Community discussions

Search found 8 matches

by markrobo
Sat Jan 12, 2019 12:12 am
Forum: RouterBOARD hardware
Topic: Which RB devices are upgraded to have USR LED and MODE button?
Replies: 3
Views: 633

Re: Which RB devices are upgraded to have USR LED and MODE button?

Thanks for your replies. You can make the devices act on multiple mode button presses. Have a looks at mode-button-event and mode-button-scheduler . For these to function you need other scripts from routeros-scripts . These links are such a great resource - thank you very much. Out of curiosity: Wha...
by markrobo
Wed Jan 09, 2019 5:56 pm
Forum: RouterBOARD hardware
Topic: Which RB devices are upgraded to have USR LED and MODE button?
Replies: 3
Views: 633

Which RB devices are upgraded to have USR LED and MODE button?

Hi all! It has come to my attention that some RB devices are upgraded to have "USR" LED and "MODE" button. An example would be the hAP lite model which originaly didn't have MODE button, but at some point they started selling models with same name with MODE button (only it's not clear enough if it h...
by markrobo
Tue Apr 24, 2018 9:28 am
Forum: Announcements
Topic: Advisory: Vulnerability exploiting the Winbox port [SOLVED]
Replies: 204
Views: 164351

Re: Advisory: Vulnerability exploiting the Winbox port

Well, this is really embarrassing, my enthusiasm with MikroTik is fading due to this few recent vulnerabilities and attacks. Security must be top priority of vendor this size - we are not in the 90's anymore. You could have set up at least few honey pot routers and tie them with some SIEM software s...
by markrobo
Tue Apr 17, 2018 1:51 pm
Forum: General
Topic: MikroTik 6.41.4 - FTP daemon Denial of Service PoC
Replies: 25
Views: 1817

Re: MikroTik 6.41.4 - FTP daemon Denial of Service PoC

... The problem is the people like c0nstantine and many others, who set their own rules, send a mail on Friday and start whining the next Tuesday about "still not resolved" (with the actual time available for processing maybe being even less due to timezone difference), and go on with publishing de...
by markrobo
Tue Apr 17, 2018 12:34 pm
Forum: General
Topic: MikroTik 6.41.4 - FTP daemon Denial of Service PoC
Replies: 25
Views: 1817

Re: MikroTik 6.41.4 - FTP daemon Denial of Service PoC

Good! But the point that those sore losers that claim to be "whitehat hackers" don't seem to understand that everything in society is built up to some reasonable standard of quality and security, as a trade-off between effort/cost and result. Of course the bus shelter could be built with steel plat...
by markrobo
Tue Apr 17, 2018 10:23 am
Forum: General
Topic: MikroTik 6.41.4 - FTP daemon Denial of Service PoC
Replies: 25
Views: 1817

Re: MikroTik 6.41.4 - FTP daemon Denial of Service PoC

I still think that MikroTik should invest more effort regarding security. My suggestions are: Create separate mail address where security concerns and vulnerabilities will be reported and at least answer people who submit valid stuff. Create some bug bounty program where experts will test your produ...
by markrobo
Mon Apr 16, 2018 1:29 pm
Forum: General
Topic: MikroTik 6.41.4 - FTP daemon Denial of Service PoC
Replies: 25
Views: 1817

MikroTik 6.41.4 - FTP daemon Denial of Service PoC

Hi! Does anyone have some information about " MikroTik 6.41.4 - FTP daemon Denial of Service PoC " and CVE-2018-10070 vulnerability? The PoC has appeared on this link: https://www.exploit-db.com/exploits/44450/ . Is it possible to have some security mailing list and dedicated "Security" subforum? Se...
by markrobo
Tue Sep 26, 2017 11:44 am
Forum: SwOS
Topic: SwOS security, forwarding option - L2 client isolation
Replies: 0
Views: 654

SwOS security, forwarding option - L2 client isolation

Hi all! :) I was wondering how good is SwOS "Forwarding" option for L2 client isolation in security terms. Example use case can be when the clients must use the same L3 device, which is managed by ISP (e.g. Router with DHCP), and when there is a need to block groups of clients connected to different...