Community discussions

Search found 70 matches

  • 1
  • 2
by BRMateus2
Mon Jun 03, 2019 3:50 am
Forum: Wireless Networking
Topic: 2.4 4-way handshake timeout
Replies: 10
Views: 1070

Re: 2.4 4-way handshake timeout

Did the Ruckus work? I've never seem something like this, are you sure there is no jammer nearby? Jammers don't show in any of the WiFi protocol scans.
by BRMateus2
Sat Jun 01, 2019 8:29 pm
Forum: General
Topic: Ping Knock
Replies: 20
Views: 2461

Re: Ping Knock

A bit of troubleshooting and I realize that the ICMP-TIMEOUT in conntracking is the issue. If I reduce that value to 2 secondes and add a "ping 127.0.0.1 -n 5" in my batch file, then everything works as expected.
Isn't because you are using connection-state=new?
by BRMateus2
Thu May 23, 2019 1:21 pm
Forum: Wireless Networking
Topic: Why wireless 'A'-mode when I hard set to N-mode [SOLVED]
Replies: 2
Views: 351

Re: Why wireless 'A'-mode when I hard set to N-mode [SOLVED]

What is on your advanced WiFi configuration data rates? The lower rates are to reduce power usage and minimal control (beacon, etc).
If you want always high transfer rates, you need to disable the lower data rates manually, at the cost of stability considering the signal quality and noise.
by BRMateus2
Fri Apr 26, 2019 4:21 am
Forum: Announcements
Topic: v6.44.3 [stable] is released!
Replies: 123
Views: 30057

Re: v6.44.3 [stable] is released!

@xbar7networks
You might want to send supout to MikroTik support, as this kind of debugging might be out of the scope.

You sure the voltage is ok?
by BRMateus2
Fri Apr 26, 2019 2:46 am
Forum: General
Topic: RB1100AHx4 Dude Edition insecure by default
Replies: 11
Views: 592

Re: RB1100AHx4 Dude Edition insecure by default

This is your fault, as no device should be placed into Internet before configuration.
It's the same as I uploading a example sketch to a Arduino and putting it to run 24hs in the WAN natted, it's bad.
by BRMateus2
Thu Apr 25, 2019 1:53 am
Forum: General
Topic: restore original firmware
Replies: 4
Views: 306

Re: restore original firmware

Don't think you can without by serial console or some soldering, as you said the firmware does not support flashing MikroTik firmware.
by BRMateus2
Tue Apr 23, 2019 4:49 am
Forum: General
Topic: Graphical interface
Replies: 5
Views: 573

Re: Graphical interface

Such a "simple software" of drawing and translating into scripts is very time consuming to produce, and will be very limited in settings available considering how time consuming it is - even more, only a few people will use it, as Quick set itself is enough for many new-to-networking users - it woul...
by BRMateus2
Tue Apr 02, 2019 11:44 pm
Forum: General
Topic: UKNOF 43 CVE
Replies: 223
Views: 38590

Re: UKNOF 43 CVE

Memory fragmentation undefined behaviour bugs happens even in Windows (do a 500MB free test without swap, Windows craps out).
It is very hard to handle such malloc issues, because it is part of malloc itself - any kind of new route or such, will bug out the dynamic buffers, etc.
by BRMateus2
Mon Apr 01, 2019 4:46 pm
Forum: General
Topic: UKNOF 43 CVE
Replies: 223
Views: 38590

Re: UKNOF 43 CVE

Linux 5 is there, an stable kernel with tons of fixes from very dangerous bugs of 4.14-4.16 (BFQ with SCSI kernel locks (can corrupt the disk), Ryzen bugs ie suspend locks). This is an DDoS kind, not something an dedicated blackhole subnet or country couldn't handle. Good for Mikrotik and Normis tel...
by BRMateus2
Sat Mar 23, 2019 1:17 am
Forum: General
Topic: New Packet flow diagram
Replies: 103
Views: 71919

Re: New Packet flow diagram

Hello guys ! I'm looking at those packet flow diagrams and the exemple scenario and I was wondering : where does the traffic originating from the router itself appears ? For example let's say I bind a dhcp-client to a vlan interface, what would be the path of a DHCP Request packet on those diagram ...
by BRMateus2
Thu Mar 21, 2019 10:20 pm
Forum: General
Topic: Attempt of attacks through Remote Desktop [SOLVED]
Replies: 6
Views: 437

Re: Attempt of attacks through Remote Desktop [SOLVED]

You can protect from that by not enabling RDP from the Internet. Basic security.

