Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us money per month for bills, and since we don't believe in showing ads to our users, we try to make the money back through forum registrations.
The Something Awful Forums > Discussion > Serious Hardware/Software Crap > More for Less: MikroTik Talk
 
  • Post
  • Reply
Ben Murphy
Sep 9, 2001

I like him in spite of the fact that he's not me.
I'm happy to see others getting some use out of MikroTik as well. We use them exclusively at work (small business fulfilling government contracts) and they've saved us tons of cash over similar equipped Cisco offerings.

We use the RB1000/RB1100 for our core network and RB532A/RB600A/RB433 for our outdoor wireless installations. They are stable, reliable and super easy to admin/deploy with WinBox. The queueing/mangle options really allow us to do some tricky things with our packets on the network.

The only thing I don't like about MikroTik is their monitoring platform The Dude, but that's mostly because I'm a Nagios architect. I had to write some custom plugins to monitor our MikroTix gear over SNMP in Nagios, but for people who would want an easy (but ugly) monitoring tool would probably get a lot of use out of The Dude.

* # ¿ Mar 21, 2011 17:23
  • Quote
Adbot
ADBOT LOVES YOU

# ¿ Apr 25, 2024 10:29
  • Quote
Ben Murphy
Sep 9, 2001

I like him in spite of the fact that he's not me.

American Jello posted:



ugh

e:http://whois.domaintools.com/202.57.42.173

http://wiki.mikrotik.com/wiki/Bruteforce_login_prevention

I implemented this for FTP/SSH bruteforce attempts against our core routers at work and it's been blocking those jerk-offs rather well. I check the dynamically expanding list of blocked IPs and if I start to see a list growing some the same network (especially from China/Russia) I just add the whole netblock to the block list.

* # ¿ Jun 5, 2011 16:35
  • Quote
Ben Murphy
Sep 9, 2001

I like him in spite of the fact that he's not me.

falz posted:

While this is a fine idea, why not have a default deny rule to the Mikrotik via the input chain but allow trusted IPs in an address list?

Unfortunately my company uses FTP/SFTP to transfer files to clients at different remote locations while on the road. Since we can never be sure what IP they are coming from, and usually they are accessing it from a public Wifi/hotel access which changes IPs frequently, so trying to maintain a whitelist would be more hassle than it is worth. We've just about finished our ShareFile-like web portal which will replace this FTP/SFTP system, but until then keeping brute forcers out is a priority.

* # ¿ Jun 5, 2011 22:19
  • Quote
Ben Murphy
Sep 9, 2001

I like him in spite of the fact that he's not me.
?

Ben Murphy fucked around with this message at 13:39 on Sep 20, 2014

* # ¿ Nov 2, 2011 23:39
  • Quote
Ben Murphy
Sep 9, 2001

I like him in spite of the fact that he's not me.
?

Ben Murphy fucked around with this message at 13:33 on Sep 20, 2014

* # ¿ Nov 3, 2011 00:24
  • Quote
  • 1
  • 2
  • 3
  • 4
  • 5
  • Post
  • Reply
The Something Awful Forums > Discussion > Serious Hardware/Software Crap > More for Less: MikroTik Talk