Community discussions

Search found 42 matches

by eXS
Tue Dec 18, 2018 9:48 pm
Forum: Beginner Basics
Topic: Winbox stuck logging in
Replies: 9
Views: 1755

Re: Winbox stuck logging in

I've had this problem when windows is confused as to its own routing (multiple NICs, empty gateway on one or whatever etc) Does this windows machine have multiple network cards? Try disabling all NICs with the exception of one (which i'm assuming you'd know which) The alternative being hitting the c...
by eXS
Sun Dec 09, 2018 1:15 am
Forum: RouterOS v6 RC and v7 BETA
Topic: the pcc dose not work when it works with fasttrack
Replies: 18
Views: 1442

Re: the pcc dose not work when it works with fasttrack

The rule /ip firewall filter add action=fasttrack-connection chain=forward connection-state=established,related src-address=!192.168.41.0/24 I tried to keep a queue functional by excluding [!] the IP's, similar to above ^, but it would not work. I had to put accept rules with that traffic before th...
by eXS
Sun Dec 09, 2018 1:01 am
Forum: General
Topic: Fasttrack and Simple Queue
Replies: 6
Views: 1821

Re: Fasttrack and Simple Queue

Is using FastTrack at MT router with NAT overrides(disables) Simple Queue for traffic passing that router. In other words - can I use FastTrack AND Simple Queues? Yes, but only if you have an "accept" rule in the firewall to accept the traffic that needs to flow through the simple queue (with estab...
by eXS
Wed Nov 28, 2018 5:13 am
Forum: General
Topic: How to sniff traffic between wifi clients (same subnet)
Replies: 11
Views: 979

Re: Packet sniffer does not sniff UDP packets

I never use the built in packet sniffer tool in winbox or the web interface, but i do use mangle rules to "sniff tzsp" (action) to a wireshark box, target port 37008 / "tzsp" in wireshark, since tzsp uses udp it can be tricky/shitty to filter in wireshark for udp but it can be done, sorta.
by eXS
Sat Nov 17, 2018 8:21 am
Forum: Announcements
Topic: v6.43.4 [stable] is released!
Replies: 78
Views: 20464

Re: v6.43.4 [stable] is released!

Today the firewall connections list on one of my 1100x2's in winbox would keep going blank, progressively remaining/becoming more blank the longer the window was left open, despite 300-400 (fluctuating) "items" (bottom of connections window) - for a moment i thought it was because the list was actua...
by eXS
Sat Nov 10, 2018 1:52 am
Forum: Beginner Basics
Topic: The winbox is hard to use
Replies: 12
Views: 972

Re: The winbox is hard to use

Overall i would not say "winbox is hard to use" (comparatively) Winbox makes other gui's seem like garbage. I can get things done a lot faster in winbox compared to others. - but there is certainly room for improvement. Being able to minimize or some form of tabs (as an option) or a different window...
by eXS
Fri Nov 09, 2018 6:29 am
Forum: Announcements
Topic: v6.43.4 [stable] is released!
Replies: 78
Views: 20464

Re: v6.43.4 [stable] is released!

After upgrade & logging in for the first time the "Check for Updates" dialog was blank & giving an " error could not connect out of streams resources " at the bottom, this error remained despite trying "Check for updates" - by near accident i noticed if i changed the "Channel" drop down list the err...
by eXS
Tue Oct 16, 2018 6:26 am
Forum: Beginner Basics
Topic: Firewall works but doesn't feel right
Replies: 3
Views: 415

Re: Firewall works but doesn't feel right

Throwing guesses out there: @ Bridge Settings [x] Use IP Firewall ? (and others+) [ ] Allow Fast Path? @ Bridge / [x/ ] VLAN Filtering ? @ Ports / Port Settings [ ] Hardware Offload <- (I know this has to be turned off under certain situations) I don't have anything to look at in front of so not sure.
by eXS
Sun Oct 14, 2018 9:17 pm
Forum: Beginner Basics
Topic: Firewall works but doesn't feel right
Replies: 3
Views: 415

Re: Firewall works but doesn't feel right

Bridges involved?
by eXS
Sat Oct 13, 2018 10:42 am
Forum: General
Topic: [Feature Request] Winbox username is sent in plain text
Replies: 10
Views: 827

Re: [Feature Request] Winbox username is sent in plain text

This seems ridiculous?

