{"id":1092,"date":"2023-07-18T13:16:15","date_gmt":"2023-07-18T16:16:15","guid":{"rendered":"http:\/\/www.tech-nico.com\/blog\/?p=1092"},"modified":"2023-07-20T10:02:43","modified_gmt":"2023-07-20T13:02:43","slug":"mikrotik-script-para-bloquear-intentos-de-login","status":"publish","type":"post","link":"http:\/\/www.tech-nico.com\/blog\/mikrotik-script-para-bloquear-intentos-de-login\/","title":{"rendered":"Mikrotik Script para bloquear intentos de login"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\">Leyendo en el foro de mikrotik me encontre con este script que monitorea el log en busca errores , Y bloquea en base a la cantidad de intentos de acceso. Lo interesante es que podemos configurarlo para detectar distintos tipos de acceso. Por ejemplo los famosos intentos de acceso por VPN Ipsec que dicen \u00abphase1 negotiation failed&#8230;\u00bb. O los accesos erroneos por winbox nos dirian \u00ablogin failure for user\u00bb, etc.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Paso 1, importar script pegando esto en la terminal.<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>\/sys script \nadd dont-require-permissions=no name=LoginAttempBlocker owner=usuario policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=\"# Check if exist drop \\\n    firewall rule and add\\r\\\n    \\n\/ip firewall raw\\r\\\n    \\n:if (&#91;:len &#91;find where src-address-list=\\\"blockedUsers\\\"]] = 0) do={\\r\\\n    \\n    add action=drop chain=prerouting src-address-list=blockedUsers\\r\\\n    \\n}\\r\\\n    \\n\\r\\\n    \\n:global lastLogLogin\\r\\\n    \\n:if (&#91;:typeof \\$lastLogLogin] != \\\"num\\\") do={:set lastLogLogin 0}\\r\\\n    \\n\\r\\\n    \\n\/log\\r\\\n    \\n:global maxattampt 3\\r\\\n    \\n:global errorArray &#91;:toarray \\\"\\\"]\\r\\\n    \\n:global failmsg    \\\"login failure for user \\\"\\r\\\n    \\n:global frommsg    \\\" from \\\"\\r\\\n    \\n:global viamsg     \\\" via \\\"\\r\\\n    \\n:global listfail   \\\"blockedUsers\\\"\\r\\\n    \\n:local  id2num     do={:return &#91;:tonum \\\"0x\\$&#91;:pick \\$1 1 &#91;:len \\$1]]\\\"]}\\r\\\n    \\n\\r\\\n    \\n:foreach rlog in=&#91;find where ((&#91;\\$id2num \\$\\\".id\\\"] &gt; \\$lastLogLogin) \\\\\\r\\\n    \\n                             and \\\\\\r\\\n    \\n                             (message~\\\"((25&#91;0-5]|(2&#91;0-4]|&#91;01]\\\\\\?&#91;0-9]\\\\\\?)&#91;0-9])\\\\\\\\.){3}(25&#91;0-5]|(2&#91;0-4]|&#91;01]\\\\\\?&#91;0-9]\\\\\\?)&#91;0-9])\\\"))] do={\\r\\\n    \\n    \\r\\\n    \\n    :set lastLogLogin &#91;\\$id2num \\$rlog]\\r\\\n    \\n    :local rmess &#91;get \\$rlog message]\\r\\\n    \\n    :if ((\\$rmess~\\$failmsg) and (\\$rmess~\\$frommsg) and (\\$rmess~\\$viamsg)) do={\\r\\\n    \\n         :local userinside &#91;:pick \\$rmess (&#91;:find \\$rmess \\$failmsg -1] + &#91;:len \\$failmsg]) &#91;:find \\$rmess \\$frommsg -1]]\\r\\\n    \\n         :local ipinside   &#91;:pick \\$rmess (&#91;:find \\$rmess \\$frommsg -1] + &#91;:len \\$frommsg]) &#91;:find \\$rmess \\$viamsg -1]]\\r\\\n    \\n         :local intinside  &#91;:pick \\$rmess (&#91;:find \\$rmess \\$viamsg -1] + &#91;:len \\$viamsg]) &#91;:len \\$rmess]]\\r\\\n    \\n         :if (&#91;:typeof ((\\$errorArray)-&gt;\\$ipinside)] = \\\"nothing\\\") do={\\r\\\n    \\n             :set ((\\$errorArray)-&gt;\\$ipinside) 1\\r\\\n    \\n         } else={\\r\\\n    \\n             :set ((\\$errorArray)-&gt;\\$ipinside) (((\\$errorArray)-&gt;\\$ipinside) + 1) \\r\\\n    \\n         }\\r\\\n    \\n         :if (((\\$errorArray)-&gt;\\$ipinside) &gt; (\\$maxattampt - 1)) do={\\r\\\n    \\n             \/ip firewall address-list\\r\\\n    \\n             :if (&#91;:len &#91;find where list=\\$listfail and address=\\$ipinside]] = 0) do={\\r\\\n    \\n                 add list=\\$listfail address=\\$ipinside comment=\\\"\\$rmess\\\" timeout=24h\\r\\\n    \\n             }\\r\\\n    \\n         }\\r\\\n    \\n         \\r\\\n    \\n    }\\r\\\n    \\n}\"\n<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\">Paso 2, configurar el script editando las variables globales:<\/h2>\n\n\n\n<pre class=\"wp-block-code\"><code>:global maxattampt <strong>3<\/strong>\n:global failmsg    \"<strong>login failure for user <\/strong>\"\n:global frommsg    \" <strong>from<\/strong> \"\n:global viamsg     \" <strong>via<\/strong> \"\n:global listfail  \"<strong>blockedUsers<\/strong>\"<\/code><\/pre>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>3<\/strong> serian la cantidad de intentos que toleramos. (para bloquear en un cuarto intento).