{"id":2107,"date":"2025-05-31T15:35:30","date_gmt":"2025-05-31T15:35:30","guid":{"rendered":"https:\/\/dsantana.uas.edu.mx\/?p=2107"},"modified":"2025-05-31T16:15:25","modified_gmt":"2025-05-31T16:15:25","slug":"sistema-de-defensa-progresiva-contra-accesos-fallidos-en-red-wan-con-mikrotik","status":"publish","type":"post","link":"https:\/\/dsantana.uas.edu.mx\/index.php\/2025\/05\/31\/sistema-de-defensa-progresiva-contra-accesos-fallidos-en-red-wan-con-mikrotik\/","title":{"rendered":"Sistema de Defensa Progresiva contra Accesos Fallidos en Red WAN con MikroTik"},"content":{"rendered":"\n<figure class=\"wp-block-image aligncenter size-full\"><img fetchpriority=\"high\" decoding=\"async\" width=\"1024\" height=\"1024\" src=\"https:\/\/dsantana.uas.edu.mx\/wp-content\/uploads\/2025\/05\/A-conceptual-illustration-representing-network-security-using-MikroTik-routers.-The-image-shows-a-di.jpeg\" alt=\"\" class=\"wp-image-2108\" srcset=\"https:\/\/dsantana.uas.edu.mx\/wp-content\/uploads\/2025\/05\/A-conceptual-illustration-representing-network-security-using-MikroTik-routers.-The-image-shows-a-di.jpeg 1024w, https:\/\/dsantana.uas.edu.mx\/wp-content\/uploads\/2025\/05\/A-conceptual-illustration-representing-network-security-using-MikroTik-routers.-The-image-shows-a-di-300x300.jpeg 300w, https:\/\/dsantana.uas.edu.mx\/wp-content\/uploads\/2025\/05\/A-conceptual-illustration-representing-network-security-using-MikroTik-routers.-The-image-shows-a-di-150x150.jpeg 150w, https:\/\/dsantana.uas.edu.mx\/wp-content\/uploads\/2025\/05\/A-conceptual-illustration-representing-network-security-using-MikroTik-routers.-The-image-shows-a-di-768x768.jpeg 768w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">\ud83d\udee1\ufe0f&nbsp;<strong>Sistema de Defensa Progresiva contra Accesos Fallidos en Red WAN con MikroTik<\/strong><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">\ud83c\udfaf&nbsp;<strong>Objetivo General<\/strong><\/h3>\n\n\n\n<p>Implementar un sistema automatizado en MikroTik que detecte, registre y bloquee direcciones IP externas que realicen m\u00faltiples intentos fallidos de conexi\u00f3n a servicios expuestos en la red WAN, aplicando bloqueos escalonados (10 minutos y luego 1 d\u00eda), con notificaciones en el log y se\u00f1ales sonoras diferenciadas.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">\ud83e\uddf1&nbsp;<strong>Componentes de la Soluci\u00f3n<\/strong><\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong>Listas de direcciones din\u00e1micas<\/strong>&nbsp;para rastrear intentos fallidos.<\/li>\n\n\n\n<li><strong>Reglas de firewall<\/strong>&nbsp;para detecci\u00f3n, conteo y bloqueo.<\/li>\n\n\n\n<li><strong>Scripts<\/strong>&nbsp;para emitir sonidos y registrar eventos.<\/li>\n\n\n\n<li><strong>Scheduler<\/strong>&nbsp;para ejecutar acciones autom\u00e1ticas.<\/li>\n\n\n\n<li><strong>Logs personalizados<\/strong>&nbsp;para auditor\u00eda.<\/li>\n\n\n\n<li><strong>Par\u00e1metros configurables<\/strong>&nbsp;para adaptarse a otros servicios (Winbox, FTP, etc.).