Results 1 to 5 of 5

Thread: my MikroTik under bruteforce attack from China?

  1. #1
    Premium Member red dwarf's Avatar
    Join Date
    Jul 2009
    Age
    42
    Posts
    121
    Thanks
    60
    Thanked 40 Times in 12 Posts
    Rep Power
    193
    Reputation
    515

    Default my MikroTik under bruteforce attack from China?

    As it seems, someone from Chinese IP range is trying to ssh and telnet as root into my MikroTik gateway.
    I'm not sure for how long has this been going on, seems automated.

    Any creative ideas?

    19:26:28 system,error,critical login failure for user root from 42.96.133.22 via ssh
    19:26:31 system,error,critical login failure for user root from 42.96.133.22 via ssh
    19:26:34 system,error,critical login failure for user root from 42.96.133.22 via ssh
    19:26:37 system,error,critical login failure for user root from 42.96.133.22 via ssh
    19:26:40 system,error,critical login failure for user root from 42.96.133.22 via ssh
    19:26:44 system,error,critical login failure for user root from 42.96.133.22 via ssh
    19:26:47 system,error,critical login failure for user root from 42.96.133.22 via ssh
    19:26:50 system,error,critical login failure for user root from 42.96.133.22 via ssh
    19:26:53 system,error,critical login failure for user root from 42.96.133.22 via ssh
    19:26:56 system,error,critical login failure for user root from 42.96.133.22 via ssh
    19:26:59 system,error,critical login failure for user root from 42.96.133.22 via ssh
    1902 system,error,critical login failure for user root from 42.96.133.22 via ssh
    1905 system,error,critical login failure for user root from 42.96.133.22 via ssh
    1908 system,error,critical login failure for user root from 42.96.133.22 via ssh
    1910 system,error,critical login failure for user root from 114.103.76.146 via telnet
    1911 system,error,critical login failure for user root from 42.96.133.22 via ssh
    1915 system,error,critical login failure for user root from 42.96.133.22 via ssh
    1918 system,error,critical login failure for user root from 42.96.133.22 via ssh
    1921 system,error,critical login failure for user root from 42.96.133.22 via ssh
    1924 system,error,critical login failure for user root from 42.96.133.22 via ssh
    1927 system,error,critical login failure for user root from 42.96.133.22 via ssh
    1930 system,error,critical login failure for user root from 42.96.133.22 via ssh
    1933 system,error,critical login failure for user root from 42.96.133.22 via ssh
    1935 system,error,critical login failure for user root from 42.96.133.22 via ssh
    1938 system,error,critical login failure for user root from 42.96.133.22 via ssh
    1941 system,error,critical login failure for user root from 42.96.133.22 via ssh
    1944 system,error,critical login failure for user root from 42.96.133.22 via ssh
    1946 system,error,critical login failure for user root from 42.96.133.22 via ssh
    1949 system,error,critical login failure for user root from 42.96.133.22 via ssh
    1952 system,error,critical login failure for user root from 42.96.133.22 via ssh
    1955 system,error,critical login failure for user root from 42.96.133.22 via ssh
    1958 system,error,critical login failure for user root from 42.96.133.22 via ssh
    1901 system,error,critical login failure for user root from 42.96.133.22 via ssh
    1903 system,error,critical login failure for user root from 42.96.133.22 via ssh
    1906 system,error,critical login failure for user root from 42.96.133.22 via ssh
    1909 system,error,critical login failure for user root from 42.96.133.22 via ssh
    1912 system,error,critical login failure for user root from 42.96.133.22 via ssh
    1915 system,error,critical login failure for user root from 42.96.133.22 via ssh
    1918 system,error,critical login failure for user root from 42.96.133.22 via ssh
    1921 system,error,critical login failure for user root from 42.96.133.22 via ssh
    1924 system,error,critical login failure for user root from 42.96.133.22 via ssh
    1927 system,error,critical login failure for user root from 42.96.133.22 via ssh
    1930 system,error,critical login failure for user root from 42.96.133.22 via ssh
    1933 system,error,critical login failure for user root from 42.96.133.22 via ssh
    1936 system,error,critical login failure for user root from 42.96.133.22 via ssh
    1939 system,error,critical login failure for user root from 42.96.133.22 via ssh
