Using a thread on the MikroTik forums as inspiration, I’ve taken the idea and made my first incarnation of a fairly brutal honeypot & blacklist. This is only the interesting part of the full router script but it’s my baseline for starting.
# SET WHITELIST IF NEEDED # SET IN-INTERFACE /ip firewall address-list add address=188.8.131.52 list=WHITELIST /ip firewall filter add action=accept chain=input comment="ACCEPT ESTABLISHED & RELATED SERVICE" connection-state=established,related in-interface=WAN.INTERFACE add action=accept chain=input comment="ACCEPT WHITELIST" src-address-list=WHITELIST in-interface=WAN.INTERFACE add action=accept chain=input comment="ACCEPT PING" protocol=icmp in-interface=WAN.INTERFACE add action=add-src-to-address-list address-list=honeypot-blacklist address-list-timeout=none-dynamic chain=input comment="BLACKLISTING TCP" in-interface=WAN.INTERFACE protocol=tcp src-address-list=!WHITELIST add action=add-src-to-address-list address-list=honeypot-blacklist address-list-timeout=none-dynamic chain=input comment="BLACKLISTING UDP" in-interface=WAN.INTERFACE protocol=udp src-address-list=!WHITELIST add action=drop chain=input comment="DROP BLACKLISTED INPUT" in-interface=WAN.INTERFACE src-address-list=honeypot-blacklist add action=drop chain=input comment="DROP ALL (SHOULD NOT FILL UP)" in-interface=WAN-INTERFACE log=yes log-prefix=non-bl-dropped-traffic
It’s quite strict in that anything that sniffs at it gets added to the blacklist and then blocked until reboot. As I push it further I will probably time the sniffers out for a few days rather than perma-block.
My most recent tutorial is now online for viewing. Very basic one but an exceptionally easy way to increase your network efficiency and avoid unwanted slow downs.
It involves the use of a Simple SFQ based queue on your WAN interface and full instructions can be found here
This is probably one of the most important (and overlooked) aspects of using an internet capable router. Security of your device is paramount an you should always do everything you can to protect it. I’ve got both a written and video tutorial to show try and help you achieve a solid security solution so you can be safe in the knowledge that your router is unreachable from unauthorised sources.