求助，有人试探登录我路由，我该怎么办？

apaulo

今天登录软件路由看到有一段这样的文字：

(4613 messages not shown)
aug/02/2006 07:54:23 system,error,critical login failure for user guest from 61.115.118.59 via ssh
aug/02/2006 07:54:29 system,error,critical login failure for user webmaster from 61.115.118.59 via ssh
aug/02/2006 07:54:38 system,error,critical login failure for user mysql from 61.115.118.59 via ssh
aug/02/2006 07:54:42 system,error,critical login failure for user oracle from 61.115.118.59 via ssh
aug/02/2006 07:54:48 system,error,critical login failure for user library from 61.115.118.59 via ssh
aug/02/2006 07:54:57 system,error,critical login failure for user info from 61.115.118.59 via ssh
aug/02/2006 07:55:04 system,error,critical login failure for user shell from 61.115.118.59 via ssh
aug/02/2006 07:55:11 system,error,critical login failure for user linux from 61.115.118.59 via ssh
Terminal ansi detected, using single line input mode

我查了一下，这地址是日本东京，我日他狗日，大家帮我看看他是不是想登录我的路由。
请大家帮我提供一些应付对策。

我的版本是
MikroTik routeros 2.9.6 (c) 1999-2005

netlea

没事,你可以让它进来,关门打狗!

apaulo

怎么样子才能打那只狗呢。有什么办法我也能进他那看看呢。

apaulo

这家伙肯定是想做坏事，应该我的服务器的日志一天就被他搞满了。TMD狗日的 。

夕夜如风

最简单的方法，是将SSH端口换个只有你知道的端口，或者直接将SSH端口关闭

apaulo

ssh是什么啊？
我去找找资料、

风中的云

drop他的ip

zzyzzyboy

对DORP了他的小IP

anthax

给你个防火墙脚本，你执行一下，可以自动把扫描你ROS的IP发过来的包全部DROP,然后列在防火墙地址里面！


/ip firewall filter add chain=input protocol=tcp psd=21,3s,3,1 action=add-src-to-address-list address-list="port scanners" address-list-timeout=14d comment="Port scanners to list " disabled=no
/ip firewall filter add chain=input protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg action=add-src-to-address-list address-list="port scanners" address-list-timeout=14d comment="NMAP FIN Stealth scan"
/ip firewall filter add chain=input protocol=tcp tcp-flags=fin,syn action=add-src-to-address-list address-list="port scanners" address-list-timeout=14d comment="SYN/FIN scan"
/ip firewall filter add chain=input protocol=tcp tcp-flags=syn,rst action=add-src-to-address-list address-list="port scanners" address-list-timeout=14d comment="SYN/RST scan"
/ip firewall filter add chain=input protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack action=add-src-to-address-list address-list="port scanners" address-list-timeout=14d comment="FIN/PSH/URG scan"
/ip firewall filter add chain=input protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg action=add-src-to-address-list address-list="port scanners" address-list-timeout=14d comment="ALL/ALL scan"
/ip firewall filter add chain=input protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg action=add-src-to-address-list address-list="port scanners" address-list-timeout=14d comment="NMAP NULL scan"
/ip firewall filter add chain=input src-address-list="port scanners" action=drop comment="dropping port scanners" disabled=no

anthax

天天都有人扫我的ROS,都按照上面的规则DROP

younger

没事的，那些人把你的ROS当成是普通的LINUX罢了。ROS的账号最好还是改掉，不要用admin