    1942 system,error,critical login failure for user root from 42.96.133.22 via ssh
    1945 system,error,critical login failure for user root from 42.96.133.22 via ssh
    1948 system,error,critical login failure for user root from 42.96.133.22 via ssh
    1951 system,error,critical login failure for user root from 42.96.133.22 via ssh
    1954 system,error,critical login failure for user root from 42.96.133.22 via ssh
    1957 system,error,critical login failure for user root from 42.96.133.22 via ssh
    19:29:00 system,error,critical login failure for user root from 42.96.133.22 via ssh
    19:29:03 system,error,critical login failure for user root from 42.96.133.22 via ssh
    19:29:06 system,error,critical login failure for user root from 42.96.133.22 via ssh
    19:29:09 system,error,critical login failure for user root from 42.96.133.22 via ssh
    19:29:12 system,error,critical login failure for user root from 42.96.133.22 via ssh
    19:29:15 system,error,critical login failure for user root from 42.96.133.22 via ssh
    19:29:19 system,error,critical login failure for user root from 42.96.133.22 via ssh
    19:29:22 system,error,critical login failure for user root from 42.96.133.22 via ssh
    19:29:25 system,error,critical login failure for user root from 42.96.133.22 via ssh
    19:29:28 system,error,critical login failure for user root from 42.96.133.22 via ssh
    19:29:31 system,error,critical login failure for user root from 42.96.133.22 via ssh
    19:29:34 system,error,critical login failure for user root from 42.96.133.22 via ssh
    19:29:37 system,error,critical login failure for user root from 42.96.133.22 via ssh
    19:29:40 system,error,critical login failure for user root from 42.96.133.22 via ssh
    19:29:43 system,error,critical login failure for user root from 42.96.133.22 via ssh
    19:29:46 system,error,critical login failure for user root from 42.96.133.22 via ssh
    19:29:49 system,error,critical login failure for user root from 42.96.133.22 via ssh
    19:29:52 system,error,critical login failure for user root from 42.96.133.22 via ssh
    19:29:55 system,error,critical login failure for user root from 42.96.133.22 via ssh
    19:29:58 system,error,critical login failure for user root from 42.96.133.22 via ssh
    19:30:01 system,error,critical login failure for user root from 42.96.133.22 via ssh
    19:30:01 system,error,critical login failure for user root from 42.96.133.22 via ssh
    19:30:04 system,error,critical login failure for user root from 42.96.133.22 via ssh
    19:30:04 system,error,critical login failure for user root from 42.96.133.22 via ssh
    19:30:07 system,error,critical login failure for user root from 42.96.133.22 via ssh
    19:30:07 system,error,critical login failure for user root from 42.96.133.22 via ssh
    19:30:10 system,error,critical login failure for user root from 42.96.133.22 via ssh
    19:30:10 system,error,critical login failure for user root from 42.96.133.22 via ssh
    19:30:13 system,error,critical login failure for user root from 42.96.133.22 via ssh
    19:30:14 system,error,critical login failure for user root from 42.96.133.22 via ssh
    19:30:17 system,error,critical login failure for user root from 42.96.133.22 via ssh
    19:30:17 system,error,critical login failure for user root from 42.96.133.22 via ssh
    19:30:20 system,error,critical login failure for user root from 42.96.133.22 via ssh
    19:30:20 system,error,critical login failure for user root from 42.96.133.22 via ssh
    19:30:23 system,error,critical login failure for user root from 42.96.133.22 via ssh
    19:30:24 system,error,critical login failure for user root from 42.96.133.22 via ssh
    19:30:27 system,error,critical login failure for user root from 42.96.133.22 via ssh
    19:30:27 system,error,critical login failure for user root from 42.96.133.22 via ssh
    19:30:30 system,error,critical login failure for user root from 42.96.133.22 via ssh
    19:30:30 system,error,critical login failure for user root from 42.96.133.22 via ssh
    19:30:33 system,error,critical login failure for user root from 42.96.133.22 via ssh
    19:30:33 system,error,critical login failure for user root from 42.96.133.22 via ssh
    19:30:36 system,error,critical login failure for user root from 42.96.133.22 via ssh
    19:30:36 system,error,critical login failure for user root from 42.96.133.22 via ssh
    19:30:39 system,error,critical login failure for user root from 42.96.133.22 via ssh
