Попытка взлома Mikrotik?

Если в логах Mikrotik, вы увидели кучу сообщений о попытке входа под разными логинами/паролями, не спешите делать выводы, что вас ломают, особенно, если вы видите адрес источника из вашей локальной сеть.

Дело оказалось не в попытке взлома…

Проблема оказалась в бесплатном антивирусе AVG. В него встроили функцию трафик-инспектора, она периодически сканирует сеть и видя Mikrotik, начинает попытки подобрать имя пользователя и пароль.

Понятно, что AVG не пытается взломать Mikrotik, а только провести аудит безопасности.

Одно дело, если у вас несколько ПК с AVG, а если их 1000 и все они начнут сканировать сеть и по сути, атаковать ваше сетевое оборудование…

Антивирус на ПК пользователя, не должен заниматься сканированием уязвимости в сетевой инфраструктуре. Его задача контролировать то, что происходит на том ПК, где он стоит, а инфраструктурой должен заниматься администратор сети.

Тема обсуждения на reddit: https://www.reddit.com/r/antivirus/comments/qligwk/avg_hacked_or_simple_software_error/

Обсуждение на сайте поддержки AVG: https://support.avg.com/answers?id=9065p0000000jO6AAI

Ниже лог Mikrotik:

dec/23 14:31:33 system,error,critical login failure for user from 10.10.11.51 via ssh 
dec/23 14:31:33 system,error,critical login failure for user admin from 10.10.11.51 via ssh 
dec/23 14:31:34 system,error,critical login failure for user admin from 10.10.11.51 via ssh 
dec/23 14:31:34 system,error,critical login failure for user from 10.10.11.51 via ssh 
dec/23 14:31:34 system,error,critical login failure for user MikroTikSystem from 10.10.11.51 via ssh 
dec/23 14:31:35 system,error,critical login failure for user admin from 10.10.11.51 via ssh 
dec/23 14:31:35 system,error,critical login failure for user dircreate from 10.10.11.51 via ssh 
dec/23 14:31:35 system,error,critical login failure for user EServicios from 10.10.11.51 via ssh 
dec/23 14:31:36 system,error,critical login failure for user SolucTec from 10.10.11.51 via ssh 
dec/23 14:31:36 system,error,critical login failure for user admin from 10.10.11.51 via ssh 
dec/23 14:31:36 system,error,critical login failure for user admin from 10.10.11.51 via ssh 
dec/23 14:31:37 system,error,critical login failure for user user from 10.10.11.51 via ssh 
dec/23 14:31:38 system,error,critical login failure for user Admin from 10.10.11.51 via ssh 
dec/23 14:31:38 system,error,critical login failure for user admin from 10.10.11.51 via ssh 
dec/23 14:31:38 system,error,critical login failure for user admin from 10.10.11.51 via ssh 
dec/23 14:31:38 system,error,critical login failure for user root from 10.10.11.51 via ssh 
dec/23 14:31:38 system,error,critical login failure for user meo from 10.10.11.51 via ssh 
dec/23 14:31:38 system,error,critical login failure for user admin from 10.10.11.51 via ssh 
dec/23 14:31:39 system,error,critical login failure for user Admin from 10.10.11.51 via ssh 
dec/23 14:31:39 system,error,critical login failure for user from 10.10.11.51 via ssh 
dec/23 14:31:39 system,error,critical login failure for user admin from 10.10.11.51 via ssh 
dec/23 14:31:40 system,error,critical login failure for user root from 10.10.11.51 via ssh 
dec/23 14:31:40 system,error,critical login failure for user root from 10.10.11.51 via ssh 
dec/23 14:31:40 system,error,critical login failure for user ubnt from 10.10.11.51 via ssh 
dec/23 14:31:41 system,error,critical login failure for user root from 10.10.11.51 via ssh 
dec/23 14:31:41 system,error,critical login failure for user sysadm from 10.10.11.51 via ssh 
dec/23 14:31:41 system,error,critical login failure for user guest from 10.10.11.51 via ssh 
dec/23 14:31:42 system,error,critical login failure for user Administrator from 10.10.11.51 via ssh 
dec/23 14:31:42 system,error,critical login failure for user vodafone from 10.10.11.51 via ssh 
dec/23 14:31:42 system,error,critical login failure for user vodafone from 10.10.11.51 via ssh 
dec/23 14:31:42 system,error,critical login failure for user admin from 10.10.11.51 via ssh 
dec/23 14:31:42 system,error,critical login failure for user admin from 10.10.11.51 via ssh 
dec/23 14:31:43 system,error,critical login failure for user root from 10.10.11.51 via ssh 
dec/23 14:31:43 system,error,critical login failure for user from 10.10.11.51 via ssh 
dec/23 14:31:43 system,error,critical login failure for user from 10.10.11.51 via ssh 
dec/23 14:31:43 system,error,critical login failure for user admin from 10.10.11.51 via ssh 
dec/23 14:31:44 system,error,critical login failure for user root from 10.10.11.51 via ssh 
dec/23 14:31:44 system,error,critical login failure for user supervisor from 10.10.11.51 via ssh 