<\/li>\n<\/ol>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">\ud83d\udd27&nbsp;<strong>Configuraci\u00f3n Paso a Paso<\/strong><\/h3>\n\n\n\n<h4 class=\"wp-block-heading\">1. Crear listas de seguimiento por etapas<\/h4>\n\n\n\n<p>\/ip&nbsp;firewall&nbsp;address-list<\/p>\n\n\n\n<p>add&nbsp;list=whitelist&nbsp;address=192.168.88.0\/24&nbsp;comment=\u00bbRed&nbsp;interna&nbsp;confiable\u00bb<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">2. Detecci\u00f3n de intentos nuevos (ej. SSH puerto 22)<\/h4>\n\n\n\n<p>\/ip&nbsp;firewall&nbsp;filter<\/p>\n\n\n\n<p>add&nbsp;chain=input&nbsp;protocol=tcp&nbsp;dst-port=22&nbsp;connection-state=new&nbsp;src-address-list=!whitelist&nbsp;\\<\/p>\n\n\n\n<p>&nbsp;&nbsp;&nbsp;&nbsp;action=add-src-to-address-list&nbsp;address-list=ssh_stage1&nbsp;address-list-timeout=1m&nbsp;log=yes&nbsp;log-prefix=\u00bbSSH&nbsp;intento&nbsp;1&#8243;<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">3. Escalado de intentos fallidos<\/h4>\n\n\n\n<p>Repetir para&nbsp;<code>ssh_stage2<\/code>&nbsp;hasta&nbsp;<code>ssh_stage5<\/code>:<\/p>\n\n\n\n<p>\/ip&nbsp;firewall&nbsp;filter<\/p>\n\n\n\n<p>add&nbsp;chain=input&nbsp;src-address-list=ssh_stage1&nbsp;protocol=tcp&nbsp;dst-port=22&nbsp;connection-state=new&nbsp;\\<\/p>\n\n\n\n<p>&nbsp;&nbsp;&nbsp;&nbsp;action=add-src-to-address-list&nbsp;address-list=ssh_stage2&nbsp;address-list-timeout=1m&nbsp;log-prefix=\u00bbSSH&nbsp;intento&nbsp;2&#8243;<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">4. Bloqueo temporal (10 minutos)<\/h4>\n\n\n\n<p>\/ip&nbsp;firewall&nbsp;filter<\/p>\n\n\n\n<p>add&nbsp;chain=input&nbsp;src-address-list=ssh_stage5&nbsp;action=add-src-to-address-list&nbsp;\\<\/p>\n\n\n\n<p>&nbsp;&nbsp;&nbsp;&nbsp;address-list=ssh_block_10min&nbsp;address-list-timeout=10m&nbsp;log=yes&nbsp;log-prefix=\u00bbSSH&nbsp;BLOQUEO&nbsp;10min\u00bb<\/p>\n\n\n\n<p>add&nbsp;chain=input&nbsp;src-address-list=ssh_block_10min&nbsp;action=drop<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">5. Escalado a bloqueo de 1 d\u00eda<\/h4>\n\n\n\n<p>\/ip&nbsp;firewall&nbsp;address-list<\/p>\n\n\n\n<p>add&nbsp;list=ssh_block_10min&nbsp;list=ssh_block_1day&nbsp;timeout=1d<\/p>\n\n\n\n<p>\/ip&nbsp;firewall&nbsp;filter<\/p>\n\n\n\n<p>add&nbsp;chain=input&nbsp;src-address-list=ssh_block_1day&nbsp;action=drop&nbsp;log=yes&nbsp;log-prefix=\u00bbSSH&nbsp;BLOQUEO&nbsp;1d\u00eda\u00bb<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">\ud83d\udd14&nbsp;<strong>Notificaciones Sonoras<\/strong><\/h3>\n\n\n\n<h4 class=\"wp-block-heading\">Scripts para sonidos<\/h4>\n\n\n\n<p>\/system&nbsp;script<\/p>\n\n\n\n<p>add&nbsp;name=beep_10min&nbsp;policy=read,write&nbsp;source=\u00bb\/beep&nbsp;frequency=1000&nbsp;length=500ms\u00bb<\/p>\n\n\n\n<p>add&nbsp;name=beep_1day&nbsp;policy=read,write&nbsp;source=\u00bb\/beep&nbsp;frequency=2000&nbsp;length=1000ms\u00bb<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Scheduler para ejecutar sonidos<\/h4>\n\n\n\n<p>\/system&nbsp;scheduler<\/p>\n\n\n\n<p>add&nbsp;name=beep10min&nbsp;on-event=\u00bb\/system&nbsp;script&nbsp;run&nbsp;beep_10min\u00bb&nbsp;interval=10m&nbsp;start-time=startup<\/p>\n\n\n\n<p>add&nbsp;name=beep1day&nbsp;on-event=\u00bb\/system&nbsp;script&nbsp;run&nbsp;beep_1day\u00bb&nbsp;interval=1d&nbsp;start-time=startup<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">\ud83e\uddf9&nbsp;<strong>Mantenimiento y Limpieza<\/strong><\/h3>\n\n\n\n<p>Aseg\u00farate de