Those attempts are botnets, and Windows RDP is full of vulnerabilities, it will never be secure.
by BRMateus2
Tue Mar 19, 2019 2:03 pm
Forum: General
Topic: Delete me, all sorted, thank you. Support@mikrotik.com please respond,
Replies: 3
Views: 349

Re: Delete me, all sorted, thank you. Support@mikrotik.com please respond,

Your domain might filtered out Mikrotik - this seems common.
by BRMateus2
Thu Mar 07, 2019 8:14 pm
Forum: General
Topic: RB4011 real world speed tests
Replies: 12
Views: 1269

Re: RB4011 real world speed tests

EoIP seems to be single-thread then, where the Kernel possibly mistakenly assimilated Btest and EoIP to the same thread - anyway, (4 - 1) threads which can go to any other feature.
by BRMateus2
Thu Mar 07, 2019 1:49 am
Forum: General
Topic: RB4011 real world speed tests
Replies: 12
Views: 1269

Re: RB4011 real world speed tests

Tell you, I have an old RB951G-2HnD MIPSBE which is not the top line of today's MikroTik hardware. Bridging between switches might turn into CPU bound, so it depends on how much bandwidth you need. I don't know what exactly "HW accel" means in the router block diagram, so I can't tell you if there i...
by BRMateus2
Wed Mar 06, 2019 9:36 pm
Forum: General
Topic: RB4011 real world speed tests
Replies: 12
Views: 1269

Re: RB4011 real world speed tests

Well, the processing power goes mostly by packets per second - mixing packet sizes is simply misleading towards a certain target PPS or countering a certain RAM bandwidth limit. RB4011 has two 2.5gbps switches so you can expect 5gbps upper total, anyway, what you do with the router can reduce that b...
by BRMateus2
Tue Mar 05, 2019 5:38 am
Forum: General
Topic: Radical change coming for home and small business networking
Replies: 37
Views: 2573

Re: Radical change coming for home and small business networking

You might get better roadmap directly from MikroTik, where this feature goes completely out of a routing scope and enters an pay to play or such things - remember Windows and its force privacy contracts when you give too much power. It's not like IANA and ISO things are respected when their scope go...
by BRMateus2
Tue Mar 05, 2019 5:17 am
Forum: General
Topic: Radical change coming for home and small business networking
Replies: 37
Views: 2573

Re: Radical change coming for home and small business networking

I don't think here in Brazil - or in any standard poor country in the world - this technology would prevail from start.
USA providers have tons of money, some experts and has time to implement those crazy all-in-one vulnerable protocols.
by BRMateus2
Mon Mar 04, 2019 4:47 am
Forum: General
Topic: HTTP speed test
Replies: 5
Views: 391

Re: HTTP speed test

Well, HTTP speed tests are all by an specific protocol - Speedtest.net for example, is very different from Btest, which is very different from any open source Python server and client. There does not exist any HTTP Speed Test as you want, it does not work magically in computer science and protocols,...
by BRMateus2
Sat Mar 02, 2019 3:50 pm
Forum: General
Topic: huge amount of TCP DNS queries from outside
Replies: 6
Views: 422

Re: huge amount of TCP DNS queries from outside

Your router might have been used in DNS amplification attacks.
The ISP should provide you an drop hole for the possible spoofed IP.
by BRMateus2
Sat Mar 02, 2019 2:29 am
Forum: General
Topic: Frequent PPPoE terminations
Replies: 11
Views: 1345

Re: Frequent PPPoE terminations

Send supout to support@mikrotik.com, this is a bug they might don't have any to support output.
by BRMateus2
Fri Mar 01, 2019 12:05 am
Forum: General
Topic: hap Mini
Replies: 10
Views: 909

Re: hap Mini

To be honest, this shouldn't escalate to an last resort like netinstall - the small size is not good because does not allow to use all compatible features simultaneously, it's like installing Linux and only be able to execute X11 or Console(tty) but not both - it is damaging the brand, and SPI Flas...
by BRMateus2
Thu Feb 28, 2019 3:48 am
Forum: General
Topic: hap Mini
Replies: 10
Views: 909

