I always use Winbox. Tried Webbox a few times when I had to but wasn't comfortable with it at all. From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Josh Luthman Sent: Saturday, October 02, 2010 11:18 AM To: WISPA General List Subject: Re: [WISPA] Brute Force Attack on Mikrotik Gateway The MT webbox causes cancer it is so terrible. On Oct 2, 2010 9:08 AM, Greg Ihnen os10ru...@gmail.com wrote: That script should be the MT default when one checks the protect router check box in the web UI. Greg On Oct 2, 2010, at 8:33 AM, Robert West wrote: Checked the logs this morning and guess who was back at it Was trying to do a brute force attack from yet another IP but that script from Butch swatted him like a fly. Worked like a charm! Thanks to both you and Butch, he be gone. Bob- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Josh Luthman Sent: Friday, October 01, 2010 10:38 PM To: WISPA General List Subject: Re: [WISPA] Brute Force Attack on Mikrotik Gateway Compliments of Butch Evans /ip firewal filt add action=accept chain=forward comment=drop ssh brute forcers disabled=\ no dst-port=22 protocol=tcp src-address-list=ssh_blacklist add action=add-src-to-address-list address-list=ssh_blacklist \ address-list-timeout=1w3d chain=forward comment= connection-state=new \ disabled=no dst-port=22 protocol=tcp src-address-list=ssh_stage3 add action=add-src-to-address-list address-list=ssh_stage3 \ address-list-timeout=1m chain=forward comment= connection-state=new \ disabled=no dst-port=22 protocol=tcp src-address-list=ssh_stage2 add action=add-src-to-address-list address-list=ssh_stage2 \ address-list-timeout=1m chain=forward comment= connection-state=new \ disabled=no dst-port=22 protocol=tcp src-address-list=ssh_stage1 add action=add-src-to-address-list address-list=ssh_stage1 \ address-list-timeout=1m chain=forward comment= connection-state=new \ disabled=no dst-port=22 protocol=tcp src-address-list=!heavysshservers Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Fri, Oct 1, 2010 at 10:28 PM, Robert West robert.w...@just-micro.com wrote: Then we'll just send the pigeons over to poop on them. Easy. From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of RickG Sent: Friday, October 01, 2010 9:29 PM To: Tom Sharples; WISPA General List Subject: Re: [WISPA] Brute Force Attack on Mikrotik Gateway I like it but what if the ip is being masqueraded? On Fri, Oct 1, 2010 at 7:00 PM, Tom Sharples tsharp...@qorvus.com wrote: I've often wondered, is it legal for the receipient of this sort of thing, to retailiate with e.g. ping or curl storms? Tom S. - Original Message - From: Robert West To: 'WISPA General List' Sent: Friday, October 01, 2010 2:57 PM Subject: [WISPA] Brute Force Attack on Mikrotik Gateway Just had to deal with a brute force attack on a MT router acting as a gateway. Came from these two IP addresses.. 59.42.10.38 61.155.5.247 Looked them up, they turn out to be pretty common for this sort of thing. Added a firewall rule to drop them and they are no longer filling my log. Some may want to do the same for these jokers. Robert West Just Micro Digital Services Inc. 740-335-7020 image001.gif WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today!
Re: [WISPA] Brute Force Attack on Mikrotik Gateway
I asked them about a Java client a long time ago and they nixed it.. Said there was a Windoze client and it could run under Wine. But I was looking at other platforms. The biggest problem with Mikrotik is their tunnelvision and unwillingness to look outside of the box IMHO Leon On 10/2/2010 3:04 PM, Greg Ihnen wrote: Or Java would be nice. But really anything that is cross platform would be good. Then I wouldn't have to run Parallels or Fusion all day. Greg On Oct 2, 2010, at 12:27 PM, Josh Luthman wrote: It doesn't answer anything. You can't configure anything. It screws up what you have set. Hate it. I would like to see an html copy of winbox, but that's a dream. On Oct 2, 2010 12:33 PM, Robert West robert.w...@just-micro.com mailto:robert.w...@just-micro.com wrote: Ah.. I always use Winbox. Tried Webbox a few times when I had to but wasn't comfortable with it at all. From: wireless-boun...@wispa.org mailto:wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org mailto:wireless-boun...@wispa.org] On Behalf Of Josh Luthman Sent: Saturday, October 02, 2010 11:18 AM To: WISPA General List Subject: Re: [WISPA] Brute Force Attack on Mikrotik Gateway The MT webbox causes cancer it is so terrible. On Oct 2, 2010 9:08 AM, Greg Ihnen os10ru...@gmail.com mailto:os10ru...@gmail.com wrote: That script should be the MT default when one checks the protect router check box in the web UI. Greg On Oct 2, 2010, at 8:33 AM, Robert West wrote: Checked the logs this morning and guess who was back at it Was trying to do a brute force attack from yet another IP but that script from Butch swatted him like a fly. Worked like a charm! Thanks to both you and Butch, he be gone. Bob- From: wireless-boun...@wispa.org mailto:wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org mailto:wireless-boun...@wispa.org] On Behalf Of Josh Luthman Sent: Friday, October 01, 2010 10:38 PM To: WISPA General List Subject: Re: [WISPA] Brute Force Attack on Mikrotik Gateway Compliments of Butch Evans /ip firewal filt add action=accept chain=forward comment=drop ssh brute forcers disabled=\ no dst-port=22 protocol=tcp src-address-list=ssh_blacklist add action=add-src-to-address-list address-list=ssh_blacklist \ address-list-timeout=1w3d chain=forward comment= connection-state=new \ disabled=no dst-port=22 protocol=tcp src-address-list=ssh_stage3 add action=add-src-to-address-list address-list=ssh_stage3 \ address-list-timeout=1m chain=forward comment= connection-state=new \ disabled=no dst-port=22 protocol=tcp src-address-list=ssh_stage2 add action=add-src-to-address-list address-list=ssh_stage2 \ address-list-timeout=1m chain=forward comment= connection-state=new \ disabled=no dst-port=22 protocol=tcp src-address-list=ssh_stage1 add action=add-src-to-address-list address-list=ssh_stage1 \ address-list-timeout=1m chain=forward comment= connection-state=new \ disabled=no dst-port=22 protocol=tcp src-address-list=!heavysshservers Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Fri, Oct 1, 2010 at 10:28 PM, Robert West robert.w...@just-micro.com mailto:robert.w...@just-micro.com wrote: Then we'll just send the pigeons over to poop on them. Easy. From: wireless-boun...@wispa.org mailto:wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org mailto:wireless-boun...@wispa.org] On Behalf Of RickG Sent: Friday, October 01, 2010 9:29 PM To: Tom Sharples; WISPA General List Subject: Re: [WISPA] Brute Force Attack on Mikrotik Gateway I like it but what if the ip is being masqueraded? On Fri, Oct 1, 2010 at 7:00 PM, Tom Sharples tsharp...@qorvus.com mailto:tsharp...@qorvus.com wrote: I've often wondered, is it legal for the receipient of this sort of thing, to retailiate with e.g. ping or curl storms? Tom S. - Original Message - From: Robert West To: 'WISPA General List' Sent: Friday, October 01, 2010 2:57 PM Subject: [WISPA] Brute Force Attack on Mikrotik Gateway Just had to deal with a brute force attack on a MT router acting as a gateway. Came from these two IP addresses.. 59.42.10.38 61.155.5.247 Looked them up, they turn out to be pretty common for this sort of thing. Added a firewall rule to drop them and they are no longer filling my log. Some may want to do the same for these jokers. Robert West Just Micro Digital Services Inc. 740-335-7020 image001.gif No virus found in this message. Checked by AVG - www.avg.com http://www.avg.com Version: 10.0.1120 / Virus Database: 422/3172 - Release Date: 10/02/10 - No virus found in this message. Checked by AVG - www.avg.com Version: 10.0.1120 / Virus Database: 422/3172 - Release Date: 10/02/10 WISPA
Re: [WISPA] Brute Force Attack on Mikrotik Gateway
