|
I'm happy to see others getting some use out of MikroTik as well. We use them exclusively at work (small business fulfilling government contracts) and they've saved us tons of cash over similar equipped Cisco offerings. We use the RB1000/RB1100 for our core network and RB532A/RB600A/RB433 for our outdoor wireless installations. They are stable, reliable and super easy to admin/deploy with WinBox. The queueing/mangle options really allow us to do some tricky things with our packets on the network. The only thing I don't like about MikroTik is their monitoring platform The Dude, but that's mostly because I'm a Nagios architect. I had to write some custom plugins to monitor our MikroTix gear over SNMP in Nagios, but for people who would want an easy (but ugly) monitoring tool would probably get a lot of use out of The Dude.
|
# ¿ Mar 21, 2011 17:23 |
|
|
# ¿ Apr 25, 2024 10:29 |
|
American Jello posted:
http://wiki.mikrotik.com/wiki/Bruteforce_login_prevention I implemented this for FTP/SSH bruteforce attempts against our core routers at work and it's been blocking those jerk-offs rather well. I check the dynamically expanding list of blocked IPs and if I start to see a list growing some the same network (especially from China/Russia) I just add the whole netblock to the block list.
|
# ¿ Jun 5, 2011 16:35 |
|
falz posted:While this is a fine idea, why not have a default deny rule to the Mikrotik via the input chain but allow trusted IPs in an address list? Unfortunately my company uses FTP/SFTP to transfer files to clients at different remote locations while on the road. Since we can never be sure what IP they are coming from, and usually they are accessing it from a public Wifi/hotel access which changes IPs frequently, so trying to maintain a whitelist would be more hassle than it is worth. We've just about finished our ShareFile-like web portal which will replace this FTP/SFTP system, but until then keeping brute forcers out is a priority.
|
# ¿ Jun 5, 2011 22:19 |
|
?
Ben Murphy fucked around with this message at 13:39 on Sep 20, 2014 |
# ¿ Nov 2, 2011 23:39 |
|
?
Ben Murphy fucked around with this message at 13:33 on Sep 20, 2014 |
# ¿ Nov 3, 2011 00:24 |