The MT webbox causes cancer it is so terrible. On Oct 2, 2010 9:08 AM, "Greg Ihnen" <os10ru...@gmail.com> wrote: > That script should be the MT default when one checks the "protect router" check box in the web UI. > > Greg > > On Oct 2, 2010, at 8:33 AM, Robert West wrote: > >> Checked the logs this morning and guess who was back at it………… Was trying to do a brute force attack from yet another IP but that script from Butch swatted him like a fly. Worked like a charm! >> >> Thanks to both you and Butch, he be gone. >> >> Bob- >> >> From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Josh Luthman >> Sent: Friday, October 01, 2010 10:38 PM >> To: WISPA General List >> Subject: Re: [WISPA] Brute Force Attack on Mikrotik Gateway >> >> Compliments of Butch Evans >> >> /ip firewal filt >> add action=accept chain=forward comment="drop ssh brute forcers" disabled=\ >> no dst-port=22 protocol=tcp src-address-list=ssh_blacklist >> add action=add-src-to-address-list address-list=ssh_blacklist \ >> address-list-timeout=1w3d chain=forward comment="" connection-state=new \ >> disabled=no dst-port=22 protocol=tcp src-address-list=ssh_stage3 >> add action=add-src-to-address-list address-list=ssh_stage3 \ >> address-list-timeout=1m chain=forward comment="" connection-state=new \ >> disabled=no dst-port=22 protocol=tcp src-address-list=ssh_stage2 >> add action=add-src-to-address-list address-list=ssh_stage2 \ >> address-list-timeout=1m chain=forward comment="" connection-state=new \ >> disabled=no dst-port=22 protocol=tcp src-address-list=ssh_stage1 >> add action=add-src-to-address-list address-list=ssh_stage1 \ >> address-list-timeout=1m chain=forward comment="" connection-state=new \ >> disabled=no dst-port=22 protocol=tcp src-address-list=!heavysshservers >> >> Josh Luthman >> Office: 937-552-2340 >> Direct: 937-552-2343 >> 1100 Wayne St >> Suite 1337 >> Troy, OH 45373 >> >> >> On Fri, Oct 1, 2010 at 10:28 PM, Robert West <robert.w...@just-micro.com> wrote: >> Then we’ll just send the pigeons over to poop on them. >> >> Easy. >> >> >> >> From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of RickG >> Sent: Friday, October 01, 2010 9:29 PM >> To: Tom Sharples; WISPA General List >> Subject: Re: [WISPA] Brute Force Attack on Mikrotik Gateway >> >> I like it but what if the ip is being masqueraded? >> >> On Fri, Oct 1, 2010 at 7:00 PM, Tom Sharples <tsharp...@qorvus.com> wrote: >> I've often wondered, is it legal for the receipient of this sort of thing, to retailiate with e.g. ping or curl storms? >> >> Tom S. >> >> >> ----- Original Message ----- >> From: Robert West >> To: 'WISPA General List' >> Sent: Friday, October 01, 2010 2:57 PM >> Subject: [WISPA] Brute Force Attack on Mikrotik Gateway >> >> Just had to deal with a brute force attack on a MT router acting as a gateway. >> >> Came from these two IP addresses…. >> >> 59.42.10.38 >> >> 61.155.5.247 >> >> Looked them up, they turn out to be pretty common for this sort of thing. Added a firewall rule to drop them and they are no longer filling my log. >> >> Some may want to do the same for these jokers. >> >> Robert West >> Just Micro Digital Services Inc. >> 740-335-7020 >> >> <image001.gif> >> >> >> >> -------------------------------------------------------------------------------- >> WISPA Wants You! Join today! >> http://signup.wispa.org/ >> -------------------------------------------------------------------------------- >> >> WISPA Wireless List: wireless@wispa.org >> >> Subscribe/Unsubscribe: >> http://lists.wispa.org/mailman/listinfo/wireless >> >> Archives: http://lists.wispa.org/pipermail/wireless/ >> >> >> >> -------------------------------------------------------------------------------- >> WISPA Wants You! Join today! >> http://signup.wispa.org/ >> -------------------------------------------------------------------------------- >> >> WISPA Wireless List: wireless@wispa.org >> >> Subscribe/Unsubscribe: >> http://lists.wispa.org/mailman/listinfo/wireless >> >> Archives: http://lists.wispa.org/pipermail/wireless/ >> >> >> >> >> -------------------------------------------------------------------------------- >> WISPA Wants You! Join today! >> http://signup.wispa.org/ >> -------------------------------------------------------------------------------- >> >> WISPA Wireless List: wireless@wispa.org >> >> Subscribe/Unsubscribe: >> http://lists.wispa.org/mailman/listinfo/wireless >> >> Archives: http://lists.wispa.org/pipermail/wireless/ >> >> >> >> -------------------------------------------------------------------------------- >> WISPA Wants You! Join today! >> http://signup.wispa.org/ >> -------------------------------------------------------------------------------- >> >> WISPA Wireless List: wireless@wispa.org >> >> Subscribe/Unsubscribe: >> http://lists.wispa.org/mailman/listinfo/wireless >> >> Archives: http://lists.wispa.org/pipermail/wireless/ >
-------------------------------------------------------------------------------- WISPA Wants You! Join today! http://signup.wispa.org/ -------------------------------------------------------------------------------- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