dec/23 14:31:45 system,error,critical login failure for user User from 10.10.11.51 via ssh 
dec/23 14:31:45 system,error,critical login failure for user user from 10.10.11.51 via ssh 
dec/23 14:31:45 system,error,critical login failure for user user from 10.10.11.51 via ssh 
dec/23 14:31:45 system,error,critical login failure for user Guest from 10.10.11.51 via ssh 
dec/23 14:31:45 system,error,critical login failure for user Guest from 10.10.11.51 via ssh 
dec/23 14:31:45 system,error,critical login failure for user Gearguy from 10.10.11.51 via ssh 
dec/23 14:31:46 system,error,critical login failure for user admin from 10.10.11.51 via ssh 
dec/23 14:31:46 system,error,critical login failure for user Cisco from 10.10.11.51 via ssh 
dec/23 14:31:46 system,error,critical login failure for user supervisor from 10.10.11.51 via ssh 
dec/23 14:31:47 system,error,critical login failure for user 11111 from 10.10.11.51 via ssh 
dec/23 14:31:47 system,error,critical login failure for user Admin from 10.10.11.51 via ssh 
dec/23 14:31:48 system,error,critical login failure for user Administrator from 10.10.11.51 via ssh 
dec/23 14:31:48 system,error,critical login failure for user from 10.10.11.51 via ssh 
dec/23 14:31:48 system,error,critical login failure for user guest from 10.10.11.51 via ssh 
dec/23 14:31:49 system,error,critical login failure for user user from 10.10.11.51 via ssh 
dec/23 14:31:49 system,error,critical login failure for user admin from 10.10.11.51 via ssh 
dec/23 14:31:33 system,error,critical login failure for user from 10.10.11.51 via ssh 
dec/23 14:31:33 system,error,critical login failure for user admin from 10.10.11.51 via ssh 
dec/23 14:31:34 system,error,critical login failure for user admin from 10.10.11.51 via ssh 
dec/23 14:31:34 system,error,critical login failure for user from 10.10.11.51 via ssh 
dec/23 14:31:34 system,error,critical login failure for user MikroTikSystem from 10.10.11.51 via ssh 
dec/23 14:31:35 system,error,critical login failure for user admin from 10.10.11.51 via ssh 
dec/23 14:31:35 system,error,critical login failure for user dircreate from 10.10.11.51 via ssh 
dec/23 14:31:35 system,error,critical login failure for user EServicios from 10.10.11.51 via ssh 
dec/23 14:31:36 system,error,critical login failure for user SolucTec from 10.10.11.51 via ssh 
dec/23 14:31:36 system,error,critical login failure for user admin from 10.10.11.51 via ssh 
dec/23 14:31:36 system,error,critical login failure for user admin from 10.10.11.51 via ssh 
dec/23 14:31:37 system,error,critical login failure for user user from 10.10.11.51 via ssh 
dec/23 14:31:38 system,error,critical login failure for user Admin from 10.10.11.51 via ssh 
dec/23 14:31:38 system,error,critical login failure for user admin from 10.10.11.51 via ssh 
dec/23 14:31:38 system,error,critical login failure for user admin from 10.10.11.51 via ssh 
dec/23 14:31:38 system,error,critical login failure for user root from 10.10.11.51 via ssh 
dec/23 14:31:38 system,error,critical login failure for user meo from 10.10.11.51 via ssh 
dec/23 14:31:38 system,error,critical login failure for user admin from 10.10.11.51 via ssh 
dec/23 14:31:39 system,error,critical login failure for user Admin from 10.10.11.51 via ssh 
dec/23 14:31:39 system,error,critical login failure for user from 10.10.11.51 via ssh 
dec/23 14:31:39 system,error,critical login failure for user admin from 10.10.11.51 via ssh 
dec/23 14:31:40 system,error,critical login failure for user root from 10.10.11.51 via ssh 
dec/23 14:31:40 system,error,critical login failure for user root from 10.10.11.51 via ssh 
dec/23 14:31:40 system,error,critical login failure for user ubnt from 10.10.11.51 via ssh 
dec/23 14:31:41 system,error,critical login failure for user root from 10.10.11.51 via ssh 
dec/23 14:31:41 system,error,critical login failure for user sysadm from 10.10.11.51 via ssh 
dec/23 14:31:41 system,error,critical login failure for user guest from 10.10.11.51 via ssh 
dec/23 14:31:42 system,error,critical login failure for user Administrator from 10.10.11.51 via ssh 
dec/23 14:31:42 system,error,critical login failure for user vodafone from 10.10.11.51 via ssh 
dec/23 14:31:42 system,error,critical login failure for user vodafone from 10.10.11.51 via ssh 
dec/23 14:31:42 system,error,critical login failure for user admin from 10.10.11.51 via ssh 
dec/23 14:31:42 system,error,critical login failure for user admin from 10.10.11.51 via ssh 
dec/23 14:31:43 system,error,critical login failure for user root from 10.10.11.51 via ssh 
dec/23 14:31:43 system,error,critical login failure for user from 10.10.11.51 via ssh 
dec/23 14:31:43 system,error,critical login failure for user from 10.10.11.51 via ssh 