In the industry every service isn't passing around plain text usernames?

Not a concern?
by eXS
Fri Sep 14, 2018 5:08 am
Forum: Announcements
Topic: Newsletter #84
Replies: 47
Views: 11901

Re: Newsletter #84

Looking at the Ethernet test results of RB4011 vs RB1100AHx4 - How is the RB4011 pulling better numbers? Where's the difference?
by eXS
Fri Sep 07, 2018 12:16 am
Forum: General
Topic: problem with outbound traffic between mikrotik and fortigate
Replies: 4
Views: 306

Re: problem with outbound traffic between mikrotik and fortigate

Are you literally using 1.2.3.0/24 ?
by eXS
Fri Sep 07, 2018 12:09 am
Forum: Beginner Basics
Topic: PS4/Hulu connection issues.
Replies: 6
Views: 594

Re: PS4/Hulu connection issues.

Sounds like Hulu doesn't like something about your connection (ISP, your IP address, Geolocation) or is detecting an open service on your IP address (or provider) I have users watching Hulu daily, no problems. I have no experience with PS4 but i'm guessing it's lack of PnP related, which no one seem...
by eXS
Wed Aug 22, 2018 7:38 am
Forum: General
Topic: PSA: bandwidth-test Brute Force attempts
Replies: 2
Views: 426

Re: PSA: bandwidth-test Brute Force attempts

I might agree with that, services are kind of all overish
by eXS
Wed Aug 22, 2018 4:49 am
Forum: Scripting
Topic: Blacklisting seems popular, honeypot made simple
Replies: 12
Views: 1686

Re: Blacklisting seems popular, honeypot made simple

Don't be afraid to get out there a little more on ports, ranges and some UDP in there too.

- Although taken to an extreme you may want to make sure you know how to track down inadvertently blocked traffic first :>
by eXS
Wed Aug 08, 2018 7:29 pm
Forum: General
Topic: Do not open port tcp/23 to your device from internet you will be hacked
Replies: 6
Views: 807

Re: Do not open port tcp/23 to your device from internet you will be hacked

Port 23, among many others, is one that I also monitor & ban on. (add to 'ban' address list)

As indicated, I've also found it to be the most frequently hit port, I get hit constantly.

Disable the service & change the corresponding service port to something (anything) else.
by eXS
Tue Jul 31, 2018 4:34 am
Forum: General
Topic: 185.153.198.228 Has been BUSY
Replies: 9
Views: 976

Re: 185.153.198.228 Has been BUSY

FWIW i checked my fw's shitlist and found several 185.153.198.* IPs
by eXS
Fri Jul 27, 2018 6:13 pm
Forum: Wireless Networking
Topic: Removing Mikrotik elements from beacons
Replies: 13
Views: 1732

Re: Removing Mikrotik elements from beacons

Same here
by eXS
Mon Jul 23, 2018 10:33 pm
Forum: General
Topic: Portscan within the local network (DROP)
Replies: 1
Views: 316

Re: Portscan within the local network (DROP)

I've been curious about using packet flags/state to detect port scans but i went the cheap route - I use (input) fw rules to ban IPs trying to connect to ports that aren't in use. With some exceptions anything <= 1024 essentially, using ranges. I also then add many (one-off) ports above that range t...
by eXS
Sun Jul 08, 2018 3:30 am
Forum: Beginner Basics
Topic: How specific do you make your FW rules?
Replies: 4
Views: 514

Re: How specific do you make your FW rules?

i get very specific and 30 rules isn't even worth the post :)
by eXS
Sat Jul 07, 2018 3:34 am
Forum: General
Topic: DNSSEC
Replies: 33
Views: 9410

Re: DNSSEC

Simple: do not use the resolver in the MikroTik for clients, but let them directly use 1.1.1.1 or 8.8.8.8 or similar.
(advertised via DHCP)
I think there's a lot of reasons people wouldn't want to do that though.
by eXS
Tue Jul 03, 2018 2:55 am
Forum: General
Topic: Suspicious Traffic on WAN (Help with Firewall Rules RB951G)
Replies: 7
Views: 660

Re: Help with Firewall Rules (RB951G)

I was thinking maybe he was missing NAT/masq rules or a misconfig there
by eXS
Sun Jul 01, 2018 10:00 am
Forum: General
Topic: DNS Cache full of junk [BUG]
Replies: 11
Views: 1244

Re: DNS Cache full of junk [BUG]

Or, uh not that?
by eXS
Sat Jun 09, 2018 2:02 am
Forum: Announcements
Topic: VPNfilter official statement
Replies: 191
Views: 71471

Re: VPNfilter official statement

It was less than a month between the increased botnet http vuln (03/28) & the discovery of the winbox vuln (04/23) Can someone confirm VPNfilter exclusively utilizing the http vuln ? A post in the http vuln (03/28) thread: "Also via the winbox port ... We think there is a circular second exploit tha...
by eXS
Thu Jun 07, 2018 6:29 am
Forum: General
Topic: IP Address Range for a firewall rule?
Replies: 5
Views: 490

Re: IP Address Range for a firewall rule?

My understanding is that FW rules ( a layer 3 function) do not apply to/within the same LAN subnet ( a layer two entity). In other words, within a LAN, you cannot block IPs from each other using FW rules ??? gotsprings; I block my vlan subnets the long way, i'd be curious of something shorter, i've...
by eXS
Mon Jun 04, 2018 10:52 pm
Forum: Beginner Basics
Topic: Feeling overwhelmed setting up hap ac2
Replies: 11
Views: 1667

Re: Feeling overwhelmed setting up hap ac2

It sounds like you have 2 dhcp servers serving up 192.168.1.0/24 ?

Why wouldn't wireless clients be able to get an IP address from the "fibre router" through the MT ? (bridge?)
by eXS
Thu Apr 26, 2018 6:50 am
Forum: Beginner Basics
Topic: 8 apartments, separate SSID's for security?
Replies: 14
Views: 881

Re: 8 apartments, separate SSID's for security?

Charge tenants more for their own dedicated SSID. Profit.
by eXS
Fri Apr 20, 2018 7:55 pm
Forum: General
Topic: Probably Loop (bridge port receive packets with own address as source address [SOLVED]
Replies: 3
Views: 3379

Re: Probably Loop (bridge port receive packets with own address as source address [SOLVED]

I'd never seen this message until after upgrading to 6.41.3 I didn't think much of it because it seemed related to a client disconnecting & choosing a different nearby AP. (1) second before the "own address as source" message being logged i see a client ~"disconnected, registered to other device in ...
by eXS
Sat Mar 31, 2018 8:31 am
Forum: Announcements
Topic: Urgent security advisory
Replies: 110
Views: 84866

Re: Urgent security advisory

Assign cases, not "that's the other problem"
1) Upgrade to 6.38.5 fixes the botnet scanner and removes it. <cite specific article>
2) Upgrade to 6.41.3 fixes SMB vulnerability. <cite specific article>
<clarify differences>
by eXS
Thu Mar 15, 2018 2:01 am
Forum: General
Topic: Slingshot APT [SOLVED]
Replies: 44
Views: 23254

Re: Slingshot APT, RouterOS spying software [SOLVED]

I can't be finding out about these issues by word of mouth or because it shows up on a news feed somewhere. Why doesn't Mikrotik have a site that actively lists established security concerns? People can't be expected to find this forum, this thread & drill halfway down through posts to find answers....
by eXS
Wed Nov 01, 2017 7:23 am
Forum: General
Topic: IoT Botnet 'IoTroop' or 'IoT Reaper' compromising Mikrotik devices
Replies: 5
Views: 948

Re: IoT Botnet 'IoTroop' or 'IoT Reaper' compromising Mikrotik devices

I think I found my answer on a public list of vulnerabilities, though it might not be complete: https://www.cvedetails.com/vendor/12508/Mikrotik.html I didn't even really know about those 6.38.5 vulnerabilities - although now that i think about it i recall the 2 page thread going back & forth re: v...
by eXS
Tue Oct 31, 2017 10:00 pm
Forum: General
Topic: drop forward between 5 subnets
Replies: 3
Views: 472