Jon was right - just loaded up 5.0rc1 and they added webfig. Format is very much that of Winbox and looks very good at a glance! Webbox is still there and it is still bad. Java is way too slow and not very portable (in the sense a new laptop won't use it). Flash is easier and lighter. HTML works 99.99% of the time. Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Sat, Oct 2, 2010 at 3:57 PM, Leon D. Zetekoff wa4...@backwoodswireless.net wrote: I asked them about a Java client a long time ago and they nixed it.. Said there was a Windoze client and it could run under Wine. But I was looking at other platforms. The biggest problem with Mikrotik is their tunnelvision and unwillingness to look outside of the box IMHO Leon On 10/2/2010 3:04 PM, Greg Ihnen wrote: Or Java would be nice. But really anything that is cross platform would be good. Then I wouldn't have to run Parallels or Fusion all day. Greg On Oct 2, 2010, at 12:27 PM, Josh Luthman wrote: It doesn't answer anything. You can't configure anything. It screws up what you have set. Hate it. I would like to see an html copy of winbox, but that's a dream. On Oct 2, 2010 12:33 PM, Robert West robert.w...@just-micro.com wrote: Ah.. I always use Winbox. Tried Webbox a few times when I had to but wasn't comfortable with it at all. From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Josh Luthman Sent: Saturday, October 02, 2010 11:18 AM To: WISPA General List Subject: Re: [WISPA] Brute Force Attack on Mikrotik Gateway The MT webbox causes cancer it is so terrible. On Oct 2, 2010 9:08 AM, Greg Ihnen os10ru...@gmail.com wrote: That script should be the MT default when one checks the protect router check box in the web UI. Greg On Oct 2, 2010, at 8:33 AM, Robert West wrote: Checked the logs this morning and guess who was back at it Was trying to do a brute force attack from yet another IP but that script from Butch swatted him like a fly. Worked like a charm! Thanks to both you and Butch, he be gone. Bob- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Josh Luthman Sent: Friday, October 01, 2010 10:38 PM To: WISPA General List Subject: Re: [WISPA] Brute Force Attack on Mikrotik Gateway Compliments of Butch Evans /ip firewal filt add action=accept chain=forward comment=drop ssh brute forcers disabled=\ no dst-port=22 protocol=tcp src-address-list=ssh_blacklist add action=add-src-to-address-list address-list=ssh_blacklist \ address-list-timeout=1w3d chain=forward comment= connection-state=new \ disabled=no dst-port=22 protocol=tcp src-address-list=ssh_stage3 add action=add-src-to-address-list address-list=ssh_stage3 \ address-list-timeout=1m chain=forward comment= connection-state=new \ disabled=no dst-port=22 protocol=tcp src-address-list=ssh_stage2 add action=add-src-to-address-list address-list=ssh_stage2 \ address-list-timeout=1m chain=forward comment= connection-state=new \ disabled=no dst-port=22 protocol=tcp src-address-list=ssh_stage1 add action=add-src-to-address-list address-list=ssh_stage1 \ address-list-timeout=1m chain=forward comment= connection-state=new \ disabled=no dst-port=22 protocol=tcp src-address-list=!heavysshservers Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Fri, Oct 1, 2010 at 10:28 PM, Robert West robert.w...@just-micro.com wrote: Then we'll just send the pigeons over to poop on them. Easy. From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of RickG Sent: Friday, October 01, 2010 9:29 PM To: Tom Sharples; WISPA General List Subject: Re: [WISPA] Brute Force Attack on Mikrotik Gateway I like it but what if the ip is being masqueraded? On Fri, Oct 1, 2010 at 7:00 PM, Tom Sharples tsharp...@qorvus.com wrote: I've often wondered, is it legal for the receipient of this sort of thing, to retailiate with e.g. ping or curl storms? Tom S. - Original Message - From: Robert West To: 'WISPA General List' Sent: Friday, October 01, 2010 2:57 PM Subject: [WISPA] Brute Force Attack on Mikrotik Gateway Just had to deal with a brute force attack on a MT router acting as a gateway. Came from these two IP addresses.. 59.42.10.38 61.155.5.247 Looked them up, they turn out to be pretty common for this sort of thing. Added a firewall rule to drop them and they are no longer filling my log. Some may want to do the same for these jokers. Robert West Just Micro Digital Services Inc. 740-335-7020 image001.gif -- No virus found in this message. Checked by AVG - www.avg.com Version: 10.0.1120 / Virus Database: 422/3172 - Release Date: 10/02/10
Re: [WISPA] Brute Force Attack on Mikrotik Gateway
I have to question: Why would a new laptop not use it? And how do you figure flash is lighter? On Sat, Oct 2, 2010 at 2:22 PM, Josh Luthman j...@imaginenetworksllc.com wrote: Jon was right - just loaded up 5.0rc1 and they added webfig. Format is very much that of Winbox and looks very good at a glance! Webbox is still there and it is still bad. Java is way too slow and not very portable (in the sense a new laptop won't use it). Flash is easier and lighter. HTML works 99.99% of the time. Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Sat, Oct 2, 2010 at 3:57 PM, Leon D. Zetekoff wa4...@backwoodswireless.net wrote: I asked them about a Java client a long time ago and they nixed it.. Said there was a Windoze client and it could run under Wine. But I was looking at other platforms. The biggest problem with Mikrotik is their tunnelvision and unwillingness to look outside of the box IMHO Leon On 10/2/2010 3:04 PM, Greg Ihnen wrote: Or Java would be nice. But really anything that is cross platform would be good. Then I wouldn't have to run Parallels or Fusion all day. Greg On Oct 2, 2010, at 12:27 PM, Josh Luthman wrote: It doesn't answer anything. You can't configure anything. It screws up what you have set. Hate it. I would like to see an html copy of winbox, but that's a dream. On Oct 2, 2010 12:33 PM, Robert West robert.w...@just-micro.com wrote: Ah.. I always use Winbox. Tried Webbox a few times when I had to but wasn't comfortable with it at all. From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Josh Luthman Sent: Saturday, October 02, 2010 11:18 AM To: WISPA General List Subject: Re: [WISPA] Brute Force Attack on Mikrotik Gateway The MT webbox causes cancer it is so terrible. On Oct 2, 2010 9:08 AM, Greg Ihnen os10ru...@gmail.com wrote: That script should be the MT default when one checks the protect router check box in the web UI. Greg On Oct 2, 2010, at 8:33 AM, Robert West wrote: Checked the logs this morning and guess who was back at it Was trying to do a brute force attack from yet another IP but that script from Butch swatted him like a fly. Worked like a charm! Thanks to both you and Butch, he be gone. Bob- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Josh Luthman Sent: Friday, October 01, 2010 10:38 PM To: WISPA General List Subject: Re: [WISPA] Brute Force Attack on Mikrotik Gateway Compliments of Butch Evans /ip firewal filt add action=accept chain=forward comment=drop ssh brute forcers disabled=\ no dst-port=22 protocol=tcp src-address-list=ssh_blacklist add action=add-src-to-address-list address-list=ssh_blacklist \ address-list-timeout=1w3d chain=forward comment= connection-state=new \ disabled=no dst-port=22 protocol=tcp src-address-list=ssh_stage3 add action=add-src-to-address-list address-list=ssh_stage3 \ address-list-timeout=1m chain=forward comment= connection-state=new \ disabled=no dst-port=22 protocol=tcp src-address-list=ssh_stage2 add action=add-src-to-address-list address-list=ssh_stage2 \ address-list-timeout=1m chain=forward comment= connection-state=new \ disabled=no dst-port=22 protocol=tcp src-address-list=ssh_stage1 add action=add-src-to-address-list address-list=ssh_stage1 \ address-list-timeout=1m chain=forward comment= connection-state=new \ disabled=no dst-port=22 protocol=tcp src-address-list=!heavysshservers Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Fri, Oct 1, 2010 at 10:28 PM, Robert West robert.w...@just-micro.com wrote: Then we'll just send the pigeons over to poop on them. Easy. From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of RickG Sent: Friday, October 01, 2010 9:29 PM To: Tom Sharples; WISPA General List Subject: Re: [WISPA] Brute Force Attack on Mikrotik Gateway I like it but what if the ip is being masqueraded? On Fri, Oct 1, 2010 at 7:00 PM, Tom Sharples tsharp...@qorvus.com wrote: I've often wondered, is it legal for the receipient of this sort of thing, to retailiate with e.g. ping or curl storms? Tom S. - Original Message - From: Robert West To: 'WISPA General List' Sent: Friday, October 01, 2010 2:57 PM Subject: [WISPA] Brute Force Attack on Mikrotik Gateway Just had to deal with a brute force attack on a MT router acting as a gateway. Came from these two IP addresses.. 59.42.10.38 61.155.5.247 Looked them up, they turn out to be pretty common for this sort of thing. Added a firewall rule to drop them and they are no longer filling my log. Some may want to do the same for these jokers. Robert West Just Micro Digital Services Inc. 740-335-7020