    19:30:39 system,error,critical login failure for user root from 42.96.133.22 via ssh
    19:30:42 system,error,critical login failure for user root from 42.96.133.22 via ssh
    19:30:42 system,error,critical login failure for user root from 42.96.133.22 via ssh
    19:30:45 system,error,critical login failure for user root from 42.96.133.22 via ssh
    19:30:45 system,error,critical login failure for user root from 42.96.133.22 via ssh
    19:30:48 system,error,critical login failure for user root from 42.96.133.22 via ssh
    19:30:48 system,error,critical login failure for user root from 42.96.133.22 via ssh
    19:30:51 system,error,critical login failure for user root from 42.96.133.22 via ssh
    19:30:52 system,error,critical login failure for user root from 42.96.133.22 via ssh
    19:30:55 system,error,critical login failure for user root from 42.96.133.22 via ssh
    19:30:55 system,error,critical login failure for user root from 42.96.133.22 via ssh
    19:30:58 system,error,critical login failure for user root from 42.96.133.22 via ssh
    19:30:58 system,error,critical login failure for user root from 42.96.133.22 via ssh
    1901 system,error,critical login failure for user root from 42.96.133.22 via ssh
    1902 system,error,critical login failure for user root from 42.96.133.22 via ssh
    1905 system,error,critical login failure for user root from 42.96.133.22 via ssh
    1905 system,error,critical login failure for user root from 42.96.133.22 via ssh
    1908 system,error,critical login failure for user root from 42.96.133.22 via ssh
    1908 system,error,critical login failure for user root from 42.96.133.22 via ssh
    1911 system,error,critical login failure for user root from 42.96.133.22 via ssh
    1911 system,error,critical login failure for user root from 42.96.133.22 via ssh
    1914 system,error,critical login failure for user root from 42.96.133.22 via ssh
    1915 system,error,critical login failure for user root from 42.96.133.22 via ssh
    1918 system,error,critical login failure for user root from 42.96.133.22 via ssh
    1918 system,error,critical login failure for user root from 42.96.133.22 via ssh
    1921 system,error,critical login failure for user root from 42.96.133.22 via ssh
    1921 system,error,critical login failure for user root from 42.96.133.22 via ssh
    1924 system,error,critical login failure for user root from 42.96.133.22 via ssh
    1925 system,error,critical login failure for user root from 42.96.133.22 via ssh
    1928 system,error,critical login failure for user root from 42.96.133.22 via ssh
    1928 system,error,critical login failure for user root from 42.96.133.22 via ssh
    1931 system,error,critical login failure for user root from 42.96.133.22 via ssh
    1931 system,error,critical login failure for user root from 42.96.133.22 via ssh
    1934 system,error,critical login failure for user root from 42.96.133.22 via ssh
    1935 system,error,critical login failure for user root from 42.96.133.22 via ssh
    1938 system,error,critical login failure for user root from 42.96.133.22 via ssh
    1938 system,error,critical login failure for user root from 42.96.133.22 via ssh
    1941 system,error,critical login failure for user root from 42.96.133.22 via ssh
    1941 system,error,critical login failure for user root from 42.96.133.22 via ssh
    1944 system,error,critical login failure for user root from 42.96.133.22 via ssh
    1945 system,error,critical login failure for user root from 42.96.133.22 via ssh
    1947 system,error,critical login failure for user root from 42.96.133.22 via ssh
    1948 system,error,critical login failure for user root from 42.96.133.22 via ssh
    1951 system,error,critical login failure for user root from 42.96.133.22 via ssh
    1951 system,error,critical login failure for user root from 42.96.133.22 via ssh
    1954 system,error,critical login failure for user root from 42.96.133.22 via ssh
    1955 system,error,critical login failure for user root from 42.96.133.22 via ssh
    1957 system,error,critical login failure for user root from 42.96.133.22 via ssh
    1958 system,error,critical login failure for user root from 42.96.133.22 via ssh
    22:37:35 system,error,critical login failure for user root from 123.30.214.137 via ssh
    22:37:38 system,error,critical login failure for user root from 123.30.214.137 via ssh
    Last edited by red dwarf; 06-09-14 at 09:50 PM.
    A.J.Rimmer



