[WISPA] MT Lamer question
Lamer question- I have a MT box we use for a public hotspot and logs reveal folks are trying to hack the password (from WAN, not actual customers) - IPs trace back to China and stuff.. anyhow - is there an easy way to implement a temporary (12 hour) or so ban on an IP after x attempts? Thanks. `S WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] MT Lamer question
What service are they trying to hit? FTP? SSH? If they are hitting SSH or FTP, and you don't have a use for them, just disable them. Nick Olsen Brevard Wireless (321) 205-1100 x106 From: Scott Vander Dussen sc...@velociter.net Sent: Tuesday, October 27, 2009 12:03 PM To: WISPA General List wireless@wispa.org Subject: [WISPA] MT Lamer question Lamer question- I have a MT box we use for a public hotspot and logs reveal folks are trying to hack the password (from WAN, not actual customers) - IPs trace back to China and stuff.. anyhow - is there an easy way to implement a temporary (12 hour) or so ban on an IP after x attempts? Thanks. `S WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] MT Lamer question
many different ways of doing this! --- Dennis Burgess, CCNA, A+, Mikrotik Certified Trainer WISPA Board Member - wispa.org Link Technologies, Inc -- Mikrotik WISP Support Services WISPA Vendor Member Office: 314-735-0270 Website: http://www.linktechs.net LIVE On-Line Mikrotik Training Author of Learn RouterOS -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Scott Vander Dussen Sent: Tuesday, October 27, 2009 11:03 AM To: WISPA General List Subject: [WISPA] MT Lamer question Lamer question- I have a MT box we use for a public hotspot and logs reveal folks are trying to hack the password (from WAN, not actual customers) - IPs trace back to China and stuff.. anyhow - is there an easy way to implement a temporary (12 hour) or so ban on an IP after x attempts? Thanks. `S WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] MT Lamer question
I've never seen a rule like this on Mikrotik, but what Butch preaches is a proactive approach. I do this on my core router. Filter rules: accept input 22/tcp from src.addr list block all of the input 22/tcp traffic Repeat for 21, 8291, 80 etc Add good or well known IPs to the src.addr list This way you have to come from a known IP. Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 When you have eliminated the impossible, that which remains, however improbable, must be the truth. --- Sir Arthur Conan Doyle On Tue, Oct 27, 2009 at 12:03 PM, Scott Vander Dussen sc...@velociter.netwrote: Lamer question- I have a MT box we use for a public hotspot and logs reveal folks are trying to hack the password (from WAN, not actual customers) - IPs trace back to China and stuff.. anyhow - is there an easy way to implement a temporary (12 hour) or so ban on an IP after x attempts? Thanks. `S WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] MT Lamer question
http://wiki.mikrotik.com/wiki/Bruteforce_login_prevention_(FTP_%26_SSH) ryan On Tue, Oct 27, 2009 at 9:13 AM, Nick Olsen n...@brevardwireless.com wrote: What service are they trying to hit? FTP? SSH? If they are hitting SSH or FTP, and you don't have a use for them, just disable them. Nick Olsen Brevard Wireless (321) 205-1100 x106 From: Scott Vander Dussen sc...@velociter.net Sent: Tuesday, October 27, 2009 12:03 PM To: WISPA General List wireless@wispa.org Subject: [WISPA] MT Lamer question Lamer question- I have a MT box we use for a public hotspot and logs reveal folks are trying to hack the password (from WAN, not actual customers) - IPs trace back to China and stuff.. anyhow - is there an easy way to implement a temporary (12 hour) or so ban on an IP after x attempts? Thanks. `S WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] MT Lamer question
Oh yeah, it's been so long! (: Ok, that's what we did in the past too.. thanks.. `S -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Josh Luthman Sent: Tuesday, October 27, 2009 9:16 AM To: WISPA General List Subject: Re: [WISPA] MT Lamer question I've never seen a rule like this on Mikrotik, but what Butch preaches is a proactive approach. I do this on my core router. Filter rules: accept input 22/tcp from src.addr list block all of the input 22/tcp traffic Repeat for 21, 8291, 80 etc Add good or well known IPs to the src.addr list This way you have to come from a known IP. Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 When you have eliminated the impossible, that which remains, however improbable, must be the truth. --- Sir Arthur Conan Doyle On Tue, Oct 27, 2009 at 12:03 PM, Scott Vander Dussen sc...@velociter.netwrote: Lamer question- I have a MT box we use for a public hotspot and logs reveal folks are trying to hack the password (from WAN, not actual customers) - IPs trace back to China and stuff.. anyhow - is there an easy way to implement a temporary (12 hour) or so ban on an IP after x attempts? Thanks. `S WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] MT Lamer question
That's really cool. Never know what the content variable would do. Thanks for sharing! Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 When you have eliminated the impossible, that which remains, however improbable, must be the truth. --- Sir Arthur Conan Doyle On Tue, Oct 27, 2009 at 12:21 PM, Scott Vander Dussen sc...@velociter.netwrote: Oh yeah, it's been so long! (: Ok, that's what we did in the past too.. thanks.. `S -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Josh Luthman Sent: Tuesday, October 27, 2009 9:16 AM To: WISPA General List Subject: Re: [WISPA] MT Lamer question I've never seen a rule like this on Mikrotik, but what Butch preaches is a proactive approach. I do this on my core router. Filter rules: accept input 22/tcp from src.addr list block all of the input 22/tcp traffic Repeat for 21, 8291, 80 etc Add good or well known IPs to the src.addr list This way you have to come from a known IP. Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 When you have eliminated the impossible, that which remains, however improbable, must be the truth. --- Sir Arthur Conan Doyle On Tue, Oct 27, 2009 at 12:03 PM, Scott Vander Dussen sc...@velociter.netwrote: Lamer question- I have a MT box we use for a public hotspot and logs reveal folks are trying to hack the password (from WAN, not actual customers) - IPs trace back to China and stuff.. anyhow - is there an easy way to implement a temporary (12 hour) or so ban on an IP after x attempts? Thanks. `S WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] MT Lamer question
http://wiki.mikrotik.com/wiki/Bruteforce_login_prevention_(FTP_%26_SSH) - Mike Hammett Intelligent Computing Solutions http://www.ics-il.com -- From: Scott Vander Dussen sc...@velociter.net Sent: Tuesday, October 27, 2009 11:03 AM To: WISPA General List wireless@wispa.org Subject: [WISPA] MT Lamer question Lamer question- I have a MT box we use for a public hotspot and logs reveal folks are trying to hack the password (from WAN, not actual customers) - IPs trace back to China and stuff.. anyhow - is there an easy way to implement a temporary (12 hour) or so ban on an IP after x attempts? Thanks. `S WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] MT Lamer question
Is there any reason that you want those IP addresses accessing your box at all? You can probably block several /8's and make things work better. John Scott Vander Dussen wrote: Lamer question- I have a MT box we use for a public hotspot and logs reveal folks are trying to hack the password (from WAN, not actual customers) - IPs trace back to China and stuff.. anyhow - is there an easy way to implement a temporary (12 hour) or so ban on an IP after x attempts? Thanks. `S WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/