/ip firewall filter add action=reject chain=forward comment="Block RDP bruteforce" log=yes \ log-prefix="Blocked - " reject-with=icmp-network-unreachable \ src-address-list="Blocked bruteforcers" add action=add-src-to-address-list address-list="Blocked bruteforcers" \ address-list-timeout=60m chain=forward comment="RDP bruteforce stage4" \ connection-state=new dst-port=3389 log=yes log-prefix=\ "RDP BRUTEFORCE - " protocol=tcp src-address-list=rdp_bruteforce3 add action=add-src-to-address-list address-list=rdp_bruteforce3 \ address-list-timeout=15m chain=forward comment="RDP bruteforce stage3" \ connection-state=new dst-port=3389 log=yes log-prefix=\ "RDP BRUTEFORCE - STAGE3 - " protocol=tcp src-address-list=rdp_bruteforce2 add action=add-src-to-address-list address-list=rdp_bruteforce2 \ address-list-timeout=15m chain=forward comment="RDP bruteforce stage2" \ connection-state=new dst-port=3389 log=yes log-prefix=\ "RDP BRUTEFORCE - STAGE2 - " protocol=tcp src-address-list=rdp_bruteforce1 add action=add-src-to-address-list address-list=rdp_bruteforce1 \ address-list-timeout=15m chain=forward comment="RDP bruteforce stage1" \ connection-state=new dst-port=3389 log=yes log-prefix=\ "RDP BRUTEFORCE - STAGE1 -" protocol=tcp
mikrotik rdp bruteforce
Автор Itsworksmikrotik rdp 3389 bruteforce.
Решение взято у http://www.admblog.ru/mikrotik-bruteforce-block