dec/23 14:31:43 system,error,critical login failure for user admin from 10.10.11.51 via ssh 
dec/23 14:31:44 system,error,critical login failure for user root from 10.10.11.51 via ssh 
dec/23 14:31:44 system,error,critical login failure for user supervisor from 10.10.11.51 via ssh 
dec/23 14:31:45 system,error,critical login failure for user User from 10.10.11.51 via ssh 
dec/23 14:31:45 system,error,critical login failure for user user from 10.10.11.51 via ssh 
dec/23 14:31:45 system,error,critical login failure for user user from 10.10.11.51 via ssh 
dec/23 14:31:45 system,error,critical login failure for user Guest from 10.10.11.51 via ssh 
dec/23 14:31:45 system,error,critical login failure for user Guest from 10.10.11.51 via ssh 
dec/23 14:31:45 system,error,critical login failure for user Gearguy from 10.10.11.51 via ssh 
dec/23 14:31:46 system,error,critical login failure for user admin from 10.10.11.51 via ssh 
dec/23 14:31:46 system,error,critical login failure for user Cisco from 10.10.11.51 via ssh 
dec/23 14:31:46 system,error,critical login failure for user supervisor from 10.10.11.51 via ssh 
dec/23 14:31:47 system,error,critical login failure for user 11111 from 10.10.11.51 via ssh 
dec/23 14:31:47 system,error,critical login failure for user Admin from 10.10.11.51 via ssh 
dec/23 14:31:48 system,error,critical login failure for user Administrator from 10.10.11.51 via ssh 
dec/23 14:31:48 system,error,critical login failure for user from 10.10.11.51 via ssh 
dec/23 14:31:48 system,error,critical login failure for user guest from 10.10.11.51 via ssh 
dec/23 14:31:49 system,error,critical login failure for user user from 10.10.11.51 via ssh 
dec/23 14:31:49 system,error,critical login failure for user admin from 10.10.11.51 via ssh 
dec/23 14:31:49 system,error,critical login failure for user root from 10.10.11.51 via ssh 
dec/23 14:31:50 system,error,critical login failure for user admin from 10.10.11.51 via ssh 
dec/23 14:31:50 system,error,critical login failure for user admim from 10.10.11.51 via ssh 
dec/23 14:31:51 system,error,critical login failure for user root from 10.10.11.51 via ssh 
dec/23 14:31:52 system,error,critical login failure for user from 10.10.11.51 via ssh 
dec/23 14:31:52 system,error,critical login failure for user user from 10.10.11.51 via ssh 
dec/23 14:31:52 system,error,critical login failure for user Admin from 10.10.11.51 via ssh 
dec/23 14:31:53 system,error,critical login failure for user admin from 10.10.11.51 via ssh 
dec/23 14:31:53 system,error,critical login failure for user 1234 from 10.10.11.51 via ssh 
dec/23 14:31:54 system,error,critical login failure for user ADSL from 10.10.11.51 via ssh 
dec/23 14:31:54 system,error,critical login failure for user root from 10.10.11.51 via ssh 
dec/23 14:31:54 system,error,critical login failure for user root from 10.10.11.51 via ssh 
dec/23 14:31:55 system,error,critical login failure for user admin from 10.10.11.51 via ssh 
dec/23 14:31:56 system,error,critical login failure for user admin from 10.10.11.51 via ssh 
dec/23 14:31:56 system,error,critical login failure for user administrator from 10.10.11.51 via ssh 
dec/23 14:31:56 system,error,critical login failure for user admin from 10.10.11.51 via ssh 
dec/23 14:31:56 system,error,critical login failure for user admin from 10.10.11.51 via ssh 
dec/23 14:31:57 system,error,critical login failure for user admin from 10.10.11.51 via ssh 
dec/23 14:31:57 system,error,critical login failure for user admin from 10.10.11.51 via ssh 
dec/23 14:31:57 system,error,critical login failure for user admin from 10.10.11.51 via ssh 
dec/23 14:31:58 system,error,critical login failure for user admin from 10.10.11.51 via ssh 
dec/23 14:31:58 system,error,critical login failure for user root from 10.10.11.51 via ssh 
dec/23 14:31:58 system,error,critical login failure for user root from 10.10.11.51 via ssh 
dec/23 14:31:59 system,error,critical login failure for user Administrator from 10.10.11.51 via ssh 
dec/23 14:31:59 system,error,critical login failure for user root from 10.10.11.51 via ssh 
dec/23 14:31:59 system,error,critical login failure for user root from 10.10.11.51 via ssh 
dec/23 14:32:00 system,error,critical login failure for user admin from 10.10.11.51 via ssh 
dec/23 14:32:00 system,error,critical login failure for user root from 10.10.11.51 via ssh 
dec/23 14:32:01 system,error,critical login failure for user admin from 10.10.11.51 via ssh 
dec/23 14:32:01 system,error,critical login failure for user root from 10.10.11.51 via ssh 
dec/23 14:32:01 system,error,critical login failure for user root from 10.10.11.51 via ssh

