Tentiva de invasão via SSH ao Mikrotik

Olá pessoal, estava analisando o log do meu MK e vi que alguem tinha tentado invadir via ssh. Em anexo tem uma imagem do log. Mais alguem passou por isso? Alguem que queira comentar sobre fique avontade.

Log acesso ssh indevido.JPG

Para adicionar comentários, você deve ser membro de MK-AUTH.

Join MK-AUTH

Votos 0
Enviar-me um email quando as pessoas responderem –

Respostas

  • Fiz oq o amigo  Fabio passou na primeira pagina e resolvi o problema.

    Aqui tentava entrar até via telnet, resolvi da mesma forma.

  • Permita acesso ssh apenas ao ip do mk-auth. Isso ai é uma tentativa usando força bruta.

  • acompanhando.....

  • Amigo mude sua porta SSH urgentemente.



    José Uilson Sacramento disse:

    Olá Amigo

    Veja isto e não sei se é coincidencia más quando acontece isso, aparece no address list, clientes bloqueados e que não estão devendo, limpo os adrees liste e daquí a pouco acontece dinovo de o Mk-Auth colocar os mesms clientes no address list...............

    IP DE ATAQUE AO MIKROTIKS

    ED.CHEQUEVARA    LINK IP FIXO PPPOE TELEFONICA ADSL       ( Bairro distante do centro de São Paulo)
    sep/17/2012 15:11:20 system,error,critical login failure for user postgres from 50.56.92.129 via ssh
    sep/17/2012 15:11:22 system,error,critical login failure for user sales from 50.56.92.129 via ssh
    sep/17/2012 15:12:06 system,error,critical login failure for user news from 173.203.99.245 via ssh
    sep/17/2012 15:12:07 system,error,critical login failure for user samba from 50.56.125.156 via ssh
    sep/17/2012 15:12:08 system,error,critical login failure for user nobody from 173.203.99.245 via ssh
    sep/17/2012 15:12:09 system,error,critical login failure for user www from 50.56.125.156 via ssh
    sep/17/2012 15:45:09 system,error,critical login failure for user games from 81.177.144.166 via ssh
    sep/17/2012 15:45:12 system,error,critical login failure for user apache from 81.177.144.166 via ssh

    ED.PARAIZO WORKCENTER  LINK IP DINAMICO TELEFONICA BIBRA    ( BAIRRO CENTRO DE SÃOPAULO)
    (224518 messages not shown)
    sep/17/2012 17:35:21 system,error,critical login failure for user postgres from 50.56.92.129 via ssh
    sep/17/2012 17:35:22 system,error,critical login failure for user sales from 50.56.92.129 via ssh
    sep/17/2012 17:35:44 system,error,critical login failure for user news from 173.203.99.245 via ssh
    sep/17/2012 17:35:46 system,error,critical login failure for user nobody from 173203.99.245 via ssh
    sep/17/2012 17:36:50 system,error,critical login failure for user samba from 50.56.125.156 via ssh
    sep/17/2012 17:36:51 system,error,critical login failure for user www from 50.56.125.156 via ssh
    sep/17/2012 18:22:43 system,error,critical login failure for user games from 81.177.144.166 via ssh
    sep/17/2012 18:22:45 system,error,critical login failure for user apache from 81.177.144.166 via ssh

    ED.MONZA3  LINK IP FIXO ADSL TELEFONICA    ( Bairro distante do centro de São Paulo)
    (73091 messages not shown)
    sep/17/2012 18:00:19 system,error,critical login failure for user news from 173.203.99.245 via ssh
    sep/17/2012 18:00:20 system,error,critical login failure for user postgres from 50.56.92.129 via ssh
    sep/17/2012 18:00:22 system,error,critical login failure for user nobody from 173.203.99.245 via ssh
    sep/17/2012 18:00:22 system,error,critical login failure for user sales from 50.56.92.129 via ssh
    sep/17/2012 18:00:51 system,error,critical login failure for user samba from 50.56.125.156 via ssh
    sep/17/2012 18:00:56 system,error,critical login failure for user www from 50.56.125.156 via ssh
    sep/17/2012 18:52:30 system,error,critical login failure for user games from 81.177.144.166 via ssh
    sep/17/2012 18:52:33 system,error,critical login failure for user apache from 81.177.144.166 via ssh