Re: [WISPA] Brute Force Attack on Mikrotik Gateway
New laptops don't have java. Flash is one library and takes second to install. Launch speeds are of no comparison, flash is way faster. Takes a lot of time to warm up the virtual engine. On Oct 2, 2010 5:32 PM, Jeromie Reeves jree...@18-30chat.net wrote: I have to question: Why would a new laptop not use it? And how do you figure flash is lighter? On Sat, Oct 2, 2010 at 2:22 PM, Josh Luthman j...@imaginenetworksllc.com wrote: Jon was right - just loaded up 5.0rc1 and they added webfig. Format is very much that of Winbox and looks very good at a glance! Webbox is still there and it is still bad. Java is way too slow and not very portable (in the sense a new laptop won't use it). Flash is easier and lighter. HTML works 99.99% of the time. Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Sat, Oct 2, 2010 at 3:57 PM, Leon D. Zetekoff wa4...@backwoodswireless.net wrote: I asked them about a Java client a long time ago and they nixed it.. Said there was a Windoze client and it could run under Wine. But I was looking at other platforms. The biggest problem with Mikrotik is their tunnelvision and unwillingness to look outside of the box IMHO Leon On 10/2/2010 3:04 PM, Greg Ihnen wrote: Or Java would be nice. But really anything that is cross platform would be good. Then I wouldn't have to run Parallels or Fusion all day. Greg On Oct 2, 2010, at 12:27 PM, Josh Luthman wrote: It doesn't answer anything. You can't configure anything. It screws up what you have set. Hate it. I would like to see an html copy of winbox, but that's a dream. On Oct 2, 2010 12:33 PM, Robert West robert.w...@just-micro.com wrote: Ah.. I always use Winbox. Tried Webbox a few times when I had to but wasn't comfortable with it at all. From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Josh Luthman Sent: Saturday, October 02, 2010 11:18 AM To: WISPA General List Subject: Re: [WISPA] Brute Force Attack on Mikrotik Gateway The MT webbox causes cancer it is so terrible. On Oct 2, 2010 9:08 AM, Greg Ihnen os10ru...@gmail.com wrote: That script should be the MT default when one checks the protect router check box in the web UI. Greg On Oct 2, 2010, at 8:33 AM, Robert West wrote: Checked the logs this morning and guess who was back at it Was trying to do a brute force attack from yet another IP but that script from Butch swatted him like a fly. Worked like a charm! Thanks to both you and Butch, he be gone. Bob- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Josh Luthman Sent: Friday, October 01, 2010 10:38 PM To: WISPA General List Subject: Re: [WISPA] Brute Force Attack on Mikrotik Gateway Compliments of Butch Evans /ip firewal filt add action=accept chain=forward comment=drop ssh brute forcers disabled=\ no dst-port=22 protocol=tcp src-address-list=ssh_blacklist add action=add-src-to-address-list address-list=ssh_blacklist \ address-list-timeout=1w3d chain=forward comment= connection-state=new \ disabled=no dst-port=22 protocol=tcp src-address-list=ssh_stage3 add action=add-src-to-address-list address-list=ssh_stage3 \ address-list-timeout=1m chain=forward comment= connection-state=new \ disabled=no dst-port=22 protocol=tcp src-address-list=ssh_stage2 add action=add-src-to-address-list address-list=ssh_stage2 \ address-list-timeout=1m chain=forward comment= connection-state=new \ disabled=no dst-port=22 protocol=tcp src-address-list=ssh_stage1 add action=add-src-to-address-list address-list=ssh_stage1 \ address-list-timeout=1m chain=forward comment= connection-state=new \ disabled=no dst-port=22 protocol=tcp src-address-list=!heavysshservers Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Fri, Oct 1, 2010 at 10:28 PM, Robert West robert.w...@just-micro.com wrote: Then we'll just send the pigeons over to poop on them. Easy. From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of RickG Sent: Friday, October 01, 2010 9:29 PM To: Tom Sharples; WISPA General List Subject: Re: [WISPA] Brute Force Attack on Mikrotik Gateway I like it but what if the ip is being masqueraded? On Fri, Oct 1, 2010 at 7:00 PM, Tom Sharples tsharp...@qorvus.com wrote: I've often wondered, is it legal for the receipient of this sort of thing, to retailiate with e.g. ping or curl storms? Tom S. - Original Message - From: Robert West To: 'WISPA General List' Sent: Friday, October 01, 2010 2:57 PM Subject: [WISPA] Brute Force Attack on Mikrotik Gateway Just had to deal with a brute force attack on a MT router acting as a gateway. Came from these two IP addresses.. 59.42.10.38 61.155.5.247 Looked
Re: [WISPA] Brute Force Attack on Mikrotik Gateway
On 10/02/2010 05:58 PM, Josh Luthman wrote: New laptops don't have java. Flash is one library and takes second to install. Launch speeds are of no comparison, flash is way faster. Takes a lot of time to warm up the virtual engine. I find flash a PITA. java is one download off java.com; not a biggie there. IMHO leon On Oct 2, 2010 5:32 PM, Jeromie Reeves jree...@18-30chat.net mailto:jree...@18-30chat.net wrote: I have to question: Why would a new laptop not use it? And how do you figure flash is lighter? On Sat, Oct 2, 2010 at 2:22 PM, Josh Luthman j...@imaginenetworksllc.com mailto:j...@imaginenetworksllc.com wrote: Jon was right - just loaded up 5.0rc1 and they added webfig. Format is very much that of Winbox and looks very good at a glance! Webbox is still there and it is still bad. Java is way too slow and not very portable (in the sense a new laptop won't use it). Flash is easier and lighter. HTML works 99.99% of the time. WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Brute Force Attack on Mikrotik Gateway
My experience is the total opposite and I think the world agrees with me. Youtube videos, games, ads, etc. On Oct 2, 2010 6:22 PM, Leon D. Zetekoff wa4...@backwoodswireless.net wrote: WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] WR EUM
We have a few. I will check with the tech's on Monday and get back with you. Jean - Original Message - From: chris cooper ccoo...@intelliwave.com To: 'WISPA General List' wireless@wispa.org Sent: Monday, September 27, 2010 1:29 PM Subject: [WISPA] WR EUM Looking for some Waverider EUM 3004/3005. Hit me offlist if you have any to sell. Thanks Chris Cooper WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Brute Force Attack on Mikrotik Gateway
HTML5 is better than either java or flash. On Sat, Oct 2, 2010 at 5:32 PM, Josh Luthman j...@imaginenetworksllc.com wrote: My experience is the total opposite and I think the world agrees with me. Youtube videos, games, ads, etc. On Oct 2, 2010 6:22 PM, Leon D. Zetekoff wa4...@backwoodswireless.net wrote: WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Brute Force Attack on Mikrotik Gateway