<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>login from user, from y via <\/strong>van a depender del mensaje en el log que querramos capturar. Si quieren filtrar intentos de acceso por winbox entonces dejarlo como esta.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>blockedUsers<\/strong> es la lista del firewall que se crea dinamicamente con la\/s IP del usuario que intenta acceder.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Paso 3, agregar tu script al calendario para que se ejecute cada 5 minutos o menos.<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Esto hara que nuestro script lea el log cada 5 minutos. Mas ajustemos el tiempo, mas eficiente sera el chequeo de acceso. Si dentro de estos 5 minutos, hubo 3 o mas intentos, automaticamente se creara una regla en el Firewall Raw, y borrara todo el input desde la direccion IP dinamica detectada en la lista blockedUsers. Se entiende que en las proximas 24 hs caducara la direccion y volvera a tener acceso.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">______________<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">origen: <a href=\"http:\/\/www.tech-nico.com\">tech-nico.com<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Leyendo en el foro de mikrotik me encontre con este script que monitorea el log en busca errores , Y bloquea en base a la cantidad de intentos de acceso. Lo interesante es que podemos configurarlo para detectar distintos tipos &hellip; <a href=\"http:\/\/www.tech-nico.com\/blog\/mikrotik-script-para-bloquear-intentos-de-login\/\">Sigue leyendo <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":3,"featured_media":600,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_feature_clip_id":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"jetpack_post_was_ever_published":false},"categories":[74,73],"tags":[48,93],"class_list":["post-1092","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-mikrotik","category-scripts","tag-mikrotik","tag-routeros"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2015\/05\/logo_tech_nico.com_.jpg?fit=1650%2C1400","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/phA9Q-hC","jetpack_likes_enabled":true,"jetpack-related-posts":[{"id":618,"url":"http:\/\/www.tech-nico.com\/blog\/mikrotik-script-marcar-y-controlar-trafico-de-whatsapp-por-dns\/","url_meta":{"origin":1092,"position":0},"title":"Mikrotik Script: Marcar y controlar trafico de whatsapp por DNS","author":"soporte","date":"junio 5, 2015","format":false,"excerpt":"Si queremos controlar el ancho de banda de whatsapp por QoS o dropear o simplemente dejar pasar este trafico, podemos ejecutar este maravilloso script desde nuestro RouterOS, que recolecta las IP que usa esta aplicaci\u00f3n de mensajer\u00eda. Las IP que recolecta realmente son MUCHAS!. \u00a0 Entonces, pegamos este codigo en\u2026","rel":"","context":"En \u00abProgramaci\u00f3n\u00bb","block_context":{"text":"Programaci\u00f3n","link":"http:\/\/www.tech-nico.com\/blog\/category\/programacion\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2015\/05\/logo_tech_nico.com_.jpg?fit=1200%2C1018&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2015\/05\/logo_tech_nico.com_.jpg?fit=1200%2C1018&resize=350%2C200 1x, https:\/\/i0.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2015\/05\/logo_tech_nico.com_.jpg?fit=1200%2C1018&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2015\/05\/logo_tech_nico.com_.jpg?fit=1200%2C1018&resize=700%2C400 2x, https:\/\/i0.