    ED,SANTA EMILIA                  ( Bairro distante do centro de São Paulo)
    (172711 messages not shown)
    sep/17/2012 16:31:41 system,error,critical login failure for user root from 218.77.85.130 via ssh
    sep/17/2012 16:31:44 system,error,critical login failure for user root from 218.77.85.130 via ssh
    sep/17/2012 16:31:48 system,error,critical login failure for user root from 218.77.85.130 via ssh
    sep/17/2012 16:31:51 system,error,critical login failure for user bin from 218.77.85.130 via ssh
    sep/17/2012 16:31:54 system,error,critical login failure for user bin from 218.77.85.130 via ssh
    sep/17/2012 16:31:57 system,error,critical login failure for user anja from 218.77.85.130 via ssh
    sep/17/2012 16:32:01 system,error,critical login failure for user anja from 218.77.85.130 via ssh
    sep/17/2012 16:32:11 system,error,critical login failure for user platinum from 218.77.85.130 via ssh ( PAIZ CHINA )

    ED.MONTE VERDE                  ( Bairro distante do centro de São Paulo)
    (141876 messages not shown)
    sep/17/2012 19:22:12 system,error,critical login failure for user root from 58.59.208.7 via telnet
    sep/17/2012 19:22:19 system,error,critical login failure for user root from 58.59.208.7 via telnet
    sep/17/2012 19:22:25 system,error,critical login failure for user admin from 58.59.208.7 via telnet
    sep/17/2012 19:22:32 system,error,critical login failure for user root from 58.59.208.7 via telnet
    sep/17/2012 19:22:40 system,error,critical login failure for user admin from 58.59.208.7 via telnet
    sep/17/2012 19:22:46 system,error,critical login failure for user root from 58.59.208.7 via telnet
    sep/17/2012 19:22:53 system,error,critical login failure for user root from 58.59.208.7 via telnet
    sep/17/2012 19:23:00 system,error,critical login failure for user admin from 58.59.208.7 via telnet

    Obs: E em outros link que temos . . .

    Obs: Será que pode ser através de alguns jogos online?. . .






    RIBEIRO'S NET - Flavio disse:

    opa vejam o log do meu mikrotik hoje e o ip é internacional. 

    Alguma ideia?

    Será que se eu colocar as regras postadas aqui vai dar algum problema na rede?

    20:51:43 system,error,critical login failure for user root from 183.82.99.66 via ssh  
    20:51:47 system,error,critical login failure for user root from 183.82.99.66 via ssh
    20:51:51 system,error,critical login failure for user root from 183.82.99.66 via ssh
  • Olá Amigo

    Veja isto e não sei se é coincidencia más quando acontece isso, aparece no address list, clientes bloqueados e que não estão devendo, limpo os adrees liste e daquí a pouco acontece dinovo de o Mk-Auth colocar os mesms clientes no address list...............

    IP DE ATAQUE AO MIKROTIKS

    ED.CHEQUEVARA    LINK IP FIXO PPPOE TELEFONICA ADSL       ( Bairro distante do centro de São Paulo)
    sep/17/2012 15:11:20 system,error,critical login failure for user postgres from 50.56.92.129 via ssh
    sep/17/2012 15:11:22 system,error,critical login failure for user sales from 50.56.92.129 via ssh
    sep/17/2012 15:12:06 system,error,critical login failure for user news from 173.203.99.245 via ssh
    sep/17/2012 15:12:07 system,error,critical login failure for user samba from 50.56.125.156 via ssh
    sep/17/2012 15:12:08 system,error,critical login failure for user nobody from 173.203.99.245 via ssh
    sep/17/2012 15:12:09 system,error,critical login failure for user www from 50.56.125.156 via ssh
    sep/17/2012 15:45:09 system,error,critical login failure for user games from 81.177.144.166 via ssh
    sep/17/2012 15:45:12 system,error,critical login failure for user apache from 81.177.144.166 via ssh

    ED.PARAIZO WORKCENTER  LINK IP DINAMICO TELEFONICA BIBRA    ( BAIRRO CENTRO DE SÃOPAULO)
    (224518 messages not shown)
    sep/17/2012 17:35:21 system,error,critical login failure for user postgres from 50.56.92.129 via ssh
    sep/17/2012 17:35:22 system,error,critical login failure for user sales from 50.56.92.129 via ssh
    sep/17/2012 17:35:44 system,error,critical login failure for user news from 173.203.99.245 via ssh
    sep/17/2012 17:35:46 system,error,critical login failure for user nobody from 173203.99.245 via ssh
    sep/17/2012 17:36:50 system,error,critical login failure for user samba from 50.56.125.156 via ssh
    sep/17/2012 17:36:51 system,error,critical login failure for user www from 50.56.125.156 via ssh
    sep/17/2012 18:22:43 system,error,critical login failure for user games from 81.177.144.166 via ssh
    sep/17/2012 18:22:45 system,error,critical login failure for user apache from 81.177.144.166 via ssh

