Category: Mikrotik

Categories
Mikrotik

Receive email Notifications when a user logs in to your Mikrotik Router

It is very usefull to be able to receive notifications when a user logs in to your mikrotik router. In some cases it helps spot a hacker or suspicious log-ins during off hours. (send log event to email)

1. Add an SMTP server for the router to use for sending emails

/tool e-mail
set address=smtp.gmail.com from=”My Router <mymail@myserver.com>” password=mypassword123 port=587 start-tls=yes user=mymail@myserver.com

2. Add the topics that will trigger the email to be sent

/system logging
add action=email topics=account,info,ppp,pptp,!debug
add action=email topics=system,info,account,!debug

3. Define the email that is going to receive the email notification

/system logging action
add email-start-tls=yes email-to=myadminmail@myserver.com name=email target=email

Related posts:

  1. Block Brute Force on Microsoft RDP using Mikrotik Router
Categories
Mikrotik

Block Brute Force on Microsoft RDP using Mikrotik Router

This is a good way to block Brute Force attackers on prot 3389 MS-RDP.

  1. The new RDP connection is added to rdp_stage1  address list for 5 mins
  2. The second time it connects adds it to rdp_stage2 address list for 5 mins
  3. The thrird time adds it to rdp_stage3 address list for 5 mins
  4. The fourth time the attacker ends up to Blocked address list  for 10 Days.

/ip firewall filter
add action=reject chain=forward log-prefix=”Blocked – ” reject-with=icmp-network-unreachable src-address-list=Blocked

add action=add-src-to-address-list address-list=Blocked address-list-timeout=1w3d chain=forward connection-state=new dst-port=3389 log=yes log-prefix=”RDP BRUTEFORCE – ” protocol=tcp src-address-list=rdp_stage3

add action=add-src-to-address-list address-list=rdp_stage3 address-list-timeout=5m chain=forward connection-state=new dst-port=3389 protocol=tcp src-address-list=rdp_stage2

add action=add-src-to-address-list address-list=rdp_stage2 address-list-timeout=5m chain=forward connection-state=new dst-port=3389 protocol=tcp src-address-list=rdp_stage1

add action=add-src-to-address-list address-list=rdp_stage1 address-list-timeout=5m chain=forward connection-state=new dst-port=3389 protocol=tcp

Hope you liked it.

No related posts.