Eureka Moment Wiki

One eureka moment at the time

User Tools

Site Tools


mikrotik:scripting:block_invalid_login

Blocking invalid SSH and FTP login attempts

Paste this into Mikrotik terminal

/ip firewall filter
add action=log chain=input comment="Drop FTP Brute Force" disabled=no dst-port=21 log-prefix=FTP_DROP protocol=tcp src-address-list=ftp_blacklist
add action=drop chain=input comment="Drop FTP Brute Force" disabled=no dst-port=21 protocol=tcp src-address-list=ftp_blacklist
add action=accept chain=output comment="Drop FTP Brute Force - Allow 'Incorrect Login' reply" content="530 Login incorrect" disabled=no dst-limit=1/1m,9,dst-address/1m protocol=tcp
add action=add-dst-to-address-list address-list=ftp_blacklist address-list-timeout=3h chain=output comment="Drop FTP Brute Force - Failed login IP to List: Drop" content="530 Login incorrect" disabled=no protocol=tcp
add action=log chain=input comment="Drop SSH Brute Force" disabled=no dst-port=22 log-prefix=SSH_DROP protocol=tcp src-address-list=ssh_blacklist
add action=drop chain=input comment="Drop SSH Brute Force" disabled=no dst-port=22 protocol=tcp src-address-list=ssh_blacklist
add action=add-src-to-address-list address-list=ssh_blacklist address-list-timeout=1w3d chain=input comment="Drop SSH Brute Force - Failed login IP to List: Drop" connection-state=new disabled=no dst-port=22 protocol=tcp src-address-list=ssh_stage3
add action=add-src-to-address-list address-list=ssh_stage3 address-list-timeout=1m chain=input comment="Drop SSH Brute Force - Failed login IP to List: Stage 3" connection-state=new disabled=no dst-port=22 protocol=tcp src-address-list=ssh_stage2
add action=add-src-to-address-list address-list=ssh_stage2 address-list-timeout=1m chain=input comment="Drop SSH Brute Force - Failed login IP to List: Stage 2" connection-state=new disabled=no dst-port=22 protocol=tcp src-address-list=ssh_stage1
add action=add-src-to-address-list address-list=ssh_stage1 address-list-timeout=1m chain=input comment="Drop SSH Brute Force - Failed login IP to List: Stage 1" connection-state=new disabled=no dst-port=22 protocol=tcp
mikrotik/scripting/block_invalid_login.txt · Last modified: 2017/12/12 09:27 by tplecko