My first attempt at a honeypot/blacklist

Using a thread on the MikroTik forums as inspiration, I’ve taken the idea and made my first incarnation of a fairly brutal honeypot & blacklist. This is only the interesting part of the full router script but it’s my baseline for starting.

# SET WHITELIST IF NEEDED
# SET IN-INTERFACE
/ip firewall address-list
add address=8.8.8.8 list=WHITELIST
/ip firewall filter
add action=accept chain=input comment="ACCEPT ESTABLISHED & RELATED SERVICE" connection-state=established,related in-interface=WAN.INTERFACE
add action=accept chain=input comment="ACCEPT WHITELIST" src-address-list=WHITELIST in-interface=WAN.INTERFACE
add action=accept chain=input comment="ACCEPT PING" protocol=icmp in-interface=WAN.INTERFACE
add action=add-src-to-address-list address-list=honeypot-blacklist address-list-timeout=none-dynamic chain=input comment="BLACKLISTING TCP" in-interface=WAN.INTERFACE protocol=tcp src-address-list=!WHITELIST
add action=add-src-to-address-list address-list=honeypot-blacklist address-list-timeout=none-dynamic chain=input comment="BLACKLISTING UDP" in-interface=WAN.INTERFACE protocol=udp src-address-list=!WHITELIST
add action=drop chain=input comment="DROP BLACKLISTED INPUT" in-interface=WAN.INTERFACE src-address-list=honeypot-blacklist
add action=drop chain=input comment="DROP ALL (SHOULD NOT FILL UP)" in-interface=WAN-INTERFACE log=yes log-prefix=non-bl-dropped-traffic

It’s quite strict in that anything that sniffs at it gets added to the blacklist and then blocked until reboot. As I push it further I will probably time the sniffers out for a few days rather than perma-block.

Securing RouterOS written guide is now Live!

This is probably one of the most important (and overlooked) aspects of using an internet capable router. Security of your device is paramount an you should always do everything you can to protect it. I’ve got both a written and video tutorial to show try and help you achieve a solid security solution so you can be safe in the knowledge that your router is unreachable from unauthorised sources.

MikroTik QoS with script now live!

I’ve just put the finishing touches to v1 of my QoS script for Mikrotik RouterOS devices. QoS is a weird one as what suits my needs may not suit yours and I go into some detail here about it but regardless to that the written tutorial with downloadable script file is now live on my site and you can find it just here.

Hope you find it useful and please do give me any feedback you may have!

What’s happening? 04/03/2018

I’ve pumped out a fair amount of tutorials recently and then had a bit of a hard stop. The work is carrying on in the background. I have loads of plans for more tutorials primarily based on MikroTik but there will be some Ubiquiti elements thrown in.

Project home router is at an odd point, I’ve re-ignited it but not done any further work to it. I’m currently waiting for a full iDrac setup to come through from China to see if I can quiet it off and I’m also waiting for the opportunity to re-paste the CPU to make sure I’m getting the best possible thermal setup out of it. I’m still undecided what to do with it, I have a quad port NIC but reality is I wish it was an SFP card and I can’t run both. Either way it can’t be any worse (apart from noise) than the RB3011 which is dropping ports and getting a lot of hard CPU usage under load.

I’ve also had to reinstall my trusty laptop, Ubuntu was aggravating me and some apps just weren’t what I wanted so have reinstalled to Windows 10 and have spent a few days getting it set up exactly how I want it. Some new editions to my Windows portfolio include Notepad++ which I’d never used until now but is absolutely awesome especially when combined with a user defined RouterOS language and the biggest surprise was the Bash on Windows functionality that W10 offers, simply it’s brilliant and now I genuinely have no drawbacks to moving back to Windows. I may drop a few posts about that in the future as simple stuff like SSH tunnelling is now so much easier from the Windows desktop.

As time has been short I’ve not managed to put a lot up to YouTube however have had a couple of gaming sessions which I’ve streamed to Twitch. I’ve been playing with some frames and scrolling text and I think I’m about there with those now. I’ve also ony just discovered StreamLabs which I have set up but am still waiting to sit down and learn intimately and get it set up to the standards I want.

Having a great time with my tech at the moment, I never seem to have enough time to do what I want and I’m eagerly waiting the launch of the new Ryzen+ or Ryzen2 kit in a couple weeks time as I’m definitely upgrading. 4Ghz seems to be the way to go!