Look Here ->
  • #2
    Premium Member red dwarf's Avatar
    Join Date
    Jul 2009
    Age
    42
    Posts
    121
    Thanks
    60
    Thanked 40 Times in 12 Posts
    Rep Power
    193
    Reputation
    515

    Default

    It continues this morning...

    I found this

    guess I should give it a go

    sep/07 00:58:46 system,error,critical login failure for user teamspeak3 from 223.4.31.14 via ssh
    sep/07 00:58:46 system,error,critical login failure for user mysql from 223.4.31.14 via ssh
    sep/07 00:58:48 system,error,critical login failure for user svn from 223.4.31.14 via ssh
    sep/07 00:58:49 system,error,critical login failure for user ts from 223.4.31.14 via ssh
    sep/07 00:58:49 system,error,critical login failure for user teamspeak3 from 223.4.31.14 via ssh
    sep/07 00:58:50 system,error,critical login failure for user mysql from 223.4.31.14 via ssh
    sep/07 00:58:52 system,error,critical login failure for user svn from 223.4.31.14 via ssh
    sep/07 00:58:52 system,error,critical login failure for user ts from 223.4.31.14 via ssh
    sep/07 00:58:53 system,error,critical login failure for user teamspeak3 from 223.4.31.14 via ssh
    sep/07 00:58:53 system,error,critical login failure for user mysql from 223.4.31.14 via ssh
    sep/07 00:58:55 system,error,critical login failure for user svn from 223.4.31.14 via ssh
    sep/07 00:58:56 system,error,critical login failure for user ts from 223.4.31.14 via ssh
    sep/07 00:58:56 system,error,critical login failure for user teamspeak3 from 223.4.31.14 via ssh
    sep/07 00:58:57 system,error,critical login failure for user mysql from 223.4.31.14 via ssh
    sep/07 00:58:59 system,error,critical login failure for user ts from 223.4.31.14 via ssh
    sep/07 00:58:59 system,error,critical login failure for user teamspeak3 from 223.4.31.14 via ssh
    sep/07 00:59:00 system,error,critical login failure for user svn from 223.4.31.14 via ssh
    sep/07 00:59:00 system,error,critical login failure for user mysql from 223.4.31.14 via ssh
    sep/07 00:59:03 system,error,critical login failure for user ts from 223.4.31.14 via ssh
    sep/07 00:59:03 system,error,critical login failure for user teamspeak3 from 223.4.31.14 via ssh
    sep/07 00:59:03 system,error,critical login failure for user svn from 223.4.31.14 via ssh
    sep/07 00:59:04 system,error,critical login failure for user mysql from 223.4.31.14 via ssh
    sep/07 00:59:06 system,error,critical login failure for user ts from 223.4.31.14 via ssh
    sep/07 00:59:06 system,error,critical login failure for user svn from 223.4.31.14 via ssh
    sep/07 00:59:06 system,error,critical login failure for user teamspeak3 from 223.4.31.14 via ssh
    sep/07 00:59:07 system,error,critical login failure for user mysql from 223.4.31.14 via ssh
    sep/07 00:59:10 system,error,critical login failure for user svn from 223.4.31.14 via ssh
    sep/07 00:59:10 system,error,critical login failure for user teamspeak3 from 223.4.31.14 via ssh
    sep/07 00:59:10 system,error,critical login failure for user ts from 223.4.31.14 via ssh
    sep/07 00:59:11 system,error,critical login failure for user mysql from 223.4.31.14 via ssh
    sep/07 00:59:13 system,error,critical login failure for user teamspeak3 from 223.4.31.14 via ssh
    sep/07 00:59:14 system,error,critical login failure for user svn from 223.4.31.14 via ssh
    sep/07 00:59:14 system,error,critical login failure for user ts from 223.4.31.14 via ssh
    sep/07 00:59:15 system,error,critical login failure for user mysql from 223.4.31.14 via ssh
    sep/07 00:59:17 system,error,critical login failure for user teamspeak3 from 223.4.31.14 via ssh
    sep/07 00:59:17 system,error,critical login failure for user ts from 223.4.31.14 via ssh
    sep/07 00:59:18 system,error,critical login failure for user svn from 223.4.31.14 via ssh
    sep/07 00:59:18 system,error,critical login failure for user webuser from 223.4.31.14 via ssh
    sep/07 00:59:21 system,error,critical login failure for user teamspeak3 from 223.4.31.14 via ssh
    sep/07 00:59:21 system,error,critical login failure for user ts from 223.4.31.14 via ssh
    sep/07 00:59:21 system,error,critical login failure for user svn from 223.4.31.14 via ssh
    sep/07 00:59:22 system,error,critical login failure for user webuser from 223.4.31.14 via ssh
    sep/07 00:59:24 system,error,critical login failure for user teamspeak3 from 223.4.31.14 via ssh
    sep/07 00:59:24 system,error,critical login failure for user svn from 223.4.31.14 via ssh
    sep/07 00:59:25 system,error,critical login failure for user ts from 223.4.31.14 via ssh
    sep/07 00:59:25 system,error,critical login failure for user webuser from 223.4.31.14 via ssh
    sep/07 00:59:28 system,error,critical login failure for user svn from 223.4.31.14 via ssh
    sep/07 00:59:28 system,error,critical login failure for user teamspeak3 from 223.4.31.14 via ssh
    sep/07 00:59:29 system,error,critical login failure for user ts from 223.4.31.14 via ssh
    sep/07 00:59:30 system,error,critical login failure for user webuser from 223.4.31.14 via ssh
    sep/07 00:59:33 system,error,critical login failure for user teamspeak3 from 223.4.31.14 via ssh
    sep/07 00:59:34 system,error,critical login failure for user webuser from 223.4.31.14 via ssh
    sep/07 00:59:37 system,error,critical login failure for user teamspeak3 from 223.4.31.14 via ssh
    sep/07 00:59:37 system,error,critical login failure for user svn from 223.4.31.14 via ssh
    sep/07 00:59:46 system,error,critical login failure for user svn from 223.4.31.14 via ssh
    A.J.Rimmer

