Block brute force attack from outside in mikrotik

First time installation to prevent brute force attack is change common port of SSH from port 22 to any port you want, example changed to 222.

IP Service List

then brute force attack prevention for ssh where port changed to port 222 already are below,
block incoming packet from outside where destination is port 222 in first time, and create temporary list name is what ever your want, example : ssh_stage1. this address list will be clear after 1 minute.

block incoming packet from outside where destination is port 222 in second times, and create temporary list name is what ever your want (ref source ssh_stage1), example : ssh_stage2. this address list will be clear after 1 minute.

block incoming packet from outside where destination is port 222 in third times, and create temporary list name is what ever your want (ref source ssh_stage2), example : ssh_stage3. this address list will be clear after 1 minute.

block incoming packet from outside where destination is port 222 in forth times, and create temporary list name is what ever your want (ref source ssh_stage3), example : ssh_blacklist. this address list will be clear after 10 days.

will block incoming packet from outside where destination is port 222, it mean before packet coming firewall will drop the packet. input (before process blocked), forward (processing then blocked),

Final step is firewall will blocked all packet after ip address has included ssh_blacklist.

SSH Blacklist

Leave a Reply