Попытка взлома Mikrotik?: 4 комментария

Konstantin Prohorov 31/12/2021 в 10:09

Еще один повод не ставить этот блотвэр AVG.

Войдите, чтобы ответить ↓
1. Андрей Торженов Автор записи31/12/2021 в 11:34
  
  Я и не ставил… люди сами его поставили, а я подключился к МТ и в логах такое обнаружил. Сначала подумал, что подхватили какой-то троян, забрал ноут, но там было всё чисто… потом вот выяснилось что это AVG.
  
  Войдите, чтобы ответить ↓
Bear-G01 29/01/2022 в 16:47

Спасибо, 6 часов искал источник!

Войдите, чтобы ответить ↓
1. Андрей Торженов Автор записи29/01/2022 в 18:57
  
  Пожалуйста! Сам много времени потратил когда разбирался…
  
  Войдите, чтобы ответить ↓

Добавить комментарий Отменить ответ

Для отправки комментария вам необходимо авторизоваться.

Вы можете авторизоваться используя Вашу учётную запись из социальных сетей

Оповещение по e-mail о новых комментариях. Также вы можете не оставляя комментарий подписаться но новые комментарии.

2keep.net

IT-Blog

Попытка взлома Mikrotik?

Похожие записи...

Андрей Торженов

Latest posts by Андрей Торженов (see all)

Попытка взлома Mikrotik?: 4 комментария

Добавить комментарий Отменить ответ