Follow us on...
Follow us on G+ Follow us on Twitter Follow us on Facebook Watch us on YouTube
Register
Results 1 to 13 of 13

Thread: Aktifitas Aneh

  1. #1
    Status
    Offline
    wijil46's Avatar
    Member
    Join Date
    Oct 2011
    Location
    Yogyakarta, Indonesia
    Posts
    159
    Reviews
    Read 0 Reviews
    Downloads
    12
    Uploads
    1
    Feedback Score
    0

    Aktifitas Aneh

    master dan agan2 semua
    ane mau nanya neee
    knpa setiap kali router di reboot ada aktifitas ini

    jan/02/1970 07:00:28 system,info router rebooted
    jan/02/1970 07:00:35 system,info nat rule changed by dengkulmuanjlog
    jan/02/1970 07:00:37 pppoe,ppp,info Sapidi: initializing...
    jan/02/1970 07:00:37 pppoe,ppp,info Sapidi: dialing...
    jan/02/1970 07:00:38 pppoe,ppp,info Sapidi: authenticated
    jan/02/1970 07:00:38 pppoe,ppp,info Sapidi: connected
    22:02:23 system,error,critical login failure for user admin from xxx.xxx.xxx.xxx via winbox
    22:02:23 system,error,critical login failure for user admin from 192.168.46.1 via winbox
    22:02:23 system,error,critical login failure for user admin from 192.168.1.2 via winbox
    22:02:23 system,error,critical login failure for user admin from 192.168.2.1 via winbox

    22:04:29 system,info,account user dengkulmuanjlog logged in from 192.168.46.2 via winbox
    22:32:53 system,info,account user dengkulmuanjlog logged in from 192.168.46.2 via telnet
    dan itu juga suka muncul tiap hari tpi g tau pasti jam berapa
    tpi tiap ane login n ngecek pasti ada aktifitas itu

    FYI :
    user admin udah tak hapus
    IP xxx.xxx.... itu IP publiknya

    trus kadang tiba2 CPU load 100%
    tar klo udah di reboot baru normal lagi

    help me....
    Click here to enlarge

  2. #2
    Status
    Offline
    pos_ronda's Avatar
    VIP Member
    Join Date
    Aug 2009
    Location
    Sleman, Indonesia
    Posts
    887
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    1. batasi akses ke winbox (drop selain ip untuk masuk winbox), atau ganti port winbox di /ip service , itu ada ip private muncul, datengi aja komputernya beserta log nya. pasti ngerti. sekalian shock terapi. bilang, "dengkulmuanjlog, arep ngopo mlebu router? routere mbahmu po?". yang jelas kalau tahu winbox, brarti tahu mikrotik..
    2. CPU 100%, cek di /tool profile, cpu tertinggi terpakai di resource mana? mungkin sudah saat nya untuk upgrade router..

    jogjane mana mas dab..
    Gunakan FreeRadius sebagai pengganti user manager

  3. #3
    Status
    Offline
    wijil46's Avatar
    Member
    Join Date
    Oct 2011
    Location
    Yogyakarta, Indonesia
    Posts
    159
    Reviews
    Read 0 Reviews
    Downloads
    12
    Uploads
    1
    Feedback Score
    0
    Click here to enlarge Originally Posted by pos_ronda Click here to enlarge
    1. batasi akses ke winbox (drop selain ip untuk masuk winbox), atau ganti port winbox di /ip service , itu ada ip private muncul, datengi aja komputernya beserta log nya. pasti ngerti. sekalian shock terapi. bilang, "dengkulmuanjlog, arep ngopo mlebu router? routere mbahmu po?". yang jelas kalau tahu winbox, brarti tahu mikrotik..
    2. CPU 100%, cek di /tool profile, cpu tertinggi terpakai di resource mana? mungkin sudah saat nya untuk upgrade router..

    jogjane mana mas dab..

    sorry gan lupa kasih info lengkap
    itu semua IP di mikrotik

    192.168.1.2 itu ip ke modem
    192.168.2.1 sama 46.1 itu ke lokal
    xxx.xxx.... itu IP publik

    dengkulmuanjlog itu user ane Click here to enlarge

    nb :
    oia lali
    aku sleman mas dab
    jakal KM 14.5

  4. #4
    Status
    Offline
    pos_ronda's Avatar
    VIP Member
    Join Date
    Aug 2009
    Location
    Sleman, Indonesia
    Posts
    887
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    ini kasus agak unik, login winbox tapi lewat ip mikrotik, adakah kemungkinan clone ip address? atau ada masalah di NAT nya?
    untuk sekarang paling amannya ganti port winbox.
    connect to nya pada winbox 192.168.46.1:<port yang baru>
    mungkin yang di bawah bisa membantu..
    Click here to enlarge
    Gunakan FreeRadius sebagai pengganti user manager