That's what I'm saying! On Oct 2, 2010 6:57 PM, Philip Dorr wirel...@judgementgaming.com wrote: HTML5 is better than either java or flash. On Sat, Oct 2, 2010 at 5:32 PM, Josh Luthman j...@imaginenetworksllc.com wrote: My experience is the total opposite and I think the world agrees with me. Youtube videos, games, ads, etc. On Oct 2, 2010 6:22 PM, Leon D. Zetekoff wa4...@backwoodswireless.net wrote: WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Brute Force Attack on Mikrotik Gateway
Installing flash or java is the same procedure. Flash is a horribly unstable system. It is a container system with many IDE's that make it drag drop simple to produce with. This topic can only go the way of Linux vs Windows. Windows took off because you do not need skill to use it. Same with flash. The better option is tossed to the wayside. On Sat, Oct 2, 2010 at 2:58 PM, Josh Luthman j...@imaginenetworksllc.com wrote: New laptops don't have java. Flash is one library and takes second to install. Launch speeds are of no comparison, flash is way faster. Takes a lot of time to warm up the virtual engine. On Oct 2, 2010 5:32 PM, Jeromie Reeves jree...@18-30chat.net wrote: I have to question: Why would a new laptop not use it? And how do you figure flash is lighter? On Sat, Oct 2, 2010 at 2:22 PM, Josh Luthman j...@imaginenetworksllc.com wrote: Jon was right - just loaded up 5.0rc1 and they added webfig. Format is very much that of Winbox and looks very good at a glance! Webbox is still there and it is still bad. Java is way too slow and not very portable (in the sense a new laptop won't use it). Flash is easier and lighter. HTML works 99.99% of the time. Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Sat, Oct 2, 2010 at 3:57 PM, Leon D. Zetekoff wa4...@backwoodswireless.net wrote: I asked them about a Java client a long time ago and they nixed it.. Said there was a Windoze client and it could run under Wine. But I was looking at other platforms. The biggest problem with Mikrotik is their tunnelvision and unwillingness to look outside of the box IMHO Leon On 10/2/2010 3:04 PM, Greg Ihnen wrote: Or Java would be nice. But really anything that is cross platform would be good. Then I wouldn't have to run Parallels or Fusion all day. Greg On Oct 2, 2010, at 12:27 PM, Josh Luthman wrote: It doesn't answer anything. You can't configure anything. It screws up what you have set. Hate it. I would like to see an html copy of winbox, but that's a dream. On Oct 2, 2010 12:33 PM, Robert West robert.w...@just-micro.com wrote: Ah.. I always use Winbox. Tried Webbox a few times when I had to but wasn't comfortable with it at all. From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Josh Luthman Sent: Saturday, October 02, 2010 11:18 AM To: WISPA General List Subject: Re: [WISPA] Brute Force Attack on Mikrotik Gateway The MT webbox causes cancer it is so terrible. On Oct 2, 2010 9:08 AM, Greg Ihnen os10ru...@gmail.com wrote: That script should be the MT default when one checks the protect router check box in the web UI. Greg On Oct 2, 2010, at 8:33 AM, Robert West wrote: Checked the logs this morning and guess who was back at it Was trying to do a brute force attack from yet another IP but that script from Butch swatted him like a fly. Worked like a charm! Thanks to both you and Butch, he be gone. Bob- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Josh Luthman Sent: Friday, October 01, 2010 10:38 PM To: WISPA General List Subject: Re: [WISPA] Brute Force Attack on Mikrotik Gateway Compliments of Butch Evans /ip firewal filt add action=accept chain=forward comment=drop ssh brute forcers disabled=\ no dst-port=22 protocol=tcp src-address-list=ssh_blacklist add action=add-src-to-address-list address-list=ssh_blacklist \ address-list-timeout=1w3d chain=forward comment= connection-state=new \ disabled=no dst-port=22 protocol=tcp src-address-list=ssh_stage3 add action=add-src-to-address-list address-list=ssh_stage3 \ address-list-timeout=1m chain=forward comment= connection-state=new \ disabled=no dst-port=22 protocol=tcp src-address-list=ssh_stage2 add action=add-src-to-address-list address-list=ssh_stage2 \ address-list-timeout=1m chain=forward comment= connection-state=new \ disabled=no dst-port=22 protocol=tcp src-address-list=ssh_stage1 add action=add-src-to-address-list address-list=ssh_stage1 \ address-list-timeout=1m chain=forward comment= connection-state=new \ disabled=no dst-port=22 protocol=tcp src-address-list=!heavysshservers Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Fri, Oct 1, 2010 at 10:28 PM, Robert West robert.w...@just-micro.com wrote: Then we'll just send the pigeons over to poop on them. Easy. From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of RickG Sent: Friday, October 01, 2010 9:29 PM To: Tom Sharples; WISPA General List Subject: Re: [WISPA] Brute Force Attack on Mikrotik Gateway I like it but what if the ip is being masqueraded? On Fri, Oct 1, 2010 at 7:00 PM, Tom Sharples tsharp...@qorvus.com wrote: I've often wondered, is it legal
[WISPA] OT. CLEC Valuattions
Can anyone steer me to the going rates for sale of a CLEC business? Sent via DROID on Verizon Wireless WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Brute Force Attack on Mikrotik Gateway
Or..! A rule that will route them back to themselves! Now THAT would be hilarious!!! Bob- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of RickG Sent: Saturday, October 02, 2010 12:56 AM To: WISPA General List Subject: Re: [WISPA] Brute Force Attack on Mikrotik Gateway But thinking back on it, imagine the Damn it! looks on their faces if they DID get in only to find a nothing Mikrotik routerboard! LOL, it would be funny to have something connected that did nothing. Better yet, just reroute them to fbi.gov! On Fri, Oct 1, 2010 at 10:22 PM, Robert West robert.w...@just-micro.com wrote: I've been migrating everything to a central location. Not done yet but boy, have had a mess the past 3 weeks with the reconfiguring and moving of stuff. As well as one major gateway out of the solar status to real grid power. Finally! Was interesting to watch the log, though. I blocked every IP as it popped up then they switched from FTP to SSH. Once SSH was blocked, they went the hell away. But thinking back on it, imagine the Damn it! looks on their faces if they DID get in only to find a nothing Mikrotik routerboard! HA! From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Glenn Kelley Sent: Friday, October 01, 2010 10:00 PM To: WISPA General List Subject: Re: [WISPA] Brute Force Attack on Mikrotik Gateway Bob, If memory serves me correct - you do not have a central network - is that right? instead your just using multiple pops via cable modems? If that is the case - it might be a bit more difficult - on the other hand - if you have switched to a central network (or have this in some places) than I can give you an easy transparent bridge solution @ no cost (just need one of your old pc's and 2 nics :-) ) Let me know On Oct 1, 2010, at 9:48 PM, Glenn Kelley wrote: why not just block china (and other countries) from access unless it is something opened first from inside the network ? Would make a big difference :-) On Oct 1, 2010, at 9:28 PM, RickG wrote: 61.155.5.247 _ Glenn Kelley | Principle | HostMedic |www.HostMedic.com Email: gl...@hostmedic.com Pplease don't print this e-mail unless you really need to. WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ _ Glenn Kelley | Principle | HostMedic |www.HostMedic.com Email: gl...@hostmedic.com Pplease don't print this e-mail unless you really need to. WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Brute Force Attack on Mikrotik Gateway