Re: drop forward between 5 subnets

Maybe like this: ip fire fil add action=drop chain=forward dst-address=192.168.0.0/21 src-address=\ 192.168.0.0/21 This will block the batch from 192.168.0.0 to 192.168.7.254 in both directions, because whoever request a connection, other host have to reply. Does this not also block traffic between...
by eXS
Mon Oct 30, 2017 5:37 am
Forum: RouterOS v6 RC and v7 BETA
Topic: WInbox feature request: drag and drop column order and right click column menu
Replies: 18
Views: 2862

Re: WInbox feature request: drag and drop column order and right click column menu

Being able to change the order of the columns would be really helpful, and make more visual sense in situations when reading left->right while utilizing lists.
by eXS
Wed May 17, 2017 7:22 am
Forum: Wireless Networking
Topic: Repeater Configuration with MikroTik RouterBOARD 941-2nD
Replies: 4
Views: 1564

Re: Repeater Configuration with MikroTik RouterBOARD 941-2nD

Has anyone referenced "Step 3" @ http://www.tp-link.com/us/faq-691.html ?

Is it possible the DHCP lease time is too short, or TP-link IP address needs to be static @ the Mikrotik ?
by eXS
Thu May 11, 2017 11:09 pm
Forum: RouterBOARD hardware
Topic: RB1100AHx4 Dude Edition
Replies: 52
Views: 11320

Re: RB1100AHx4 Dude Edition

Curious as to why the x4 has less RAM than the x2 ??

Anyone?
by eXS
Thu May 11, 2017 10:25 pm
Forum: Beginner Basics
Topic: Want to block traffic between two unmannaged switches
Replies: 5
Views: 782

Re: Want to block traffic between two unmannaged switches

Not a huge amount of experience on this but as previously mentioned you could bridge ports & under the bridge options "[X] Use IP Firewall" - You may want to start off with turning STP off on the bridge -> Protocol Mode: "[x] none" - You may want to keep track of IP/Settings, specifically the "RP Fi...
by eXS
Mon May 01, 2017 7:40 pm
Forum: Beginner Basics
Topic: Can't configure RBwAP2nD-BE (wAP) - SOLVED
Replies: 9
Views: 3589

Re: Can't configure RBwAP2nD-BE (wAP)

Didn't realize you were using multiple NICs, would have suggested the same as here: https://forum.mikrotik.com/viewtopic.php?p=595412#p595412 I'm not sure if its windows or winbox, could be a tossup. The other day wireshark wouldn't detect wired (usb) or wireless NICs on a win10 laptop of mine, re-b...
by eXS
Thu Apr 20, 2017 11:16 pm
Forum: Beginner Basics
Topic: Can't configure RBwAP2nD-BE (wAP) - SOLVED
Replies: 9
Views: 3589

Re: Can't configure RBwAP2nD-BE (wAP)

If you are able to obtain the RB MAC address via Wireshark (under > "IEEE 802.3 Ethernet" -> "Source: Routerbo_*) - I would attempt to "Connect To <MAC ADDRESS>" - in Winbox

- There's no switch or anything in between, right?
by eXS
Thu Apr 20, 2017 9:06 pm
Forum: General
Topic: Connect with Winbox or Serial
Replies: 2
Views: 679

Re: Connect with Winbox or Serial

I'm not sure if this is the same or not.. & i don't know the exact cause... I've had WinBox properly detect neighbor, but fail to connect many times via MAC (same as here) - and my solution was to essentially disable all other NICs in Windows except the one I wanted to connect on. (eventually, might...
by eXS
Fri Apr 14, 2017 4:17 am
Forum: General
Topic: Forwarding packets on input chain
Replies: 6
Views: 873

Re: Forwarding packets on input chain

I asked nearly the exact same question - how to TZSP packets on the last drop rules - and was promptly chastised & nearly got into an argument on the mikrotik channel on freenode. Whoever i was talking with acted like i was an idiot for asking, couldn't possibly understand the need, essentially told...