    ED.MONZA3  LINK IP FIXO ADSL TELEFONICA    ( Bairro distante do centro de São Paulo)
    (73091 messages not shown)
    sep/17/2012 18:00:19 system,error,critical login failure for user news from 173.203.99.245 via ssh
    sep/17/2012 18:00:20 system,error,critical login failure for user postgres from 50.56.92.129 via ssh
    sep/17/2012 18:00:22 system,error,critical login failure for user nobody from 173.203.99.245 via ssh
    sep/17/2012 18:00:22 system,error,critical login failure for user sales from 50.56.92.129 via ssh
    sep/17/2012 18:00:51 system,error,critical login failure for user samba from 50.56.125.156 via ssh
    sep/17/2012 18:00:56 system,error,critical login failure for user www from 50.56.125.156 via ssh
    sep/17/2012 18:52:30 system,error,critical login failure for user games from 81.177.144.166 via ssh
    sep/17/2012 18:52:33 system,error,critical login failure for user apache from 81.177.144.166 via ssh


    ED,SANTA EMILIA                  ( Bairro distante do centro de São Paulo)
    (172711 messages not shown)
    sep/17/2012 16:31:41 system,error,critical login failure for user root from 218.77.85.130 via ssh
    sep/17/2012 16:31:44 system,error,critical login failure for user root from 218.77.85.130 via ssh
    sep/17/2012 16:31:48 system,error,critical login failure for user root from 218.77.85.130 via ssh
    sep/17/2012 16:31:51 system,error,critical login failure for user bin from 218.77.85.130 via ssh
    sep/17/2012 16:31:54 system,error,critical login failure for user bin from 218.77.85.130 via ssh
    sep/17/2012 16:31:57 system,error,critical login failure for user anja from 218.77.85.130 via ssh
    sep/17/2012 16:32:01 system,error,critical login failure for user anja from 218.77.85.130 via ssh
    sep/17/2012 16:32:11 system,error,critical login failure for user platinum from 218.77.85.130 via ssh ( PAIZ CHINA )

    ED.MONTE VERDE                  ( Bairro distante do centro de São Paulo)
    (141876 messages not shown)
    sep/17/2012 19:22:12 system,error,critical login failure for user root from 58.59.208.7 via telnet
    sep/17/2012 19:22:19 system,error,critical login failure for user root from 58.59.208.7 via telnet
    sep/17/2012 19:22:25 system,error,critical login failure for user admin from 58.59.208.7 via telnet
    sep/17/2012 19:22:32 system,error,critical login failure for user root from 58.59.208.7 via telnet
    sep/17/2012 19:22:40 system,error,critical login failure for user admin from 58.59.208.7 via telnet
    sep/17/2012 19:22:46 system,error,critical login failure for user root from 58.59.208.7 via telnet
    sep/17/2012 19:22:53 system,error,critical login failure for user root from 58.59.208.7 via telnet
    sep/17/2012 19:23:00 system,error,critical login failure for user admin from 58.59.208.7 via telnet

    Obs: E em outros link que temos . . .

    Obs: Será que pode ser através de alguns jogos online?. . .






    RIBEIRO'S NET - Flavio disse:

    opa vejam o log do meu mikrotik hoje e o ip é internacional. 

    Alguma ideia?

    Será que se eu colocar as regras postadas aqui vai dar algum problema na rede?

    20:51:43 system,error,critical login failure for user root from 183.82.99.66 via ssh  
    20:51:47 system,error,critical login failure for user root from 183.82.99.66 via ssh
    20:51:51 system,error,critical login failure for user root from 183.82.99.66 via ssh
  • Comigo acontece esses tipo de log sempre.
  • Se estiver usando a porta padrão 22 mude e verifique se continua.

  • opa vejam o log do meu mikrotik hoje e o ip é internacional. 

    Alguma ideia?

    Será que se eu colocar as regras postadas aqui vai dar algum problema na rede?

    20:51:43 system,error,critical login failure for user root from 183.82.99.66 via ssh  
    20:51:47 system,error,critical login failure for user root from 183.82.99.66 via ssh
    20:51:51 system,error,critical login failure for user root from 183.82.99.66 via ssh
  • Eu uso aqui um maneira mais facil, vou em ip/service list e especifico os ips que podem se logar no mikrotik por ssh, no usuario do mkauth eu tambem determino que so o ip do mkauth pode se logar por aquele usuario, pronto fica tudo tranquilo...
  • Você usa modem roteado ou balanceador ?
This reply was deleted.