How about the Backtrack toolset. In the early days of the internet (for me) I would see people trying to attack me so I'd use some script kiddie tools to throw attacks back at them. If they weren't patched they'd go down. Often they'd go down. Then again that was a colossal waste of time. It's better to just block them, and once in a while look at your address list and see who's gotten put in the sand box. Greg On Oct 2, 2010, at 7:18 PM, Robert West wrote: Or..! A rule that will route them back to themselves! Now THAT would be hilarious!!! Bob- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of RickG Sent: Saturday, October 02, 2010 12:56 AM To: WISPA General List Subject: Re: [WISPA] Brute Force Attack on Mikrotik Gateway But thinking back on it, imagine the “Damn it!” looks on their faces if they DID get in only to find a nothing Mikrotik routerboard! LOL, it would be funny to have something connected that did nothing. Better yet, just reroute them to fbi.gov! On Fri, Oct 1, 2010 at 10:22 PM, Robert West robert.w...@just-micro.com wrote: I’ve been migrating everything to a central location. Not done yet but boy, have had a mess the past 3 weeks with the reconfiguring and moving of “stuff”. As well as one major gateway out of the “solar” status to real grid power. Finally! Was interesting to watch the log, though. I blocked every IP as it popped up then they switched from FTP to SSH. Once SSH was blocked, they went the hell away. But thinking back on it, imagine the “Damn it!” looks on their faces if they DID get in only to find a nothing Mikrotik routerboard! HA! From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Glenn Kelley Sent: Friday, October 01, 2010 10:00 PM To: WISPA General List Subject: Re: [WISPA] Brute Force Attack on Mikrotik Gateway Bob, If memory serves me correct - you do not have a central network - is that right? instead your just using multiple pops via cable modems? If that is the case - it might be a bit more difficult - on the other hand - if you have switched to a central network (or have this in some places) than I can give you an easy transparent bridge solution @ no cost (just need one of your old pc's and 2 nics :-) ) Let me know On Oct 1, 2010, at 9:48 PM, Glenn Kelley wrote: why not just block china (and other countries) from access unless it is something opened first from inside the network ? Would make a big difference :-) On Oct 1, 2010, at 9:28 PM, RickG wrote: 61.155.5.247 _ Glenn Kelley | Principle | HostMedic |www.HostMedic.com Email: gl...@hostmedic.com Pplease don't print this e-mail unless you really need to. WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ _ Glenn Kelley | Principle | HostMedic |www.HostMedic.com Email: gl...@hostmedic.com Pplease don't print this e-mail unless you really need to. WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Brute Force Attack on Mikrotik Gateway
IP Spoofing can really hit you hard. Running a datacenter I have received reports from a number of other DC's then when doing the actual investigation I have to tell an engineer @ the other DC that they are wrong. Retaliation is never a good thing - chances are you are hitting the wrong person. Just my 2 cents On Oct 2, 2010, at 7:55 PM, Greg Ihnen wrote: How about the Backtrack toolset. In the early days of the internet (for me) I would see people trying to attack me so I'd use some script kiddie tools to throw attacks back at them. If they weren't patched they'd go down. Often they'd go down. Then again that was a colossal waste of time. It's better to just block them, and once in a while look at your address list and see who's gotten put in the sand box. Greg On Oct 2, 2010, at 7:18 PM, Robert West wrote: Or..! A rule that will route them back to themselves! Now THAT would be hilarious!!! Bob- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of RickG Sent: Saturday, October 02, 2010 12:56 AM To: WISPA General List Subject: Re: [WISPA] Brute Force Attack on Mikrotik Gateway But thinking back on it, imagine the “Damn it!” looks on their faces if they DID get in only to find a nothing Mikrotik routerboard! LOL, it would be funny to have something connected that did nothing. Better yet, just reroute them to fbi.gov! On Fri, Oct 1, 2010 at 10:22 PM, Robert West robert.w...@just-micro.com wrote: I’ve been migrating everything to a central location. Not done yet but boy, have had a mess the past 3 weeks with the reconfiguring and moving of “stuff”. As well as one major gateway out of the “solar” status to real grid power. Finally! Was interesting to watch the log, though. I blocked every IP as it popped up then they switched from FTP to SSH. Once SSH was blocked, they went the hell away. But thinking back on it, imagine the “Damn it!” looks on their faces if they DID get in only to find a nothing Mikrotik routerboard! HA! From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Glenn Kelley Sent: Friday, October 01, 2010 10:00 PM To: WISPA General List Subject: Re: [WISPA] Brute Force Attack on Mikrotik Gateway Bob, If memory serves me correct - you do not have a central network - is that right? instead your just using multiple pops via cable modems? If that is the case - it might be a bit more difficult - on the other hand - if you have switched to a central network (or have this in some places) than I can give you an easy transparent bridge solution @ no cost (just need one of your old pc's and 2 nics :-) ) Let me know On Oct 1, 2010, at 9:48 PM, Glenn Kelley wrote: why not just block china (and other countries) from access unless it is something opened first from inside the network ? Would make a big difference :-) On Oct 1, 2010, at 9:28 PM, RickG wrote: 61.155.5.247 _ Glenn Kelley | Principle | HostMedic |www.HostMedic.com Email: gl...@hostmedic.com Pplease don't print this e-mail unless you really need to. WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ _ Glenn Kelley | Principle | HostMedic |www.HostMedic.com Email: gl...@hostmedic.com Pplease don't print this e-mail unless you really need to. WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List:
Re: [WISPA] Brute Force Attack on Mikrotik Gateway
Bcp 38 Control plane v mgmt plane v data plane Botnets Don't shoot poop back at the internetwebz On Oct 2, 2010, at 7:15 PM, Glenn Kelley gl...@hostmedic.commailto:gl...@hostmedic.com wrote: IP Spoofing can really hit you hard. Running a datacenter I have received reports from a number of other DC's then when doing the actual investigation I have to tell an engineer @ the other DC that they are wrong. Retaliation is never a good thing - chances are you are hitting the wrong person. Just my 2 cents On Oct 2, 2010, at 7:55 PM, Greg Ihnen wrote: How about the Backtrack toolset. In the early days of the internet (for me) I would see people trying to attack me so I'd use some script kiddie tools to throw attacks back at them. If they weren't patched they'd go down. Often they'd go down. Then again that was a colossal waste of time. It's better to just block them, and once in a while look at your address list and see who's gotten put in the sand box. Greg On Oct 2, 2010, at 7:18 PM, Robert West wrote: Or..! A rule that will route them back to themselves! Now THAT would be hilarious!!! Bob- From: mailto:wireless-boun...@wispa.org wireless-boun...@wispa.orgmailto:wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of RickG Sent: Saturday, October 02, 2010 12:56 AM To: WISPA General List Subject: Re: [WISPA] Brute Force Attack on Mikrotik Gateway But thinking back on it, imagine the “Damn it!” looks on their faces if they DID get in only to find a nothing Mikrotik routerboard! LOL, it would be funny to have something connected that did nothing. Better yet, just reroute them to http://fbi.gov/ fbi.govhttp://fbi.gov! On Fri, Oct 1, 2010 at 10:22 PM, Robert West mailto:robert.w...@just-micro.comrobert.w...@just-micro.commailto:robert.w...@just-micro.com wrote: I’ve been migrating everything to a central location. Not done yet but boy, have had a mess the past 3 weeks with the reconfiguring and moving of “stuff”. As well as one major gateway out of the “solar” status to real grid power. Finally! Was interesting to watch the log, though. I blocked every IP as it popped up then they switched from FTP to SSH. Once SSH was blocked, they went the hell away. But thinking back on it, imagine the “Damn it!” looks on their faces if they DID get in only to find a nothing Mikrotik routerboard! HA! From: mailto:wireless-boun...