  • #3
    Senior Member

    Join Date
    Apr 2011
    Location
    Gold Coast
    Posts
    1,504
    Thanks
    1,879
    Thanked 1,590 Times in 726 Posts
    Rep Power
    767
    Reputation
    27988

    Default

    The suggestions made in the post you referred to are good ones and should solve this problem. There are other methods but I am not sure what your router is capable of, for example, completely disabling root logons or disabling password access completely.

  • The Following User Says Thank You to DB44 For This Useful Post:

    red dwarf (07-09-14)

  • #4
    Premium Member red dwarf's Avatar
    Join Date
    Jul 2009
    Age
    42
    Posts
    121
    Thanks
    60
    Thanked 40 Times in 12 Posts
    Rep Power
    193
    Reputation
    515

    Default

    I've already made adjustments as per the link, unfortunately I've made a typo and found it only few minutes ago.
    It's now corrected and I'll see what happens next.
    I decided to leave most of the settings default for now, only strengthened my root password.
    I'm quite new to Mikrotik, amazes me how powerful it is.

    I guess it is someone's hobby trying to crack into other's networks...
    A.J.Rimmer

  • #5
    Member
    Join Date
    Jan 2008
    Posts
    391
    Thanks
    27
    Thanked 98 Times in 72 Posts
    Rep Power
    242
    Reputation
    1584

    Default

    Pretty normal now days... Generally the remote 'computer' targets ssh or whatever port its aiming for then runs a script to attempt to brute force easy passwords. The computer probably doesn't realise its just a router, and thinks its a web server of some sort. One server I had, was copping about 10,000 hits a day from a range of ip addresses - all this adds up to unnecessary data usage, in fact I think it was nearly a gig a day being wasted!! Now I use filtering techniques and vpn to access what I need when I need, cutting down virtually all the wasted data.

    So do you REALLY need remote access turned on? Surely you can disable it?

  • Tags for this Thread

    Bookmarks

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •