Community discussions

MikroTik App
 
PoURaN
just joined
Topic Author
Posts: 3
Joined: Sat Apr 28, 2012 5:03 pm

Mikrotik Router DDoS attack

Mon Apr 30, 2012 11:59 pm

Denial of service attack in winbox service cause winbox service to totaly fail to respond and also various results in the whole router.. 100% cpu always and sometimes BGP and interfaces failures after long time attack..
Details, script code and video example here.. : http://www.133tsec.com/2012/04/30/0day- ... os-attack/
 
User avatar
cbrown
Trainer
Trainer
Posts: 1839
Joined: Thu Oct 14, 2010 8:57 pm
Contact:

Re: Mikrotik Router DDoS attack

Tue May 01, 2012 2:17 pm

Isn't this pretty much the same topic?

http://forum.mikrotik.com/viewtopic.php?f=2&t=61535
 
PoURaN
just joined
Topic Author
Posts: 3
Joined: Sat Apr 28, 2012 5:03 pm

Re: Mikrotik Router DDoS attack

Tue May 01, 2012 9:52 pm

Isn't this pretty much the same topic?

http://forum.mikrotik.com/viewtopic.php?f=2&t=61535
they are 2 seperate vulnerabilities..
One for winbox (client side) and one for winbox service on server side..
 
gsloop
Member Candidate
Member Candidate
Posts: 213
Joined: Wed Jan 04, 2012 11:34 pm
Contact:

Re: Mikrotik Router DDoS attack

Mon May 07, 2012 9:55 pm

I went looking to see about the DOS attacks, and all the threads I can find, have been deleted.

I find this quite troubling.

Is MikroTik simply going to address security vulnerabilities by quashing any discussion of them?!?!

I'm not aware of any security list, or the like so one can know about such issues and how to address them.

So, I'd like an answer MK ...
1) Is discussion of a security vulnerability and the steps to mitigate it off limits?
2) If so, how do you propose to allow these kind of issues to be discussed?
3) Finally, shouldn't there be a security channel where such problems are announced and the issues raised addressed?

-Greg
 
User avatar
tgrand
Long time Member
Long time Member
Posts: 667
Joined: Mon Aug 21, 2006 2:57 am
Location: Winnipeg, Manitoba, Canada

Re: Mikrotik Router DDoS attack

Tue May 08, 2012 4:25 am

Winbox from my perspective is for management and should not be available to ANY ip source addresses.

Do this to any management protocol at your own risk.
 
brianlewis
Member Candidate
Member Candidate
Posts: 134
Joined: Tue Jul 20, 2004 10:54 am
Location: Irvine, CA

Re: Mikrotik Router DDoS attack

Wed May 09, 2012 4:50 pm

We configure all our routers to have a 'safe' list and a 'hacker' list, any management ips are added to safe list statically and added to source allow at top of firewall rules, then anyone connecting to 8291 port is added to 'hacker' list which is blocked
First line : allow safe list
Second line : block source hacker list
Third line : If tcp 8291 dst add source address to list 'hacker'
 
gsloop
Member Candidate
Member Candidate
Posts: 213
Joined: Wed Jan 04, 2012 11:34 pm
Contact:

Re: Mikrotik Router DDoS attack

Wed May 09, 2012 10:03 pm

These are all nice replies, but mostly meaningless unless we know more about the problem and a full discussion of the issues from MT. Since this hasn't happened, these mitigation may well not "mitigate" anything.

Further, while mitigating a problem is nice - there are some cases where allowing WinBox management from the WAN side in an unrestricted manner is the only real option.

Again, banning or deleting discussion of the problem and avoiding full disclosure is simply stupidity, IMO.
The "bad guys" will all have the ability to attack your systems, and you'll be without any real knowledge about the issue and how to best protect yourself.

This kind of response makes me question the choice to use MT. It's misguided and the only people it hurts is the user base.
It may appear to help MT in the short-term, but companies that stomp all over discussion of vulnerabilities, especially in the security world, should die quick deaths.

Witness RSA and the secure ID fob token train-wreck. No disclosure, until months later, and then only when cornered. "Ah, yeah, everyone who used our product was totally vulnerable to a horrible attack. But trust us, we have your interests in mind!"

I don't trust anyone, and especially not anyone who has a financial interest in misleading me. Give me details and let me evaluate the issue.

-Greg
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26322
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: Mikrotik Router DDoS attack

Thu May 10, 2012 10:49 am

RouterOS with a firewall is not vulnerable. Affected is only device with no protection. We are working on a fix for those unprotected machines.
by quashing any discussion of them?!?!
we are not quashing discussions, we are simply not blowing the problem out of proportion, to reduce peoples want to exploit this
 
DjM
Member Candidate
Member Candidate
Posts: 114
Joined: Sun Dec 27, 2009 2:44 pm

Re: Mikrotik Router DDoS attack

Thu May 10, 2012 6:05 pm

Hello MikroTik support team,

was both DDoS issues solved in released 5.16 version, please? I can't see information related to this topic in changelog.

Thank you
 
hci
Long time Member
Long time Member
Posts: 674
Joined: Fri May 28, 2004 5:10 pm

Re: Mikrotik Router DDoS attack

Thu May 10, 2012 10:38 pm

Also curious if 5.16 addresses any of this?
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26322
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: Mikrotik Router DDoS attack

Fri May 11, 2012 8:35 am

No. The problem is actually only one (DOS, not DDOS, because it's not distributed). You can solve it, by configuring a firewall rule on the router, to stop unknown connections to the router. Normally you should have such rules in place already, as most RouterBOARDs have such configuration by default.

We will solve the issue in the next version. The other "problem" works like this - somebody could create a program that looks like a router to the Winbox Loader. When the Winbox user is tricked into connecting to this fake "router", the windows user could be attacked. In near future, Winbox loader will be eliminated (Winbox will be one program), and this problem will be solved by itself.

None of these issues are new. They have been there since Winbox was first released.
 
gsloop
Member Candidate
Member Candidate
Posts: 213
Joined: Wed Jan 04, 2012 11:34 pm
Contact:

Re: Mikrotik Router DDoS attack

Wed May 16, 2012 7:33 pm

Normis...

I'm not sure why you all feel so strongly about this. [Quite clear, since you deleted my last post...]
I'm really not trying to be a PITA, but I haven't heard any real answers.

So, I'd like an answer MK ...
1) Is discussion of a security vulnerability and the steps to mitigate it off limits?
2) If so, how do you propose to allow these kind of issues to be discussed?
3) Finally, shouldn't there be a security channel where such problems are announced and the issues raised addressed?
What I know about the issues is REALLY thin.
...And apparently I'm not allowed to pose further questions here, or to prod you/MikroTik to provide more answers etc.

---
So lets try, for the sake of furthering the discussion, to talk about disclosure, a security notification process etc.

Is there a security channel, or list-serv? [If not, which I assume is the case, is there a plan to create one?]
If you're not going to have one, should people just submit known vulnerabilities to CERT and let them handle the disclosure?

I'd assume you've seen these, but this is what I'd expect in a security channel:
http://www.us-cert.gov/cas/bulletins/SB12-135.html
and
http://www.us-cert.gov/cas/techalerts/TA12-101B.html

It has the date it was published.
It has a clear synopsis of the problem.
It has a score and category of severity.

It has a link to a fuller discussion of the issue (e.g. http://www.adobe.com/support/security/b ... 12-08.html) where you learn:
Which versions are affected.
What the potentials are. (e.g. A DOS with potential for remote privileged access.)
...and lots more.
[That's a whole different world than we've seen around this issue.]


I think a similar approach is a very good thing for MikroTik, and for those of us supporting the product.

---
And one specific question about the current issues:

Do you have a time-frame for a fix?

[I really need WinBox access from the world, as I suspect most others do too. Simply firewalling off the WinBox port, or disabling WinBox support completely really isn't a workable solution for me. ...and yes, I could turn it off, login with SSH, turn it on for a single host, do my work, and then turn it back off - or some other work-around, but these are practically unworkable. The result is that it's such a PITA to manage the box, you just either turn it on and live with the risk, or turn it off and never turn it on except in the most dire of emergencies. And I think it's pretty clear that either of those two extremes are less than ideal.]

-Greg
 
User avatar
MCT
Member Candidate
Member Candidate
Posts: 158
Joined: Wed Mar 03, 2010 5:53 pm

Re: Mikrotik Router DDoS attack

Thu May 17, 2012 6:37 am

This is one of the things that has hurt Mikrotik's reputation the most. This is the internet, and nothing attracts attention more than a company deleting posts about security issues or bugs. If they can't discuss it on your official forums they're going to go discuss it on your competitor and 3rd party forums. There's numerous examples of this.