@wispa.org wireless-boun...@wispa.orgmailto:wireless-boun...@wispa.org [mailto:mailto:wireless-boun...@wispa.orgwireless-boun...@wispa.orgmailto:wireless-boun...@wispa.org] On Behalf Of Glenn Kelley Sent: Friday, October 01, 2010 10:00 PM To: WISPA General List Subject: Re: [WISPA] Brute Force Attack on Mikrotik Gateway Bob, If memory serves me correct - you do not have a central network - is that right? instead your just using multiple pops via cable modems? If that is the case - it might be a bit more difficult - on the other hand - if you have switched to a central network (or have this in some places) than I can give you an easy transparent bridge solution @ no cost (just need one of your old pc's and 2 nics :-) ) Let me know On Oct 1, 2010, at 9:48 PM, Glenn Kelley wrote: why not just block china (and other countries) from access unless it is something opened first from inside the network ? Would make a big difference :-) On Oct 1, 2010, at 9:28 PM, RickG wrote: 61.155.5.247 _ Glenn Kelley | Principle | HostMedic |http://www.HostMedic.com/www.HostMedic.comhttp://www.HostMedic.com Email: mailto:gl...@hostmedic.com gl...@hostmedic.commailto:gl...@hostmedic.com Pplease don't print this e-mail unless you really need to. WISPA Wants You! Join today! http://signup.wispa.org/http://signup.wispa.org/ WISPA Wireless List: mailto:wireless@wispa.org wireless@wispa.orgmailto:wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wirelesshttp://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ http://lists.wispa.org/pipermail/wireless/ _ Glenn Kelley | Principle | HostMedic |http://www.HostMedic.com/www.HostMedic.comhttp://www.HostMedic.com Email: mailto:gl...@hostmedic.com gl...@hostmedic.commailto:gl...@hostmedic.com Pplease don't print this e-mail unless you really need to. WISPA Wants You! Join today! http://signup.wispa.org/http://signup.wispa.org/ WISPA Wireless List: mailto:wireless@wispa.org
Re: [WISPA] Brute Force Attack on Mikrotik Gateway
You're right. That was the folly of youth. Greg On Oct 2, 2010, at 7:45 PM, Glenn Kelley wrote: IP Spoofing can really hit you hard. Running a datacenter I have received reports from a number of other DC's then when doing the actual investigation I have to tell an engineer @ the other DC that they are wrong. Retaliation is never a good thing - chances are you are hitting the wrong person. Just my 2 cents On Oct 2, 2010, at 7:55 PM, Greg Ihnen wrote: How about the Backtrack toolset. In the early days of the internet (for me) I would see people trying to attack me so I'd use some script kiddie tools to throw attacks back at them. If they weren't patched they'd go down. Often they'd go down. Then again that was a colossal waste of time. It's better to just block them, and once in a while look at your address list and see who's gotten put in the sand box. Greg On Oct 2, 2010, at 7:18 PM, Robert West wrote: Or..! A rule that will route them back to themselves! Now THAT would be hilarious!!! Bob- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of RickG Sent: Saturday, October 02, 2010 12:56 AM To: WISPA General List Subject: Re: [WISPA] Brute Force Attack on Mikrotik Gateway But thinking back on it, imagine the “Damn it!” looks on their faces if they DID get in only to find a nothing Mikrotik routerboard! LOL, it would be funny to have something connected that did nothing. Better yet, just reroute them to fbi.gov! On Fri, Oct 1, 2010 at 10:22 PM, Robert West robert.w...@just-micro.com wrote: I’ve been migrating everything to a central location. Not done yet but boy, have had a mess the past 3 weeks with the reconfiguring and moving of “stuff”. As well as one major gateway out of the “solar” status to real grid power. Finally! Was interesting to watch the log, though. I blocked every IP as it popped up then they switched from FTP to SSH. Once SSH was blocked, they went the hell away. But thinking back on it, imagine the “Damn it!” looks on their faces if they DID get in only to find a nothing Mikrotik routerboard! HA! From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Glenn Kelley Sent: Friday, October 01, 2010 10:00 PM To: WISPA General List Subject: Re: [WISPA] Brute Force Attack on Mikrotik Gateway Bob, If memory serves me correct - you do not have a central network - is that right? instead your just using multiple pops via cable modems? If that is the case - it might be a bit more difficult - on the other hand - if you have switched to a central network (or have this in some places) than I can give you an easy transparent bridge solution @ no cost (just need one of your old pc's and 2 nics :-) ) Let me know On Oct 1, 2010, at 9:48 PM, Glenn Kelley wrote: why not just block china (and other countries) from access unless it is something opened first from inside the network ? Would make a big difference :-) On Oct 1, 2010, at 9:28 PM, RickG wrote: 61.155.5.247 _ Glenn Kelley | Principle | HostMedic |www.HostMedic.com Email: gl...@hostmedic.com Pplease don't print this e-mail unless you really need to. WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ _ Glenn Kelley | Principle | HostMedic |www.HostMedic.com Email: gl...@hostmedic.com Pplease don't print this e-mail unless you really need to. WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today!
Re: [WISPA] Brute Force Attack on Mikrotik Gateway
I tried that one but 5.0 beta was randomly dropping connection so I quickly went back down to 4.11 and has been working like a champ 24/7 From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Jon Auer Sent: Saturday, October 02, 2010 1:40 PM To: WISPA General List Subject: Re: [WISPA] Brute Force Attack on Mikrotik Gateway The new web admin in 5.0 looks like a web clone of winbox. On Oct 2, 2010 11:57 AM, Josh Luthman j...@imaginenetworksllc.com wrote: It doesn't answer anything. You can't configure anything. It screws up what you have set. Hate it. I would like to see an html copy of winbox, but that's a dream. On Oct 2, 2010 12:33 PM, Robert West robert.w...@just-micro.com wrote: Ah.. I always use Win... WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Brute Force Attack on Mikrotik Gateway
Java should be a no brainer. I think you're right about the tunnel vision. Happens to many companies. No one there with the guts to rock the boat. From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Leon D. Zetekoff Sent: Saturday, October 02, 2010 3:58 PM To: wireless@wispa.org Subject: Re: [WISPA] Brute Force Attack on Mikrotik Gateway I asked them about a Java client a long time ago and they nixed it.. Said there was a Windoze client and it could run under Wine. But I was looking at other platforms. The biggest problem with Mikrotik is their tunnelvision and unwillingness to look outside of the box IMHO Leon On 10/2/2010 3:04 PM, Greg Ihnen wrote: Or Java would be nice. But really anything that is cross platform would be good. Then I wouldn't have to run Parallels or Fusion all day. Greg On Oct 2, 2010, at 12:27 PM, Josh Luthman wrote: It doesn't answer anything. You can't configure anything. It screws up what you have set. Hate it. I would like to see an html copy of winbox, but that's a dream. On Oct 2, 2010 12:33 PM, Robert West robert.w...@just-micro.com wrote: Ah.. I always use Winbox. Tried Webbox a few times when I had to but wasn't comfortable with it at all. From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Josh Luthman Sent: Saturday, October 02, 2010 11:18 AM To: WISPA General List Subject: Re: [WISPA] Brute Force Attack on Mikrotik Gateway The MT webbox causes cancer it is so terrible. On Oct 2, 2010 9:08 AM, Greg Ihnen os10ru...