Re: [WISPA] Brute Force Attack on Mikrotik Gateway

Sat, 02 Oct 2010 12:58:26 -0700

I asked them about a Java client a long time ago and they nixed it.. Said there was a Windoze client and it could run under Wine. But I was looking at other platforms. The biggest problem with Mikrotik is their tunnelvision and unwillingness to look outside of the box IMHO 

Leon

On 10/2/2010 3:04 PM, Greg Ihnen wrote:
Or Java would be nice. But really anything that is cross platform would be good. Then I wouldn't have to run Parallels or Fusion all day. 

Greg
On Oct 2, 2010, at 12:27 PM, Josh Luthman wrote:
It doesn't answer anything. You can't configure anything. It screws up what you have set. Hate it. I would like to see an html copy of winbox, but that's a dream.
On Oct 2, 2010 12:33 PM, "Robert West" <robert.w...@just-micro.com <mailto:robert.w...@just-micro.com>> wrote: 
> Ah.. I always use Winbox. Tried Webbox a few times when I "had to" but
> wasn't comfortable with it at all.
>
>
>
>
>
>
>
> From: wireless-boun...@wispa.org <mailto:wireless-boun...@wispa.org> [mailto:wireless-boun...@wispa.org <mailto:wireless-boun...@wispa.org>] On 
> Behalf Of Josh Luthman
> Sent: Saturday, October 02, 2010 11:18 AM
> To: WISPA General List
> Subject: Re: [WISPA] Brute Force Attack on Mikrotik Gateway
>
>
>
> The MT webbox causes cancer it is so terrible.
>
> On Oct 2, 2010 9:08 AM, "Greg Ihnen" <os10ru...@gmail.com <mailto:os10ru...@gmail.com>> wrote: >> That script should be the MT default when one checks the "protect router" 
> check box in the web UI.
>>
>> Greg
>>
>> On Oct 2, 2010, at 8:33 AM, Robert West wrote:
>>
>>> Checked the logs this morning and guess who was back at it.... Was trying > to do a brute force attack from yet another IP but that script from Butch 
> swatted him like a fly. Worked like a charm!
>>>
>>> Thanks to both you and Butch, he be gone.
>>>
>>> Bob-
>>>
>>> From: wireless-boun...@wispa.org <mailto:wireless-boun...@wispa.org> [mailto:wireless-boun...@wispa.org <mailto:wireless-boun...@wispa.org>] On 
> Behalf Of Josh Luthman
>>> Sent: Friday, October 01, 2010 10:38 PM
>>> To: WISPA General List
>>> Subject: Re: [WISPA] Brute Force Attack on Mikrotik Gateway
>>>
>>> Compliments of Butch Evans
>>>
>>> /ip firewal filt
>>> add action=accept chain=forward comment="drop ssh brute forcers"
> disabled=\
>>> no dst-port=22 protocol=tcp src-address-list=ssh_blacklist
>>> add action=add-src-to-address-list address-list=ssh_blacklist \
>>> address-list-timeout=1w3d chain=forward comment="" connection-state=new \ 
>>> disabled=no dst-port=22 protocol=tcp src-address-list=ssh_stage3
>>> add action=add-src-to-address-list address-list=ssh_stage3 \
>>> address-list-timeout=1m chain=forward comment="" connection-state=new \ 
>>> disabled=no dst-port=22 protocol=tcp src-address-list=ssh_stage2
>>> add action=add-src-to-address-list address-list=ssh_stage2 \
>>> address-list-timeout=1m chain=forward comment="" connection-state=new \ 
>>> disabled=no dst-port=22 protocol=tcp src-address-list=ssh_stage1
>>> add action=add-src-to-address-list address-list=ssh_stage1 \
>>> address-list-timeout=1m chain=forward comment="" connection-state=new \ >>> disabled=no dst-port=22 protocol=tcp src-address-list=!heavysshservers 
>>>
>>> Josh Luthman
>>> Office: 937-552-2340
>>> Direct: 937-552-2343
>>> 1100 Wayne St
>>> Suite 1337
>>> Troy, OH 45373
>>>
>>>
>>> On Fri, Oct 1, 2010 at 10:28 PM, Robert West <robert.w...@just-micro.com <mailto:robert.w...@just-micro.com>> 
> wrote:
>>> Then we'll just send the pigeons over to poop on them.
>>>
>>> Easy.
>>>
>>>
>>>
>>> From: wireless-boun...@wispa.org <mailto:wireless-boun...@wispa.org> [mailto:wireless-boun...@wispa.org <mailto:wireless-boun...@wispa.org>] On 
> Behalf Of RickG
>>> Sent: Friday, October 01, 2010 9:29 PM
>>> To: Tom Sharples; WISPA General List
>>> Subject: Re: [WISPA] Brute Force Attack on Mikrotik Gateway
>>>
>>> I like it but what if the ip is being masqueraded?
>>>
>>> On Fri, Oct 1, 2010 at 7:00 PM, Tom Sharples <tsharp...@qorvus.com <mailto:tsharp...@qorvus.com>> 
> wrote:
>>> I've often wondered, is it legal for the receipient of this sort of
> thing, to retailiate with e.g. ping or curl storms?
>>>
>>> Tom S.
>>>
>>>
>>> ----- Original Message -----
>>> From: Robert West
>>> To: 'WISPA General List'
>>> Sent: Friday, October 01, 2010 2:57 PM
>>> Subject: [WISPA] Brute Force Attack on Mikrotik Gateway
>>>
>>> Just had to deal with a brute force attack on a MT router acting as a
> gateway.
>>>
>>> Came from these two IP addresses..
>>>
>>> 59.42.10.38
>>>
>>> 61.155.5.247
>>>
>>> Looked them up, they turn out to be pretty common for this sort of thing. > Added a firewall rule to drop them and they are no longer filling my log. 
>>>
>>> Some may want to do the same for these jokers.
>>>
>>> Robert West
>>> Just Micro Digital Services Inc.
>>> 740-335-7020
>>>
>>> <image001.gif>
>>>
>>>
>>>


------------------------------------------------------------------------

No virus found in this message.
Checked by AVG - www.avg.com <http://www.avg.com>
Version: 10.0.1120 / Virus Database: 422/3172 - Release Date: 10/02/10




-----
No virus found in this message.
Checked by AVG - www.avg.com
Version: 10.0.1120 / Virus Database: 422/3172 - Release Date: 10/02/10

--------------------------------------------------------------------------------
WISPA Wants You! Join today!
http://signup.wispa.org/
--------------------------------------------------------------------------------
 
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/

Reply via email to