{"id":2277,"date":"2018-06-01T22:33:26","date_gmt":"2018-06-01T22:33:26","guid":{"rendered":"http:\/\/www.mtin.net\/blog\/?p=2277"},"modified":"2018-06-01T22:33:26","modified_gmt":"2018-06-01T22:33:26","slug":"winbox-brute-force","status":"publish","type":"post","link":"http:\/\/www.mtin.net\/blog\/winbox-brute-force\/","title":{"rendered":"Winbox brute Force"},"content":{"rendered":"

You really should not have your winbox port open to anything but a management network, but if you need a script to help with brute force on the Mikrotik.
\nadd action=drop chain=input comment=\"drop winbox brute forcers\" dst-port=8291 \\
\nprotocol=tcp src-address-list=winbox_blacklist
\nadd action=add-src-to-address-list address-list=winbox_blacklist \\
\naddress-list-timeout=1w3d chain=input connection-state=new dst-port=8291 \\
\nprotocol=tcp src-address-list=winbox_stage3
\n<\/code>add action=add-src-to-address-list address-list=winbox_stage3 \\
\naddress-list-timeout=1m chain=input connection-state=new dst-port=8291 \\
\nprotocol=tcp src-address-list=winbox_stage2
\nadd action=add-src-to-address-list address-list=winbox_stage2 \\
\naddress-list-timeout=1m chain=input connection-state=new dst-port=8291 \\
\nprotocol=tcp src-address-list=winbox_stage1
\nadd action=add-src-to-address-list address-list=winbox_stage1 \\
\naddress-list-timeout=1m chain=input connection-state=new dst-port=8291 \\
\nprotocol=tcp
\nadd action=drop chain=forward comment=\"drop WINBOX brute downstream\" dst-port=8291 \\
\nprotocol=tcp src-address-list=winbox_blacklist<\/code><\/p>\n

Of course changing your Winbox port number and disallowing access from anything but trusted Ip addresses is one of the best ways.<\/p>\n","protected":false},"excerpt":{"rendered":"