  5. The Following User Says Thank You to pos_ronda For This Useful Post:


  6. #5
    Status
    Offline
    wijil46's Avatar
    Member
    Join Date
    Oct 2011
    Location
    Yogyakarta, Indonesia
    Posts
    159
    Reviews
    Read 0 Reviews
    Downloads
    12
    Uploads
    1
    Feedback Score
    0
    Click here to enlarge Originally Posted by pos_ronda Click here to enlarge
    ini kasus agak unik, login winbox tapi lewat ip mikrotik, adakah kemungkinan clone ip address? atau ada masalah di NAT nya?
    untuk sekarang paling amannya ganti port winbox.
    connect to nya pada winbox 192.168.46.1:<port yang baru>
    mungkin yang di bawah bisa membantu..
    Click here to enlarge
    wah makasih gan atar pencerahannya
    ada masalah di NAT
    ada NAT untuk web server tapi web servernya udah tak matiin cuma NAT nya masih aktifClick here to enlargeClick here to enlarge
    begitu dimatiin barusan tak reboot udah g ada lagi
    semoga nnti g ada lagi n memang karna NAT itu bukan karna yg laen
    Click here to enlarge

    sekali lagi makasih atas pencerahannya Click here to enlargeClick here to enlarge

    UPDATE GANNNNNN

    masih muncul lagi Click here to enlargeClick here to enlargeClick here to enlargeClick here to enlargeClick here to enlarge
    Last edited by wijil46; 25-06-2012 at 08:42.

  7. #6
    Status
    Offline
    dhopack's Avatar
    Forum Guru
    Join Date
    Dec 2010
    Location
    KUDUS
    Posts
    1,919
    Reviews
    Read 0 Reviews
    Downloads
    2
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by pos_ronda Click here to enlarge
    ...
    CPU 100%, cek di /tool profile, cpu tertinggi terpakai di resource mana? mungkin sudah saat nya untuk upgrade router..
    ...
    nambahi dikit tool-profile kalau gak salah hanya ada di v5 keatas v4 blm ada,
    CMIIW lho Click here to enlarge

  8. #7
    Status
    Offline
    jerry_onde's Avatar
    Newbie
    Join Date
    Jan 2008
    Posts
    34
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    ijin nyimak agh, Click here to enlarge
    Last edited by jerry_onde; 25-06-2012 at 13:21.

  9. #8
    Status
    Offline
    crazingdaus's Avatar
    Newbie
    Join Date
    Apr 2012
    Posts
    22
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    sepertinya ada yang nyoba akses winboxnya, coba di ganti aja portnya

  10. #9
    Status
    Offline
    wijil46's Avatar
    Member
    Join Date
    Oct 2011
    Location
    Yogyakarta, Indonesia
    Posts
    159
    Reviews
    Read 0 Reviews
    Downloads
    12
    Uploads
    1
    Feedback Score
    0
    NEW UPDATE

    kemaren reboot jam 7 pagi
    trus muncul aktifitas aneh itu pas jam 07.12.31
    eh barusan muncul juga pas jam itu
    07:12:31 system,error,critical login failure for user admin from 192.168.46.1 via winbox
    07:12:31 system,error,critical login failure for user admin from 192.168.1.2 via winbox
    07:12:31 system,error,critical login failure for user admin from 192.168.2.1 via winbox
    07:12:31 system,error,critical login failure for user admin from xxx.xxx.xxx.xxx via winbox
    kenapa ya
    g mungkin klo itu dari luar
    kyknya dari system RBnya sendiri
    tolong dibantu master2

  11. #10
    Status
    Offline
    pos_ronda's Avatar
    VIP Member
    Join Date
    Aug 2009
    Location
    Sleman, Indonesia
    Posts
    887
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    kliatannya ada admin mencoba login setelah conected. coba cek di system scheduler.

  12. #11
    Status
    Offline
    wijil46's Avatar
    Member
    Join Date
    Oct 2011
    Location
    Yogyakarta, Indonesia
    Posts
    159
    Reviews
    Read 0 Reviews
    Downloads
    12
    Uploads
    1
    Feedback Score
    0
    Click here to enlarge Originally Posted by pos_ronda Click here to enlarge
    kliatannya ada admin mencoba login setelah conected. coba cek di system scheduler.
    g ada ap2 di scheduler Click here to enlarge
    klo cuma setelah conected kenapa persis 24 jam berikutnya kyk gitu lagi
    Click here to enlarge

  13. #12
    Status
    Offline
    Anto.PJ's Avatar
    Forum Guru
    Join Date
    May 2011
    Location
    macz
    Posts
    1,696
    Reviews
    Read 0 Reviews
    Downloads
    7
    Uploads
    0
    Feedback Score
    0
    virus varian baru mungkin..

  14. #13
    Status
    Offline
    kenthip's Avatar
    Baru Gabung
    Join Date
    Nov 2010
    Posts
    11
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Winbox nya aja ganti portnya, biar tenang...

 

 

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. [ASK] koneksi terdapat aktifitas aneh bin nyleneh
    By happiers07 in forum General Networking
    Replies: 7
    Last Post: 29-12-2011, 21:10
  2. melihat aktifitas tiap user
    By mahaadit in forum General Networking
    Replies: 11
    Last Post: 16-12-2010, 05:48
  3. ask.. me limit semua aktifitas browsing
    By vmobile in forum General Networking
    Replies: 5
    Last Post: 04-01-2010, 07:22
  4. Pantau Aktifitas Client & Caching Problem
    By GRiffiN in forum General Networking
    Replies: 17
    Last Post: 27-09-2007, 13:09

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •