If you are using Mikrotik routers on your network with live IPs, you may have come across log messages that notify you of failed login attempts via ssh. Such messages are generated by failed unauthorized ssh attempts on your router by cybercriminals who are constantly trying to access and take down active devices in what is known as distributed denial of service attacks.
Cybercriminals are on the lookout for network devices that are live on the internet and once discovered, they use bruteforce to try and gain access to such devices. Bruteforce attack is the process by which an attacker users a software to generate millions of passwords in an attempt to gain unauthorized access to your device. Millions of passwords will be entered on your router until the correct one is entered and access will be granted. Once granted access, they go on to either take hold of your device and ask for ransom or take it down totally, assuming they have been paid by a competitor to do so.
You may say your password is super strong, making your device “unhackable”. Well, that’t good but wouldn’t it be nice to save the router the resources used in denying millions of failed login attempts by blocking such attacks from getting to the point where username and passwords are required? In this posts, I will share how to block bruteforce attacks on your Mikrotik router by changing the ssh port from the default to something else.
Since the default ssh port number is 22, attackers will 99% of the time, try to access your router via ssh on port 22. To stop such attacks from getting to your router, change the port number to a different number. This number must be remembered by you and must be entered each time you want to access the router via ssh. To change the ssh port number on your Mikrotik router, type /ip service set ssh port=2200 or click on IP>>services, then select ssh and change port number, if using Winbox. Once done, unauthorized login attempts via ssh will be dropped before username and passwords are demanded, saving your router’s resources used in processing millions of wrong passwords entered via bruteforce attacks.