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2015\/05\/logo_tech_nico.com_.jpg?fit=1200%2C1018&resize=1050%2C600 3x"},"classes":[]},{"id":590,"url":"http:\/\/www.tech-nico.com\/blog\/mikrotik-bloquear-actualizaciones-de-android-en-firewall\/","url_meta":{"origin":1092,"position":1},"title":"Mikrotik bloquear actualizaciones de Android en firewall","author":"soporte","date":"abril 22, 2015","format":false,"excerpt":"Estoy implementando algunas reglas para mejorar el ancho de banda de un colegio. Esta me parece una muy buena practica. Aqu\u00ed la dejamos anotada por si acaso. Ir a la consola y ejecutar esto. Luego, si sos tan amable, arrastra las reglas para arriba de tu firewall y tener la\u2026","rel":"","context":"En \u00abProgramaci\u00f3n\u00bb","block_context":{"text":"Programaci\u00f3n","link":"http:\/\/www.tech-nico.com\/blog\/category\/programacion\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2015\/05\/logo_tech_nico.com_.jpg?fit=1200%2C1018&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2015\/05\/logo_tech_nico.com_.jpg?fit=1200%2C1018&resize=350%2C200 1x, https:\/\/i0.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2015\/05\/logo_tech_nico.com_.jpg?fit=1200%2C1018&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2015\/05\/logo_tech_nico.com_.jpg?fit=1200%2C1018&resize=700%2C400 2x, https:\/\/i0.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2015\/05\/logo_tech_nico.com_.jpg?fit=1200%2C1018&resize=1050%2C600 3x"},"classes":[]},{"id":670,"url":"http:\/\/www.tech-nico.com\/blog\/script-mikrotik-para-hacer-parpadear-un-led-del-router\/","url_meta":{"origin":1092,"position":2},"title":"Script Mikrotik para hacer parpadear un led del router.","author":"soporte","date":"febrero 28, 2016","format":false,"excerpt":"Vos dir\u00e1s.. y para que lo quiero?. Tal como dice\u00a0el creador del script (foro Mikrotik) podr\u00eda servir para se\u00f1alar\u00a0remotamente (al tecnico in-situ)\u00a0cual es el\u00a0equipo que tiene que supervisar.\u00a0Lo acabo de\u00a0probar\u00a0y me anduvo bien.\u00a0Es una pabada, pero a mi me encant\u00f3. :) Importar por consola https:\/\/www.youtube.com\/watch?v=ZrId0YXRBA8&feature=youtu.be","rel":"","context":"En \u00abProgramaci\u00f3n\u00bb","block_context":{"text":"Programaci\u00f3n","link":"http:\/\/www.tech-nico.com\/blog\/category\/programacion\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2015\/05\/logo_tech_nico.com_.jpg?fit=1200%2C1018&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2015\/05\/logo_tech_nico.com_.jpg?fit=1200%2C1018&resize=350%2C200 1x, https:\/\/i0.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2015\/05\/logo_tech_nico.com_.jpg?fit=1200%2C1018&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2015\/05\/logo_tech_nico.com_.jpg?fit=1200%2C1018&resize=700%2C400 2x, https:\/\/i0.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2015\/05\/logo_tech_nico.com_.jpg?fit=1200%2C1018&resize=1050%2C600 3x"},"classes":[]},{"id":446,"url":"http:\/\/www.tech-nico.com\/blog\/mikrotik-script-buscar-en-ppp-las-ip-libres-no-asignadas-en-una-clase-c\/","url_meta":{"origin":1092,"position":3},"title":"Mikrotik Script: Buscar en PPP las IP libres no asignadas en una Clase C","author":"soporte","date":"julio 16, 2013","format":false,"excerpt":"Bueno, este es un script muy rebuscado que arme para listar las IP Libres de un \/24. Es muy util ya que hay escasos bloques IPv4. En mi caso doy pppoe con IP fija, entonces es muy facil a veces (por error) saltearnos alguna IP y quede en desuso.","rel":"","context":"En \u00abProgramaci\u00f3n\u00bb","block_context":{"text":"Programaci\u00f3n","link":"http:\/\/www.tech-nico.com\/blog\/category\/programacion\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2015\/05\/logo_tech_nico.com_.jpg?fit=1200%2C1018&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2015\/05\/logo_tech_nico.com_.jpg?fit=1200%2C1018&resize=350%2C200 1x, https:\/\/i0.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2015\/05\/logo_tech_nico.com_.jpg?fit=1200%2C1018&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2015\/05\/logo_tech_nico.com_.jpg?fit=1200%2C1018&resize=700%2C400 2x, https:\/\/i0.