The correct way to handle such issues it to acknowledge it and post a notice about the vulnerability, versions affected, and mitigation steps to take until a patch is issued.
 
User avatar
janisk
MikroTik Support
MikroTik Support
Posts: 6263
Joined: Tue Feb 14, 2006 9:46 am
Location: Riga, Latvia

Re: Mikrotik Router DDoS attack

Thu May 17, 2012 10:39 am

well as a RouterOS and RouterBOARD user myself all i can suggest is - create decent firewall that will allow you everything you like and still keep the router safe.

There have been endless discussions about what is and what is not safe. Now - suggested configuration have proposed WAN interface completely cut off, hence all the attacks can come only from within your network where you can deal with them swiftly and easily.

And once again - having proper configuration in place resolves the issues like this. When i configure the router usually i have port-knocking in place and allow encrypted tunnel to the router. In user list - connection to the router is allowed only from management IP addresses. That was so in 2.9.x era and so it is now.

Anyway described problems are worked on. And this topic looks more like scaremongering than anything else.
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26322
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: Mikrotik Router DDoS attack

Thu May 17, 2012 10:40 am

Some nice suggestions here: http://gregsowell.com/?p=3773

Something that many have missed: RouterBOARDs have this firewall rule by default
 
User avatar
MCT
Member Candidate
Member Candidate
Posts: 158
Joined: Wed Mar 03, 2010 5:53 pm

Re: Mikrotik Router DDoS attack

Thu May 17, 2012 4:22 pm

well as a RouterOS and RouterBOARD user myself all i can suggest is - create decent firewall that will allow you everything you like and still keep the router safe.

There have been endless discussions about what is and what is not safe. Now - suggested configuration have proposed WAN interface completely cut off, hence all the attacks can come only from within your network where you can deal with them swiftly and easily.

And once again - having proper configuration in place resolves the issues like this. When i configure the router usually i have port-knocking in place and allow encrypted tunnel to the router. In user list - connection to the router is allowed only from management IP addresses. That was so in 2.9.x era and so it is now.

Anyway described problems are worked on. And this topic looks more like scaremongering than anything else.
It doesn't have to be that way, but it will end up that way if posts like this get deleted. The way to handle it is to make a sticky notice about the vulnerability, what versions are affected, how to mitigate it, and that Mikrotik is aware of the problem and working on a patch.

I guarantee you that people that will actually use the vulnerability already know about it. The professional thing to do is notify your users about the issue in an official channel. That way you appear in control of the situation instead of trying to cover it up, and if the internet has taught the world anything it's that trying to cover anything up only makes it spread faster.
 
gsloop
Member Candidate
Member Candidate
Posts: 213
Joined: Wed Jan 04, 2012 11:34 pm
Contact:

Re: Mikrotik Router DDoS attack

Thu May 17, 2012 7:10 pm

So, Normis and Janisk both post elaborate defenses, and simply ignore all the queries about a security list-serv or equivalent?

Seriously?! [With all due respect, can I have what you're smoking? It's got to be good stuff!]

---
-- First: I can show you scare mongering, and this isn't it. [The first post or two, who knows. I'm not going to get into analyzing the mindset of another poster. Perhaps they are people with ill will toward RB/MikroTik, perhaps not. But my posts, and my queries, they've been respectful and simply asking for more data. The other posts also have been asking for more data.]

-- Second: Scaremongering only works if you refuse to get out in front of the problem and actually address the issues in non-bunker mentality. Be open about the issue, it's cause and ramifications, remediation steps and time for a fix.

You've had to be led, screaming and kicking the whole way, to get the most minimal disclosures so far. So, in that environment, you are being your own worst enemy in allowing MikroTik to be a "victim" of scare-mongering, IMO.

When people think you're being evasive, not fully honest, hiding things - that's when fear-mongering works.

[And that's how it looks to me - and really, I'm no hostile audience. I really WANT MikroTik to succeed. I've just spent a very significant amount of time moving my clients to RB and writing scripts and doing a lot of bench-testing etc. I don't have lots of great alternatives. So, believe me when I say, I *really* want RB to succeed. At it's core, it looks like a really great product. If I didn't want your success, I wouldn't have spent the time, money and resources here.]

So, if you want to immunize yourself against fear-mongering, just be fully open and very up-front about the problems. If you don't, someone will fill up the vacuum with mis-information - intentional or not.