@gmail.com wrote: That script should be the MT default when one checks the protect router check box in the web UI. Greg On Oct 2, 2010, at 8:33 AM, Robert West wrote: Checked the logs this morning and guess who was back at it Was trying to do a brute force attack from yet another IP but that script from Butch swatted him like a fly. Worked like a charm! Thanks to both you and Butch, he be gone. Bob- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Josh Luthman Sent: Friday, October 01, 2010 10:38 PM To: WISPA General List Subject: Re: [WISPA] Brute Force Attack on Mikrotik Gateway Compliments of Butch Evans /ip firewal filt add action=accept chain=forward comment=drop ssh brute forcers disabled=\ no dst-port=22 protocol=tcp src-address-list=ssh_blacklist add action=add-src-to-address-list address-list=ssh_blacklist \ address-list-timeout=1w3d chain=forward comment= connection-state=new \ disabled=no dst-port=22 protocol=tcp src-address-list=ssh_stage3 add action=add-src-to-address-list address-list=ssh_stage3 \ address-list-timeout=1m chain=forward comment= connection-state=new \ disabled=no dst-port=22 protocol=tcp src-address-list=ssh_stage2 add action=add-src-to-address-list address-list=ssh_stage2 \ address-list-timeout=1m chain=forward comment= connection-state=new \ disabled=no dst-port=22 protocol=tcp src-address-list=ssh_stage1 add action=add-src-to-address-list address-list=ssh_stage1 \ address-list-timeout=1m chain=forward comment= connection-state=new \ disabled=no dst-port=22 protocol=tcp src-address-list=!heavysshservers Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Fri, Oct 1, 2010 at 10:28 PM, Robert West robert.w...@just-micro.com wrote: Then we'll just send the pigeons over to poop on them. Easy. From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of RickG Sent: Friday, October 01, 2010 9:29 PM To: Tom Sharples; WISPA General List Subject: Re: [WISPA] Brute Force Attack on Mikrotik Gateway I like it but what if the ip is being masqueraded? On Fri, Oct 1, 2010 at 7:00 PM, Tom Sharples tsharp...@qorvus.com wrote: I've often wondered, is it legal for the receipient of this sort of thing, to retailiate with e.g. ping or curl storms? Tom S. - Original Message - From: Robert West To: 'WISPA General List' Sent: Friday, October 01, 2010 2:57 PM Subject: [WISPA] Brute Force Attack on Mikrotik Gateway Just had to deal with a brute force attack on a MT router acting as a gateway. Came from these two IP addresses.. 59.42.10.38 61.155.5.247 Looked them up, they turn out to be pretty common for this sort of thing. Added a firewall rule to drop them and they are no longer filling my log. Some may want to do the same for these jokers. Robert West Just Micro Digital Services Inc. 740-335-7020 image001.gif _ No virus found in this message. Checked by AVG - www.avg.com Version: 10.0.1120 / Virus Database: 422/3172 - Release Date: 10/02/10 _ No virus found in this message. Checked by AVG - www.avg.com Version: 10.0.1120 / Virus Database: 422/3172 - Release Date: 10/02/10 WISPA
Re: [WISPA] Brute Force Attack on Mikrotik Gateway
All my new laptops deal with UBNT air control as smooth as can be. -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Jeromie Reeves Sent: Saturday, October 02, 2010 5:32 PM To: WISPA General List Subject: Re: [WISPA] Brute Force Attack on Mikrotik Gateway I have to question: Why would a new laptop not use it? And how do you figure flash is lighter? On Sat, Oct 2, 2010 at 2:22 PM, Josh Luthman j...@imaginenetworksllc.com wrote: Jon was right - just loaded up 5.0rc1 and they added webfig. Format is very much that of Winbox and looks very good at a glance! Webbox is still there and it is still bad. Java is way too slow and not very portable (in the sense a new laptop won't use it). Flash is easier and lighter. HTML works 99.99% of the time. Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Sat, Oct 2, 2010 at 3:57 PM, Leon D. Zetekoff wa4...@backwoodswireless.net wrote: I asked them about a Java client a long time ago and they nixed it.. Said there was a Windoze client and it could run under Wine. But I was looking at other platforms. The biggest problem with Mikrotik is their tunnelvision and unwillingness to look outside of the box IMHO Leon On 10/2/2010 3:04 PM, Greg Ihnen wrote: Or Java would be nice. But really anything that is cross platform would be good. Then I wouldn't have to run Parallels or Fusion all day. Greg On Oct 2, 2010, at 12:27 PM, Josh Luthman wrote: It doesn't answer anything. You can't configure anything. It screws up what you have set. Hate it. I would like to see an html copy of winbox, but that's a dream. On Oct 2, 2010 12:33 PM, Robert West robert.w...@just-micro.com wrote: Ah.. I always use Winbox. Tried Webbox a few times when I had to but wasn't comfortable with it at all. From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Josh Luthman Sent: Saturday, October 02, 2010 11:18 AM To: WISPA General List Subject: Re: [WISPA] Brute Force Attack on Mikrotik Gateway The MT webbox causes cancer it is so terrible. On Oct 2, 2010 9:08 AM, Greg Ihnen os10ru...@gmail.com wrote: That script should be the MT default when one checks the protect router check box in the web UI. Greg On Oct 2, 2010, at 8:33 AM, Robert West wrote: Checked the logs this morning and guess who was back at it Was trying to do a brute force attack from yet another IP but that script from Butch swatted him like a fly. Worked like a charm! Thanks to both you and Butch, he be gone. Bob- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Josh Luthman Sent: Friday, October 01, 2010 10:38 PM To: WISPA General List Subject: Re: [WISPA] Brute Force Attack on Mikrotik Gateway Compliments of Butch Evans /ip firewal filt add action=accept chain=forward comment=drop ssh brute forcers disabled=\ no dst-port=22 protocol=tcp src-address-list=ssh_blacklist add action=add-src-to-address-list address-list=ssh_blacklist \ address-list-timeout=1w3d chain=forward comment= connection-state=new \ disabled=no dst-port=22 protocol=tcp src-address-list=ssh_stage3 add action=add-src-to-address-list address-list=ssh_stage3 \ address-list-timeout=1m chain=forward comment= connection-state=new \ disabled=no dst-port=22 protocol=tcp src-address-list=ssh_stage2 add action=add-src-to-address-list address-list=ssh_stage2 \ address-list-timeout=1m chain=forward comment= connection-state=new \ disabled=no dst-port=22 protocol=tcp src-address-list=ssh_stage1 add action=add-src-to-address-list address-list=ssh_stage1 \ address-list-timeout=1m chain=forward comment= connection-state=new \ disabled=no dst-port=22 protocol=tcp src-address-list=!heavysshservers Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Fri, Oct 1, 2010 at 10:28 PM, Robert West robert.w...@just-micro.com wrote: Then we'll just send the pigeons over to poop on them. Easy. From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of RickG Sent: Friday, October 01, 2010 9:29 PM To: Tom Sharples; WISPA General List Subject: Re: [WISPA] Brute Force Attack on Mikrotik Gateway I like it but what if the ip is being masqueraded? On Fri, Oct 1, 2010 at 7:00 PM, Tom Sharples tsharp...@qorvus.com wrote: I've often wondered, is it legal for the receipient of this sort of thing, to retailiate with e.g. ping or curl storms? Tom S. - Original Message - From: Robert West To: 'WISPA General List' Sent: Friday, October 01, 2010 2:57 PM Subject: [WISPA] Brute Force Attack on Mikrotik Gateway Just had to deal with a brute force attack on a MT router acting
Re: [WISPA] Brute Force Attack on Mikrotik Gateway
