That script should be the MT default when one checks the "protect router" check box in the web UI.
Greg On Oct 2, 2010, at 8:33 AM, Robert West wrote: > Checked the logs this morning and guess who was back at it………… Was trying to > do a brute force attack from yet another IP but that script from Butch > swatted him like a fly. Worked like a charm! > > Thanks to both you and Butch, he be gone. > > Bob- > > From: [email protected] [mailto:[email protected]] On > Behalf Of Josh Luthman > Sent: Friday, October 01, 2010 10:38 PM > To: WISPA General List > Subject: Re: [WISPA] Brute Force Attack on Mikrotik Gateway > > Compliments of Butch Evans > > /ip firewal filt > add action=accept chain=forward comment="drop ssh brute forcers" disabled=\ > no dst-port=22 protocol=tcp src-address-list=ssh_blacklist > add action=add-src-to-address-list address-list=ssh_blacklist \ > address-list-timeout=1w3d chain=forward comment="" connection-state=new \ > disabled=no dst-port=22 protocol=tcp src-address-list=ssh_stage3 > add action=add-src-to-address-list address-list=ssh_stage3 \ > address-list-timeout=1m chain=forward comment="" connection-state=new \ > disabled=no dst-port=22 protocol=tcp src-address-list=ssh_stage2 > add action=add-src-to-address-list address-list=ssh_stage2 \ > address-list-timeout=1m chain=forward comment="" connection-state=new \ > disabled=no dst-port=22 protocol=tcp src-address-list=ssh_stage1 > add action=add-src-to-address-list address-list=ssh_stage1 \ > address-list-timeout=1m chain=forward comment="" connection-state=new \ > disabled=no dst-port=22 protocol=tcp src-address-list=!heavysshservers > > Josh Luthman > Office: 937-552-2340 > Direct: 937-552-2343 > 1100 Wayne St > Suite 1337 > Troy, OH 45373 > > > On Fri, Oct 1, 2010 at 10:28 PM, Robert West <[email protected]> > wrote: > Then we’ll just send the pigeons over to poop on them. > > Easy. > > > > From: [email protected] [mailto:[email protected]] On > Behalf Of RickG > Sent: Friday, October 01, 2010 9:29 PM > To: Tom Sharples; WISPA General List > Subject: Re: [WISPA] Brute Force Attack on Mikrotik Gateway > > I like it but what if the ip is being masqueraded? > > On Fri, Oct 1, 2010 at 7:00 PM, Tom Sharples <[email protected]> wrote: > I've often wondered, is it legal for the receipient of this sort of thing, to > retailiate with e.g. ping or curl storms? > > Tom S. > > > ----- Original Message ----- > From: Robert West > To: 'WISPA General List' > Sent: Friday, October 01, 2010 2:57 PM > Subject: [WISPA] Brute Force Attack on Mikrotik Gateway > > Just had to deal with a brute force attack on a MT router acting as a > gateway. > > Came from these two IP addresses…. > > 59.42.10.38 > > 61.155.5.247 > > Looked them up, they turn out to be pretty common for this sort of thing. > Added a firewall rule to drop them and they are no longer filling my log. > > Some may want to do the same for these jokers. > > Robert West > Just Micro Digital Services Inc. > 740-335-7020 > > <image001.gif> > > > > -------------------------------------------------------------------------------- > WISPA Wants You! Join today! > http://signup.wispa.org/ > -------------------------------------------------------------------------------- > > WISPA Wireless List: [email protected] > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ > > > > -------------------------------------------------------------------------------- > WISPA Wants You! Join today! > http://signup.wispa.org/ > -------------------------------------------------------------------------------- > > WISPA Wireless List: [email protected] > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ > > > > > -------------------------------------------------------------------------------- > WISPA Wants You! Join today! > http://signup.wispa.org/ > -------------------------------------------------------------------------------- > > WISPA Wireless List: [email protected] > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ > > > > -------------------------------------------------------------------------------- > WISPA Wants You! Join today! > http://signup.wispa.org/ > -------------------------------------------------------------------------------- > > WISPA Wireless List: [email protected] > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/
-------------------------------------------------------------------------------- WISPA Wants You! Join today! http://signup.wispa.org/ -------------------------------------------------------------------------------- WISPA Wireless List: [email protected] Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