-- Third: Please stop with all the "firewall blocks on the WAN interface fix the problem." You act as though this isn't a problem because you shouldn't use WinBox on the WAN interface. You act as though this is just "normal" and any non-retarded non-moron wouldn't be complaining at all, that this is all a total freak-out over absolutely nothing.

Lets just, for the sake of argument, assume this is a reasonable/plausible suggestion. [That it's all a "freak-out" over nothing.]
If that is really so, and freaking-out over nothing, and there's really nothing there, there...then why bother fixing the problem at all?

Oh, that's right, because it really *is* a problem.
Any station that can communicate with WinBox can exploit this and DOS the Routerboard, including internal stations - or something infected with a virus etc. [And yes, it would have to be specially tailored etc - I fully understand this.]

And the attacks from a "fake" RB server are, from the minimal data I have, very serious.

So, it *IS* a real problem. You're admitting that by fixing it. But you can't have it both ways. Either it's not a problem and we're not going to bother fixing it, or it IS a real problem and that is WHY we're spending the resources to fix it.

The mitigation steps help for people who *can* practically implement them. However, some won't be able to implement them, and the thing is *still* vulnerable unless you disable all management except through the serial interface. Do you think Cisco would get away with claiming that "only people on the LAN could DOS Cisco routers" and thus it was all no real problem? [Answer: ABSOLUTELY NO!]

However, there are, essentially, NO mitigation steps for the fake RB server problem however. [Again, going from the extremely limited data that MikroTik has divulged so far.]

-- Fourth. You continue to avoid any time-frame of a fix. "We're working on it," doesn't mean a lot to me. Did you ever hear about Duke NukEm Forever? They're working on it. [Just to save you time, it was a FPS game that went through a 15 year development cycle, and still generally sucked when it finally rolled over the finish line. It received a "Lifetime achievement award" for being vaporware.]

So, "working on it" is nice, but not enough.

When, generally, do you expect to have resolution in place. I understand that dev cycles aren't solid guarantees, but rough estimates are good. Should we expect six days, six weeks, six months, six years, six decades or six millenia?

Lastly:
And again. Is there some plan to put in place a security announcement list-serv? I shouldn't need to check the forum. Every other Linux product: Postfix, sendmail, dovecot, apache etc all have security-announce lists.

If I subscribe to the announce list, I get notifications of security problems and links to fuller discussion and remediation steps. MikroTik REALLY, REALLY, needs to do the same. Don't expect people to check in here every day/month/year to see if there was a security vulnerability that was addressed and fixed. You need to proactively contact anyone who wishes for notification of a problem. A moderated list-serv is usually the time-honored way to handle this.

I'll leave it there - but really MikroTik, you can get in front of this and actually lead the way. If you refuse, there are those of us who will "help" you. You probably won't like it, and as the above shows, it sure seems you don't. But as the saying goes: "You can either lead or follow, but get the *** out of the way."

To Recap, here's what I and others are asking!:
-Answers about the problem and it's scope. [Would be nice, but I'm not holding my breath.]
-Time-frame on a working fix for this undefined set of security vulnerabilities/DOS attacks. [Must have!]
-Position on a security list-serv and when and how you plan to implement. [Must have!]


-Greg
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26322
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: Mikrotik Router DDoS attack

Fri May 18, 2012 8:14 am

I already said that the problem is not serious, and that we will fix it.
And I can repeat again - by default, with no user interaction, a firewall rule exists to prevent this.
 
User avatar
janisk
MikroTik Support
MikroTik Support
Posts: 6263
Joined: Tue Feb 14, 2006 9:46 am
Location: Riga, Latvia

Re: Mikrotik Router DDoS attack

Fri May 18, 2012 12:40 pm

if we thought what you claim us to think - this would not exist:

http://wiki.mikrotik.com/wiki/Securing_ ... rOs_Router
http://wiki.mikrotik.com/wiki/Manual:IP ... protection

so if you have that in place, how serious is the vulnerability?

IMHO we are pretty open that you have to protect your router and configuration should be very strict what should and what should not be allowed.

And of course we are grateful that such a flaw was discovered and we can resolve the issue.
 
gsloop
Member Candidate
Member Candidate
Posts: 213
Joined: Wed Jan 04, 2012 11:34 pm
Contact:

Re: Mikrotik Router DDoS attack

Fri May 18, 2012 11:56 pm

So, the hyper-defense continues unabated. Whatever. I guess you'll believe what you want and we/I will believe what I believe.