You really should not have your winbox port open to anything but a management network, but if you need a script to help with brute force on the Mikrotik. add action=drop chain=input comment=”drop winbox brute forcers” dst-port=8291 \\ protocol=tcp src-address-list=winbox_blacklist add action=add-src-to-address-list address-list=winbox_blacklist \\ address-list-timeout=1w3d chain=input connection-state=new dst-port=8291 \\ protocol=tcp src-address-list=winbox_stage3 add action=add-src-to-address-list address-list=winbox_stage3 \\ […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","jetpack_publicize_message":"","jetpack_is_tweetstorm":false,"jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","enabled":false}}},"categories":[1],"tags":[],"jetpack_publicize_connections":[],"aioseo_notices":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p6VLMf-AJ","jetpack-related-posts":[{"id":1379,"url":"http:\/\/www.mtin.net\/blog\/simple-shut-off-scripting\/","url_meta":{"origin":2277,"position":0},"title":"Simple shut-off scripting","author":"j2sw","date":"September 15, 2016","format":false,"excerpt":"I had a client today who is doing some manual things as they are using Quickbooks for billing and such. \u00a0One thing they kind of struggle with is turning off people for non-payment and such. \u00a0Their current method is adding a que and throttling someone to a low-speed to make\u2026","rel":"","context":"In "Mikrotik"","block_context":{"text":"Mikrotik","link":"http:\/\/www.mtin.net\/blog\/category\/mikrotik\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":2755,"url":"http:\/\/www.mtin.net\/blog\/basic-ipv6-mikrotik-firewall\/","url_meta":{"origin":2277,"position":1},"title":"Basic IPV6 Mikrotik Firewall","author":"j2sw","date":"January 24, 2019","format":false,"excerpt":"Below is a basic IPV6 firewall fillter for your Mikrotik CPE devices.\u00a0 This is a good start for customer-facing CPE. \u00a0 \/ipv6 firewall filter add chain=forward comment=\"allow forwarding established, related\" connection state=established,related add chain=forward comment=\"allow forward lan->wan\" in-interface=lan out-interface=wan add chain=forward comment=\"allow ICMPv6 forwarding\" in-interface=wan protocol=icmpv6 add action=reject chain=forward comment=\"reject\u2026","rel":"","context":"In "IPV6"","block_context":{"text":"IPV6","link":"http:\/\/www.mtin.net\/blog\/category\/networking\/ipv6\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":2165,"url":"http:\/\/www.mtin.net\/blog\/ipv6-firewall-rules-for-mikrotik\/","url_meta":{"origin":2277,"position":2},"title":"IPV6 Firewall rules for Mikrotik","author":"j2sw","date":"March 23, 2018","format":false,"excerpt":"Some basic IPV6 Firewall Rules for Mikrotik. Replace in-interface=\"\" with your appropriate interface. \/ipv6 firewall filter add chain=input protocol=icmpv6 add chain=input connection-state=established,related add chain=input dst-port=546 in-interface=ether1-wan protocol=udp src-port=547 add action=drop chain=input connection-state=invalid add action=drop chain=input connection-state=new in-interface=ether1-wan add chain=forward protocol=icmpv6 add chain=forward connection-state=established,related add chain=forward connection-state=new in-interface=!ether1-wan add action=drop chain=forward\u2026","rel":"","context":"In "Mikrotik"","block_context":{"text":"Mikrotik","link":"http:\/\/www.mtin.net\/blog\/category\/mikrotik\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":2250,"url":"http:\/\/www.mtin.net\/blog\/mikrotik-destination-nat\/","url_meta":{"origin":2277,"position":3},"title":"Mikrotik Destination Nat","author":"j2sw","date":"May 1, 2018","format":false,"excerpt":"Scenario You have a customer with a Mikrotik router that needs a port forwarded to an internal IP address. In our case, a customer has a camera that communicates on port 80 with a static IP add of 192.168.21.49 on their internal LAN. Solution add action=dst-nat chain=dstnat dst-port=80 protocol=tcp to-addresses=192.168.21.49\u2026","rel":"","context":"In "Mikrotik"","block_context":{"text":"Mikrotik","link":"http:\/\/www.mtin.net\/blog\/category\/mikrotik\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":522,"url":"http:\/\/www.mtin.net\/blog\/lots-of-changes-in-routeros-6-34\/","url_meta":{"origin":2277,"position":4},"title":"Lots of changes in RouterOS 6.34","author":"j2sw","date":"January 29, 2016","format":false,"excerpt":"Lots of changes in RouterOS 6.34 Some Standouts that will be of benefit to alot of folks I know *) mipsle - architecture support dropped (last fully supported version 6.32.x); *) btest - significantly increased TCP bandwidth test performance; *) ssh - fixed possible kernel crash; *) crs212 - fix\u2026","rel":"","context":"In "Mikrotik"","block_context":{"text":"Mikrotik","link":"http:\/\/www.mtin.net\/blog\/category\/mikrotik\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":47,"url":"http:\/\/www.mtin.net\/blog\/mikrotik-chains-explained\/","url_meta":{"origin":2277,"position":5},"title":"Mikrotik Chains Explained","author":"j2sw","date":"March 31, 2014","format":false,"excerpt":"What the wiki says: input\u00a0- used to process packets entering the router through one of the interfaces with the destination IP address which is one of the router's addresses. Packets passing through the router are not processed against the rules of the input chain (DST address of the router) forward\u00a0-\u2026","rel":"","context":"In "Mikrotik"","block_context":{"text":"Mikrotik","link":"http:\/\/www.mtin.net\/blog\/category\/mikrotik\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"jetpack_likes_enabled":true,"_links":{"self":[{"href":"http:\/\/www.mtin.net\/blog\/wp-json\/wp\/v2\/posts\/2277"}],"collection":[{"href":"http:\/\/www.mtin.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.mtin.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.mtin.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/www.mtin.net\/blog\/wp-json\/wp\/v2\/comments?post=2277"}],"version-history":[{"count":1,"href":"http:\/\/www.mtin.net\/blog\/wp-json\/wp\/v2\/posts\/2277\/revisions"}],"predecessor-version":[{"id":2278,"href":"http:\/\/www.mtin.net\/blog\/wp-json\/wp\/v2\/posts\/2277\/revisions\/2278"}],"wp:attachment":[{"href":"http:\/\/www.mtin.net\/blog\/wp-json\/wp\/v2\/media?parent=2277"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.mtin.net\/blog\/wp-json\/wp\/v2\/categories?post=2277"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.mtin.net\/blog\/wp-json\/wp\/v2\/tags?post=2277"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}