que las listas temporales se limpien autom\u00e1ticamente:<\/p>\n\n\n\n<p>\/ip&nbsp;firewall&nbsp;address-list<\/p>\n\n\n\n<p>add&nbsp;list=ssh_stage1&nbsp;timeout=1m<\/p>\n\n\n\n<p>add&nbsp;list=ssh_stage2&nbsp;timeout=1m<\/p>\n\n\n\n<p>&#8230;<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">\ud83d\udccb&nbsp;<strong>Recomendaciones Adicionales<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Adaptabilidad<\/strong>: Puedes replicar esta l\u00f3gica para otros servicios como Winbox (puerto 8291), FTP, HTTP, etc.<\/li>\n\n\n\n<li><strong>Seguridad<\/strong>: Agrega tu red interna a la lista&nbsp;<code>whitelist<\/code>&nbsp;para evitar bloqueos accidentales.<\/li>\n\n\n\n<li><strong>Auditor\u00eda<\/strong>: Revisa los logs regularmente para detectar patrones de ataque.<\/li>\n\n\n\n<li><strong>Alertas remotas<\/strong>: Puedes integrar notificaciones por correo o Telegram si lo deseas.<\/li>\n<\/ul>\n\n\n\n<p><\/p>\n\n\n\n<p><strong>Descarga el archivos RSC:<\/strong><\/p>\n\n\n\n<p><a href=\"https:\/\/dsantana.uas.edu.mx\/Talleres\/Mikrotik%20Desde%20Cero\/Scripts\/Sistema%20de%20Defensa%20Progresiva%20contra%20Accesos%20Fallidos%20en%20Red%20WAN%20con%20MikroTik.rsc\" data-type=\"link\" data-id=\"https:\/\/dsantana.uas.edu.mx\/Talleres\/Mikrotik%20Desde%20Cero\/Scripts\/Sistema%20de%20Defensa%20Progresiva%20contra%20Accesos%20Fallidos%20en%20Red%20WAN%20con%20MikroTik.rsc\">Sistema de Defensa Progresiva contra Accesos Fallidos en Red WAN con MikroTik.rsc<\/a><\/p>\n\n\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>\ud83d\udee1\ufe0f&nbsp;Sistema de Defensa Progresiva contra Accesos Fallidos en Red WAN con MikroTik \ud83c\udfaf&nbsp;Objetivo General Implementar un sistema automatizado en MikroTik que detecte, registre y bloquee direcciones IP externas que realicen m\u00faltiples intentos fallidos de conexi\u00f3n a servicios expuestos en la red WAN, aplicando bloqueos escalonados (10 minutos y luego 1 d\u00eda), con notificaciones en el log y se\u00f1ales sonoras diferenciadas. \ud83e\uddf1&nbsp;Componentes de la Soluci\u00f3n \ud83d\udd27&nbsp;Configuraci\u00f3n Paso a Paso 1. Crear listas de seguimiento por etapas \/ip&nbsp;firewall&nbsp;address-list add&nbsp;list=whitelist&nbsp;address=192.168.88.0\/24&nbsp;comment=\u00bbRed&nbsp;interna&nbsp;confiable\u00bb 2. Detecci\u00f3n de intentos nuevos (ej. SSH puerto 22) \/ip&nbsp;firewall&nbsp;filter add&nbsp;chain=input&nbsp;protocol=tcp&nbsp;dst-port=22&nbsp;connection-state=new&nbsp;src-address-list=!whitelist&nbsp;\\ &nbsp;&nbsp;&nbsp;&nbsp;action=add-src-to-address-list&nbsp;address-list=ssh_stage1&nbsp;address-list-timeout=1m&nbsp;log=yes&nbsp;log-prefix=\u00bbSSH&nbsp;intento&nbsp;1&#8243; 3. Escalado de intentos fallidos Repetir para&nbsp;ssh_stage2&nbsp;hasta&nbsp;ssh_stage5: \/ip&nbsp;firewall&nbsp;filter add&nbsp;chain=input&nbsp;src-address-list=ssh_stage1&nbsp;protocol=tcp&nbsp;dst-port=22&nbsp;connection-state=new&nbsp;\\ &nbsp;&nbsp;&nbsp;&nbsp;action=add-src-to-address-list&nbsp;address-list=ssh_stage2&nbsp;address-list-timeout=1m&nbsp;log-prefix=\u00bbSSH&nbsp;intento&nbsp;2&#8243; 4. Bloqueo temporal (10 minutos) \/ip&nbsp;firewall&nbsp;filter add&nbsp;chain=input&nbsp;src-address-list=ssh_stage5&nbsp;action=add-src-to-address-list&nbsp;\\ &nbsp;&nbsp;&nbsp;&nbsp;address-list=ssh_block_10min&nbsp;address-list-timeout=10m&nbsp;log=yes&nbsp;log-prefix=\u00bbSSH&nbsp;BLOQUEO&nbsp;10min\u00bb add&nbsp;chain=input&nbsp;src-address-list=ssh_block_10min&nbsp;action=drop 5. Escalado a bloqueo de 1 d\u00eda \/ip&nbsp;firewall&nbsp;address-list add&nbsp;list=ssh_block_10min&nbsp;list=ssh_block_1day&nbsp;timeout=1d \/ip&nbsp;firewall&nbsp;filter add&nbsp;chain=input&nbsp;src-address-list=ssh_block_1day&nbsp;action=drop&nbsp;log=yes&nbsp;log-prefix=\u00bbSSH&nbsp;BLOQUEO&nbsp;1d\u00eda\u00bb \ud83d\udd14&nbsp;Notificaciones Sonoras Scripts para sonidos \/system&nbsp;script add&nbsp;name=beep_10min&nbsp;policy=read,write&nbsp;source=\u00bb\/beep&nbsp;frequency=1000&nbsp;length=500ms\u00bb add&nbsp;name=beep_1day&nbsp;policy=read,write&nbsp;source=\u00bb\/beep&nbsp;frequency=2000&nbsp;length=1000ms\u00bb Scheduler para ejecutar sonidos \/system&nbsp;scheduler add&nbsp;name=beep10min&nbsp;on-event=\u00bb\/system&nbsp;script&nbsp;run&nbsp;beep_10min\u00bb&nbsp;interval=10m&nbsp;start-time=startup add&nbsp;name=beep1day&nbsp;on-event=\u00bb\/system&nbsp;script&nbsp;run&nbsp;beep_1day\u00bb&nbsp;interval=1d&nbsp;start-time=startup \ud83e\uddf9&nbsp;Mantenimiento y Limpieza Aseg\u00farate de que las listas temporales se limpien autom\u00e1ticamente: \/ip&nbsp;firewall&nbsp;address-list add&nbsp;list=ssh_stage1&nbsp;timeout=1m add&nbsp;list=ssh_stage2&nbsp;timeout=1m &#8230; \ud83d\udccb&nbsp;Recomendaciones Adicionales Descarga el archivos RSC: Sistema de Defensa Progresiva contra Accesos Fallidos en Red WAN con MikroTik.rsc<\/p>\n","protected":false},"author":1,"featured_media":2111,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5,89,55,56,87,1,10,6],"tags":[],"class_list":["post-2107","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-docencia","category-firewall","category-mikrotik","category-redes","category-seguridad-talleres","category-sin-categoria","category-sistemas-operativos","category-talleres"],"_links":{"self":[{"href":"https:\/\/dsantana.uas.edu.mx\/index.php\/wp-json\/wp\/v2\/posts\/2107","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dsantana.uas.edu.mx\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dsantana.uas.edu.mx\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dsantana.uas.edu.mx\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/dsantana.uas.edu.mx\/index.php\/wp-json\/wp\/v2\/comments?post=2107"}],"version-history":[{"count":3,"href":"https:\/\/dsantana.uas.edu.mx\/index.php\/wp-json\/wp\/v2\/posts\/2107\/revisions"}],"predecessor-version":[{"id":2113,"href":"https:\/\/dsantana.uas.edu.mx\/index.php\/wp-json\/wp\/v2\/posts\/2107\/revisions\/2113"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/dsantana.uas.edu.mx\/index.php\/wp-json\/wp\/v2\/media\/2111"}],"wp:attachment":[{"href":"https:\/\/dsantana.uas.edu.mx\/index.php\/wp-json\/wp\/v2\/media?parent=2107"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dsantana.uas.edu.mx\/index.php\/wp-json\/wp\/v2\/categories?post=2107"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dsantana.uas.edu.mx\/index.php\/wp-json\/wp\/v2\/tags?post=2107"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}