Very nice! Thanks, dude!
From: [email protected] [mailto:[email protected]] On Behalf Of Josh Luthman Sent: Friday, October 01, 2010 10:38 PM To: WISPA General List Subject: Re: [WISPA] Brute Force Attack on Mikrotik Gateway Compliments of Butch Evans /ip firewal filt add action=accept chain=forward comment="drop ssh brute forcers" disabled=\ no dst-port=22 protocol=tcp src-address-list=ssh_blacklist add action=add-src-to-address-list address-list=ssh_blacklist \ address-list-timeout=1w3d chain=forward comment="" connection-state=new \ disabled=no dst-port=22 protocol=tcp src-address-list=ssh_stage3 add action=add-src-to-address-list address-list=ssh_stage3 \ address-list-timeout=1m chain=forward comment="" connection-state=new \ disabled=no dst-port=22 protocol=tcp src-address-list=ssh_stage2 add action=add-src-to-address-list address-list=ssh_stage2 \ address-list-timeout=1m chain=forward comment="" connection-state=new \ disabled=no dst-port=22 protocol=tcp src-address-list=ssh_stage1 add action=add-src-to-address-list address-list=ssh_stage1 \ address-list-timeout=1m chain=forward comment="" connection-state=new \ disabled=no dst-port=22 protocol=tcp src-address-list=!heavysshservers Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Fri, Oct 1, 2010 at 10:28 PM, Robert West <[email protected]> wrote: Then we'll just send the pigeons over to poop on them. Easy. From: [email protected] [mailto:[email protected]] On Behalf Of RickG Sent: Friday, October 01, 2010 9:29 PM To: Tom Sharples; WISPA General List Subject: Re: [WISPA] Brute Force Attack on Mikrotik Gateway I like it but what if the ip is being masqueraded? On Fri, Oct 1, 2010 at 7:00 PM, Tom Sharples <[email protected]> wrote: I've often wondered, is it legal for the receipient of this sort of thing, to retailiate with e.g. ping or curl storms? Tom S. ----- Original Message ----- From: Robert West <mailto:[email protected]> To: 'WISPA General List' <mailto:[email protected]> Sent: Friday, October 01, 2010 2:57 PM Subject: [WISPA] Brute Force Attack on Mikrotik Gateway Just had to deal with a brute force attack on a MT router acting as a gateway. Came from these two IP addresses.. 59.42.10.38 61.155.5.247 Looked them up, they turn out to be pretty common for this sort of thing. Added a firewall rule to drop them and they are no longer filling my log. Some may want to do the same for these jokers. Robert West Just Micro Digital Services Inc. 740-335-7020 Logo5 _____ ---------------------------------------------------------------------------- ---- WISPA Wants You! Join today! http://signup.wispa.org/ ---------------------------------------------------------------------------- ---- WISPA Wireless List: [email protected] Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ ---------------------------------------------------------------------------- ---- WISPA Wants You! Join today! http://signup.wispa.org/ ---------------------------------------------------------------------------- ---- WISPA Wireless List: [email protected] Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ ---------------------------------------------------------------------------- ---- WISPA Wants You! Join today! http://signup.wispa.org/ ---------------------------------------------------------------------------- ---- WISPA Wireless List: [email protected] Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
<<image001.gif>>
-------------------------------------------------------------------------------- WISPA Wants You! Join today! http://signup.wispa.org/ -------------------------------------------------------------------------------- WISPA Wireless List: [email protected] Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
