http://www.dslreports.com/forum/r17934681 en Fri, 04 Dec 2009 22:31:36 EDT Fri, 04 Dec 2009 22:31:36 EDT http://www.dslreports.com/forum/remark,17940115 khoaled : The Mikrotik manual has a section on securing your router.

»www.mikrotik.com/testdocs/ros/2.···lter.php]]> http://www.dslreports.com/forum/remark,17940115 Sun, 04 Mar 2007 07:29:24 EDT http://www.dslreports.com/forum/remark,17935654 ibliz : Greetings,

You can set the authorized IP address for each username using winbox as follows :
1. Click Users menu.
2. Then on the userlist that appears next, click the user which you'd like to restrict access
3. A window with the settings for that username will appear. Notice there is a field named Allowed Address. Enter the authorized address into that field. IP addresses other than the one listed will not be able to log onto the usename.

Iam sure there is console command for those steps I just discussed, but I cant seem to find it.

Hope that helps. ]]> http://www.dslreports.com/forum/remark,17935654 Sat, 03 Mar 2007 11:23:31 EDT http://www.dslreports.com/forum/remark,17934838 slipstream1 : Can you not just set a secure user name and password to prevent unauthorized access. :D]]> http://www.dslreports.com/forum/remark,17934838 Sat, 03 Mar 2007 07:00:17 EDT http://www.dslreports.com/forum/remark,17934703 Diddy1 : Well, after 2.5 hours of messing around, it would appear that there is no way to prevent someone using winbox to log-in to a MT router if they are on same subnet with MAC or Ip. I'm not saying I've explored every option, but I think I have tried every combination of firewall settings that are possible?
Interesting to say the least. Anyone know of a way I haven't figured out? This is more of curious "computer science" question I guess :)
Aaron]]> http://www.dslreports.com/forum/remark,17934703 Sat, 03 Mar 2007 05:03:39 EDT http://www.dslreports.com/forum/remark,17934681 Diddy1 : Can someone with MT experience give me an idea how to prevent access via Winbox from any other Ip other than one authorized address? I've disabled discovery on all interfaces so no MAC discovery. But, if someone on our private subnet were to learn the address of the router, how would one prevent access attempts via winbox? I can turn off all other access methods, to my knowledge. I do know that winbox uses Port 8291 and I have made a firewall to drop, or reject, anything attempting to login via that port on TCP that is not the address of the authorized machine. But unfortunately this doesn't work.
Any suggestions?
Aaron ]]> http://www.dslreports.com/forum/remark,17934681 Sat, 03 Mar 2007 04:32:13 EDT