Agreed. Easy download though and yes, it can have issues. From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Josh Luthman Sent: Saturday, October 02, 2010 5:59 PM To: WISPA General List Subject: Re: [WISPA] Brute Force Attack on Mikrotik Gateway New laptops don't have java. Flash is one library and takes second to install. Launch speeds are of no comparison, flash is way faster. Takes a lot of time to warm up the virtual engine. On Oct 2, 2010 5:32 PM, Jeromie Reeves jree...@18-30chat.net wrote: I have to question: Why would a new laptop not use it? And how do you figure flash is lighter? On Sat, Oct 2, 2010 at 2:22 PM, Josh Luthman j...@imaginenetworksllc.com wrote: Jon was right - just loaded up 5.0rc1 and they added webfig. Format is very much that of Winbox and looks very good at a glance! Webbox is still there and it is still bad. Java is way too slow and not very portable (in the sense a new laptop won't use it). Flash is easier and lighter. HTML works 99.99% of the time. Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Sat, Oct 2, 2010 at 3:57 PM, Leon D. Zetekoff wa4...@backwoodswireless.net wrote: I asked them about a Java client a long time ago and they nixed it.. Said there was a Windoze client and it could run under Wine. But I was looking at other platforms. The biggest problem with Mikrotik is their tunnelvision and unwillingness to look outside of the box IMHO Leon On 10/2/2010 3:04 PM, Greg Ihnen wrote: Or Java would be nice. But really anything that is cross platform would be good. Then I wouldn't have to run Parallels or Fusion all day. Greg On Oct 2, 2010, at 12:27 PM, Josh Luthman wrote: It doesn't answer anything. You can't configure anything. It screws up what you have set. Hate it. I would like to see an html copy of winbox, but that's a dream. On Oct 2, 2010 12:33 PM, Robert West robert.w...@just-micro.com wrote: Ah.. I always use Winbox. Tried Webbox a few times when I had to but wasn't comfortable with it at all. From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Josh Luthman Sent: Saturday, October 02, 2010 11:18 AM To: WISPA General List Subject: Re: [WISPA] Brute Force Attack on Mikrotik Gateway The MT webbox causes cancer it is so terrible. On Oct 2, 2010 9:08 AM, Greg Ihnen os10ru...@gmail.com wrote: That script should be the MT default when one checks the protect router check box in the web UI. Greg On Oct 2, 2010, at 8:33 AM, Robert West wrote: Checked the logs this morning and guess who was back at it Was trying to do a brute force attack from yet another IP but that script from Butch swatted him like a fly. Worked like a charm! Thanks to both you and Butch, he be gone. Bob- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Josh Luthman Sent: Friday, October 01, 2010 10:38 PM To: WISPA General List Subject: Re: [WISPA] Brute Force Attack on Mikrotik Gateway Compliments of Butch Evans /ip firewal filt add action=accept chain=forward comment=drop ssh brute forcers disabled=\ no dst-port=22 protocol=tcp src-address-list=ssh_blacklist add action=add-src-to-address-list address-list=ssh_blacklist \ address-list-timeout=1w3d chain=forward comment= connection-state=new \ disabled=no dst-port=22 protocol=tcp src-address-list=ssh_stage3 add action=add-src-to-address-list address-list=ssh_stage3 \ address-list-timeout=1m chain=forward comment= connection-state=new \ disabled=no dst-port=22 protocol=tcp src-address-list=ssh_stage2 add action=add-src-to-address-list address-list=ssh_stage2 \ address-list-timeout=1m chain=forward comment= connection-state=new \ disabled=no dst-port=22 protocol=tcp src-address-list=ssh_stage1 add action=add-src-to-address-list address-list=ssh_stage1 \ address-list-timeout=1m chain=forward comment= connection-state=new \ disabled=no dst-port=22 protocol=tcp src-address-list=!heavysshservers Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Fri, Oct 1, 2010 at 10:28 PM, Robert West robert.w...@just-micro.com wrote: Then we'll just send the pigeons over to poop on them. Easy. From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of RickG Sent: Friday, October 01, 2010 9:29 PM To: Tom Sharples; WISPA General List Subject: Re: [WISPA] Brute Force Attack on Mikrotik Gateway I like it but what if the ip is being masqueraded? On Fri, Oct 1, 2010 at 7:00 PM, Tom Sharples tsharp...@qorvus.com wrote: I've often wondered, is it legal for the receipient of this sort of thing, to retailiate with e.g. ping or curl storms? Tom S. - Original Message - From: Robert West To:
Re: [WISPA] Brute Force Attack on Mikrotik Gateway
But not on the iPhone J From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Josh Luthman Sent: Saturday, October 02, 2010 6:32 PM To: WISPA General List; wa4...@arrl.net Subject: Re: [WISPA] Brute Force Attack on Mikrotik Gateway My experience is the total opposite and I think the world agrees with me. Youtube videos, games, ads, etc. On Oct 2, 2010 6:22 PM, Leon D. Zetekoff wa4...@backwoodswireless.net wrote: WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Brute Force Attack on Mikrotik Gateway
The price is now 6.2 cents by the way. Inflation. From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Glenn Kelley Sent: Saturday, October 02, 2010 8:16 PM To: WISPA General List Subject: Re: [WISPA] Brute Force Attack on Mikrotik Gateway IP Spoofing can really hit you hard. Running a datacenter I have received reports from a number of other DC's then when doing the actual investigation I have to tell an engineer @ the other DC that they are wrong. Retaliation is never a good thing - chances are you are hitting the wrong person. Just my 2 cents On Oct 2, 2010, at 7:55 PM, Greg Ihnen wrote: How about the Backtrack toolset. In the early days of the internet (for me) I would see people trying to attack me so I'd use some script kiddie tools to throw attacks back at them. If they weren't patched they'd go down. Often they'd go down. Then again that was a colossal waste of time. It's better to just block them, and once in a while look at your address list and see who's gotten put in the sand box. Greg On Oct 2, 2010, at 7:18 PM, Robert West wrote: Or..! A rule that will route them back to themselves! Now THAT would be hilarious!!! Bob- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of RickG Sent: Saturday, October 02, 2010 12:56 AM To: WISPA General List Subject: Re: [WISPA] Brute Force Attack on Mikrotik Gateway But thinking back on it, imagine the Damn it! looks on their faces if they DID get in only to find a nothing Mikrotik routerboard! LOL, it would be funny to have something connected that did nothing. Better yet, just reroute them to fbi.gov http://fbi.gov/ ! On Fri, Oct 1, 2010 at 10:22 PM, Robert West robert.w...@just-micro.com wrote: I've been migrating everything to a central location. Not done yet but boy, have had a mess the past 3 weeks with the reconfiguring and moving of stuff. As well as one major gateway out of the solar status to real grid power. Finally! Was interesting to watch the log, though. I blocked every IP as it popped up then they switched from FTP to SSH. Once SSH was blocked, they went the hell away. But thinking back on it, imagine the Damn it! looks on their faces if they DID get in only to find a nothing Mikrotik routerboard! HA! From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Glenn Kelley Sent: Friday, October 01, 2010 10:00 PM To: WISPA General List Subject: Re: [WISPA] Brute Force Attack on Mikrotik Gateway Bob, If memory serves me correct - you do not have a central network - is that right? instead your just using multiple pops via cable modems? If that is the case - it might be a bit more difficult - on the other hand - if you have switched to a central network (or have this in some places) than I can give you an easy transparent bridge solution @ no cost (just need one of your old pc's and 2 nics :-) ) Let me know On Oct 1, 2010, at 9:48 PM, Glenn Kelley wrote: why not just block china (and other countries) from access unless it is something opened first from inside the network ? Would make a big difference :-) On Oct 1, 2010, at 9:28 PM, RickG wrote: 61.155.5.247 _ Glenn Kelley | Principle | HostMedic |www.HostMedic.com http://www.HostMedic.com/ Email: gl...@hostmedic.com Pplease don't print this e-mail unless you really need to. WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ _ Glenn Kelley | Principle | HostMedic |www.HostMedic.com http://www.HostMedic.com/ Email: gl...@hostmedic.com Pplease don't print this e-mail unless you really need to. WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: