How to Prevent MikroTik Brute Force and Port Scanner Attacks

By creating dynamic address lists for each relevant port and protocol; SSH, Telnet and Winbox ports to come with the Brute Force attacks on the Internet or local network will prevent future port scans.

In our code structure, Brute Force attacks are prevented by going through four different Stages with one Jump, rule, Level1, Level2, Level3 Tracking list step, and Black List rule, which controls the frequency of connection requests, for each of the SSH, telnet and Winbox rules separately.

In this way, the designed structure grants the right to send an incorrect request for 3 times to incoming connection requests, after 3 unsuccessful attempts, the source from which the request comes is blocked by adding to the blacklist in such a way that it is blocked for 30 days.

NOTE: The codes in our document may not be compatible with the internet access interface name or port numbers used in your system. For trouble-free implementation, first, copy the code to a notebook, and ensure that the fields in the ar “in-interface=” and “dst-port=” da sections of all rules are compatible with your system. For example, instead of “in-interface=WAN”,”in-interface=modem1″.

Brute Force Protection Rules for SSH Port

Brute Force Protection Rules for Telnet Port

Brute Force Protection Rules for Winbox Port

Port Scanner Blocking Rules