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2015\/05\/logo_tech_nico.com_.jpg?fit=1200%2C1018&resize=1050%2C600 3x"},"classes":[]},{"id":645,"url":"http:\/\/www.tech-nico.com\/blog\/script-mikrotik-para-bloquear-dispositivos-moviles-en-firewall\/","url_meta":{"origin":1092,"position":4},"title":"Script Mikrotik para bloquear dispositivos moviles en Firewall","author":"soporte","date":"agosto 7, 2015","format":false,"excerpt":"Bloqueando Celulares desde Mikrotik con Firewall (Efectividad 80%) NOTA: Esta es la version para filtrar por firewall, tambien podes filtrar en bridge filter o\u00a0bloquear directamente en dhcp-server. Me toco en un colegio tener que dejar sin navegaci\u00f3n\u00a0a los celulares.\u00a0En este caso opte por armar un script que recorra la lista\u2026","rel":"","context":"En \u00abProgramaci\u00f3n\u00bb","block_context":{"text":"Programaci\u00f3n","link":"http:\/\/www.tech-nico.com\/blog\/category\/programacion\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2015\/05\/logo_tech_nico.com_.jpg?fit=1200%2C1018&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2015\/05\/logo_tech_nico.com_.jpg?fit=1200%2C1018&resize=350%2C200 1x, https:\/\/i0.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2015\/05\/logo_tech_nico.com_.jpg?fit=1200%2C1018&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2015\/05\/logo_tech_nico.com_.jpg?fit=1200%2C1018&resize=700%2C400 2x, https:\/\/i0.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2015\/05\/logo_tech_nico.com_.jpg?fit=1200%2C1018&resize=1050%2C600 3x"},"classes":[]},{"id":497,"url":"http:\/\/www.tech-nico.com\/blog\/api-mikrotik-con-php-indice-general\/","url_meta":{"origin":1092,"position":5},"title":"API MIKROTIK &#8211; (con php) &#8211; Indice general","author":"soporte","date":"octubre 19, 2013","format":false,"excerpt":"Hola a Todos! Los post me han quedado un poco desconectados, asi que arme un indice que voy a ir actualizando a medida que agregue info. 1) Introduccion: que puedo hacer con este API? 2) Primer Script: Crear nuestro primer ejemplo para acceder a tu RouterOS y testear el acceso.\u2026","rel":"","context":"En \u00abgeneral\u00bb","block_context":{"text":"general","link":"http:\/\/www.tech-nico.com\/blog\/category\/general\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2015\/05\/logo_tech_nico.com_.jpg?fit=1200%2C1018&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2015\/05\/logo_tech_nico.com_.jpg?fit=1200%2C1018&resize=350%2C200 1x, https:\/\/i0.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2015\/05\/logo_tech_nico.com_.jpg?fit=1200%2C1018&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2015\/05\/logo_tech_nico.com_.jpg?fit=1200%2C1018&resize=700%2C400 2x, https:\/\/i0.wp.com\/www.tech-nico.com\/blog\/wp-content\/uploads\/2015\/05\/logo_tech_nico.com_.jpg?fit=1200%2C1018&resize=1050%2C600 3x"},"classes":[]}],"_links":{"self":[{"href":"http:\/\/www.tech-nico.com\/blog\/wp-json\/wp\/v2\/posts\/1092","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.tech-nico.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.tech-nico.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.tech-nico.com\/blog\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"http:\/\/www.tech-nico.com\/blog\/wp-json\/wp\/v2\/comments?post=1092"}],"version-history":[{"count":3,"href":"http:\/\/www.tech-nico.com\/blog\/wp-json\/wp\/v2\/posts\/1092\/revisions"}],"predecessor-version":[{"id":1095,"href":"http:\/\/www.tech-nico.com\/blog\/wp-json\/wp\/v2\/posts\/1092\/revisions\/1095"}],"wp:featuredmedia":[{"embeddable":true,"href":"http:\/\/www.tech-nico.com\/blog\/wp-json\/wp\/v2\/media\/600"}],"wp:attachment":[{"href":"http:\/\/www.tech-nico.com\/blog\/wp-json\/wp\/v2\/media?parent=1092"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.tech-nico.com\/blog\/wp-json\/wp\/v2\/categories?post=1092"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.tech-nico.com\/blog\/wp-json\/wp\/v2\/tags?post=1092"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}