I just can't figure out
1) why you refuse to go the full-disclosure route,
2) why you won't give an estimated time for release
3) why you won't commit to a list-serv or equivalent security notice mechanism.

[You know, the 1990's called and they want their security notification model back!]

If you change your mind, and decide to actually handle security-release notices like the rest of the civilized world, give me a shout. I'll certainly be glad to welcome you to the modern age.

-Greg
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26322
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: Mikrotik Router DDoS attack

Mon May 21, 2012 9:06 am

if you don't configure a password, somebody can log into your router. do you want us to "notify" you of that too? it's the same type of issue.
 
TKITFrank
Member Candidate
Member Candidate
Posts: 236
Joined: Tue Jul 07, 2009 2:55 pm
Location: Sweden

Re: Mikrotik Router DDoS attack

Mon May 21, 2012 10:55 am

if you don't configure a password, somebody can log into your router. do you want us to "notify" you of that too? it's the same type of issue.

I think this discussion has gotten out of hand. We can all conclude that you should have security measurements in place to protect your router. This is not the issue.
This issue is that there is a bug that can be utilized via a script or more.
You are working on a fix that is great.

But to get to the point.

I can also agree that MikroTik should have a security bulletin board. A board dedicated to security bugs not misconfiguration.
This bug when you guys at MikroTik got knowledge of it, you should via mail is a security bulletin told us about it and also give us the temporary security measurements to fix it until the patch is available.
To be ahead of it as said before. Not like now when the rumor is spreading and you have to do damage control. If you are on top of it you are in control like said before.

Any bug security or not should not be "silenced". That only leads to speculations. Which is never a good thing.

If this is done I think we all can be satisfied. :)
 
doush
Long time Member
Long time Member
Posts: 665
Joined: Thu Jun 04, 2009 3:11 pm

Re: Mikrotik Router DDoS attack

Mon May 21, 2012 9:30 pm

I didnt want to comment on this issue because this forum is moderated strictly and without freedom, so discussed in another forum about this issue but

after I read the moderators comments on this thread, I just want to say that I just cant believe you guys !
 
Paetur
just joined
Posts: 18
Joined: Sat Jan 21, 2012 3:00 pm

Mikrotik Router DDoS attack

Mon May 21, 2012 10:46 pm


-- Third: Please stop with all the "firewall blocks on the WAN interface fix the problem." You act as though this isn't a problem because you shouldn't use WinBox on the WAN interface. You act as though this is just "normal" and any non-retarded non-moron wouldn't be complaining at all, that this is all a total freak-out over absolutely nothing.

-Greg
I will agree that in the wiki there should be a short article about what not to do, like default passwords and ports an os on, if your a 'normal' person and not known in the admin world.

Edit: Ha, I missed the post with links to wiki about security. My bad.

Having said that, routerOS is not for 'normal' people. Any admin (non-moron / non-retard), knows that an open port is a risk, and should be secured with some non-default messure.

Port knocking, VPN, MGNT IP, VLAN, pick one.


/Paetur

Sent from my iPad using Tapatalk
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26322
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: Mikrotik Router DDoS attack

Tue May 22, 2012 8:40 am

Paetur, I just wanted to repeat what I said above, that on RouterBOARD devices - by default RouterOS has firewall in place, to protect against this. You can only be affected, if you remove those firewall rules by hand.
 
sinnet3000
just joined
Posts: 9
Joined: Thu Dec 29, 2011 7:52 pm

Re: Mikrotik Router DDoS attack

Tue May 22, 2012 9:12 am

Paetur, I just wanted to repeat what I said above, that on RouterBOARD devices - by default RouterOS has firewall in place, to protect against this. You can only be affected, if you remove those firewall rules by hand.

If you remove the steering wheel from a car, you will crash if you try to drive. Do we need stickers against that too?
I am really worried about this. Not considering security issues important will probably make me not recommend Microtik routers to other people. The fact that you can put rules on your WAN doesn't remove the fact that there is an exploit that creates a Dos on Winbox, and there could be more serious issues from this. Microtik should acknoledge that or many people will start losing respect for this company. The firewall is a faulty workaround.

This exploit not only makes Winbox service fail, but as reported it also affects the CPU load and most routers lose BGP after a long time attack. If I was an attacker and I knew they use Microtik as their hardware and even if they had an ACL that would only allow the sysadmins to access. A virus could be written that would exploit this from those machines, and maybe it is even possible to modify to exploit to DOS with spoffed ip addresses, only knowing the IPs that are able to be accesed from the LAN would only be the necessary thing.
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26322
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: Mikrotik Router DDoS attack

Tue May 22, 2012 9:18 am

As it was said multiple times before, we are working on a fix for this.
 
Paetur
just joined
Posts: 18
Joined: Sat Jan 21, 2012 3:00 pm

Mikrotik Router DDoS attack

Tue May 22, 2012 10:53 am

Paetur, I just wanted to repeat what I said above, that on RouterBOARD devices - by default RouterOS has firewall in place, to protect against this. You can only be affected, if you remove those firewall rules by hand.

If you remove the steering wheel from a car, you will crash if you try to drive. Do we need stickers against that too?
Dude. Read my post again. I was agree'ing with you.


/Paetur

Sent from my iPad using Tapatalk
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26322
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: Mikrotik Router DDoS attack

Tue May 22, 2012 11:18 am

I know, I meant to say "in addition to what you said, I wanted to repeat to others ..."
 
TKITFrank
Member Candidate
Member Candidate
Posts: 236
Joined: Tue Jul 07, 2009 2:55 pm
Location: Sweden

Re: Mikrotik Router DDoS attack

Tue May 22, 2012 4:02 pm

As it was said multiple times before, we are working on a fix for this.
Hi Normis,

As said before this is getting out of hand.

As a measurement can you do the following?
1) Create a new forum entry called security or what you find appropriate.
2) Add this security issue as a sticky and attach all info about it, How it affects the system and so on (In detail)
3) Add status on the fix you will provide. Include detail and so on...
4) Add info on the temporary solution with the firewall, Or a link to the wiki. What you find reasonable.
5) Close this thread and post a link to the new thread.
6) Any new info small or significant on this issue or the fix for it update on the security thread.

Then you are on top of it and announcing it properly :)
I think this is some what has been wanted if we read between the lines in this thread...
 
User avatar
honzam
Forum Guru
Forum Guru
Posts: 2394
Joined: Wed Feb 27, 2008 10:27 pm
Location: Czech Republic

Re: Mikrotik Router DDoS attack

Tue May 22, 2012 4:06 pm

As it was said multiple times before, we are working on a fix for this.
Hi Normis,

As said before this is getting out of hand.

As a measurement can you do the following?
1) Create a new forum entry called security or what you find appropriate.
2) Add this security issue as a sticky and attach all info about it, How it affects the system and so on (In detail)
3) Add status on the fix you will provide. Include detail and so on...
4) Add info on the temporary solution with the firewall, Or a link to the wiki. What you find reasonable.
5) Close this thread and post a link to the new thread.
6) Any new info small or significant on this issue or the fix for it update on the security thread.

Then you are on top of it and announcing it properly :)
I think this is some what has been wanted if we read between the lines in this thread...
+1
 
killersoft
Member Candidate
Member Candidate
Posts: 235
Joined: Mon Apr 11, 2011 2:34 pm
Location: Victoria, Australia

Re: Mikrotik Router DDoS attack

Tue May 22, 2012 5:06 pm

add action=drop chain=input disabled=no dst-port=\
0-1055,8291,8080,5000 in-interface="Internode PPPoE" \
protocol=tcp


Thats what I place on my wan-pppoe interface to deter nastie inbounds! Its not all i have in my rules(drop icmp etc)but makes it clear i'm not playing !!
 
gsloop
Member Candidate
Member Candidate
Posts: 213
Joined: Wed Jan 04, 2012 11:34 pm
Contact:

Re: Mikrotik Router DDoS attack

Thu May 24, 2012 8:51 pm

To Recap, here's what I and others are asking!:
-Answers about the problem and it's scope. [Would be nice, but I'm not holding my breath.]
-Time-frame on a working fix for this undefined set of security vulnerabilities/DOS attacks. [Must have!]
-Position on a security list-serv and when and how you plan to implement. [Must have!]

Are you simply refusing to take any position on these issues?

Being coy about it doesn't help MikroTik or us as users.

Either outright refuse to do these, or tell us what you are planning to do and when.
[each individually of course]

-Greg

Who is online

Users browsing this forum: Michiganbroadband, patrikg and 83 guests