FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.
0 votes
1,242 views 4 comments
by anonymous

RUT2_R_00.07.01.4

In the router log I notice records about blocked internal network IP address. Interestingly it comes right after the successful authentication record (the event time is also very strange):

2022-05-08 03:18:15 IP Block No entry found for IP (10.xxx.1.xxx).
2022-05-08 03:18:15 Web UI Authentication was successful from HTTPS 10.xxx.1.xxx

In the router configuration I can't find anything about allowing or blocking IPs. There is no IP control lists section in System > Administration > Access Control. Maybe an additional package needs to be installed?

1 Answer

0 votes
by anonymous

Hello,

These log records relate to blocking certain IP addresses after a set number of failed login attempts. One of the RUT devices security features is to block IP addresses after a number of unsuccessful tries to login. By default this number is 10, but it can be modified in WebUI System -> Administration -> Access control section Security tab. After an IP is blacklisted, it has to be unblocked manually in the WebUI, via CLI or by resetting router to its default settings.

Best regards,

Žygimantas 

Best answer
by anonymous

Thank you, Žygimantas, but where is the place where the IP address can be unblocked in WebUI? I can't find it in /system/admin/access_control/safety as described in RUT240 manual (maybe an extra package needs to be installed?):

Besides:

  • There are no records in the failed login attempts list.
  • I am still able to login successfully from the IP address mentioned as blocked in the log.
by anonymous

After a successful login the record of your previously failed login attempts is deleted and thus reset, however, you should not be able to login once the login attempt limit is reached. 

The devices can be removed in the same System -> Administration -> Access control section Security tab. An entry should be added in the List of login attempts if somebody tries to and fails to login.

Could you tell if you are trying to access the device from WAN or via a VPN?

Best regards,

Žygimantas

by anonymous
Accessing directly through LAN, no VPN.

The router is still logging event about blocked IP on successful connection.
by anonymous

If you mean the event record below, 

2022-05-08 03:18:15 IP Block No entry found for IP (10.xxx.1.xxx).

it means that the IP address of the device you have logged in from is not blacklisted and thus is allowed to access the router and login.