Re: hap Mini

To be honest, this shouldn't escalate to an last resort like netinstall - the small size is not good because does not allow to use all compatible features simultaneously, it's like installing Linux and only be able to execute X11 or Console(tty) but not both - it is damaging the brand, and SPI Flash...
by BRMateus2
Tue Feb 26, 2019 5:08 pm
Forum: General
Topic: Rb951ui-2nD issues
Replies: 7
Views: 734

Re: Rb951ui-2nD issues

1. This might be port flapping, that means not related to any attacks or vulnerabilities - you might want to disable hardware offloading and enable cpu offloading as I had this same issue with my RB951G. Seems related to a bad cable/layer1 with mixed ethernet negotiation speeds, where any renegotiat...
by BRMateus2
Tue Feb 26, 2019 1:39 am
Forum: General
Topic: Rb951ui-2nD issues
Replies: 7
Views: 734

Re: Rb951ui-2nD issues

Please
/export hide-sensitive
in terminal.
by BRMateus2
Mon Feb 25, 2019 4:50 pm
Forum: General
Topic: Rb951ui-2nD issues
Replies: 7
Views: 734

Re: Rb951ui-2nD issues

What version of RouterOS and firmware you are using?
by BRMateus2
Mon Feb 25, 2019 4:45 pm
Forum: General
Topic: Security issue when Winbox exposed
Replies: 67
Views: 5244

Re: Security issue when Winbox exposed

Deantwo
From the reddit response (netsec), the limit of 3 packets is a per connection basis - this means you can scan the whole network for all ports and IPs.
by BRMateus2
Sun Feb 24, 2019 4:58 am
Forum: General
Topic: Need some help...hex setup [SOLVED]
Replies: 7
Views: 879

Re: Need some help...hex setup [SOLVED]

You might want to start by this link then: viewtopic.php?t=143620
I don't know about VLANs tho, I only bridge for now (home).
by BRMateus2
Sat Feb 23, 2019 10:43 pm
Forum: General
Topic: Why Mikrotik does not encrypt the password in RouterOS?
Replies: 1
Views: 372

Re: Why Mikrotik does not encrypt the password in RouterOS?

If someone has access to the RouterOS console, he at least already has access to any service exploit, it is just a question of activating a service and sending overflowing data or such. What you need is to disable "sensitive" in System/User List/Groups for untrusted users, but this is only delaying ...
by BRMateus2
Sat Feb 16, 2019 1:12 am
Forum: General
Topic: ERRO: wrong username or password
Replies: 11
Views: 8665

Re: ERRO: wrong username or password

Hackers on your outdated versions.
Or maybe outdated firmware scraped the settings.
by BRMateus2
Sat Dec 22, 2018 3:59 am
Forum: General
Topic: PPPoE Encoding is blank even if encryption required
Replies: 0
Views: 215

PPPoE Encoding is blank even if encryption required

Hello, I just want to confirm why my PPPoE Client has a blank Encoding even with a Required Encryption profile, and if its possible to solve: # dec/21/2018 22:50:22 by RouterOS 6.43.7 # model = RouterBOARD 952Ui-5ac2nD /ppp profile add name=force-encryption change-tcp-mss=yes use-encryption=required...
by BRMateus2
Thu Aug 09, 2018 6:10 am
Forum: RouterBOARD hardware
Topic: hAP ac (RB 962UiGS): Port flapping on LAN port when used for PPPOE connection
Replies: 9
Views: 1507

Re: hAP ac (RB 962UiGS): Port flapping on LAN port when used for PPPOE connection

You can try disable hardware-offload (/interface bridge port), fixed the issue for me, but it will make processing fully CPU bound..
This seems related as the OP already saw: viewtopic.php?f=3&t=128762
Running different speed negotiations.
by BRMateus2
Sat Jul 21, 2018 4:25 am
Forum: Announcements
Topic: VPNfilter official statement
Replies: 191
Views: 74783

Re: VPNfilter official statement

Lol the whole forum topic for nothing.
That's the function of an anti virus.
by BRMateus2
Tue Jul 17, 2018 7:25 am
Forum: General
Topic: Port forwarding WAN-IP:1234 to LAN-IP:4321 won't work
Replies: 9
Views: 911

Re: Port forwarding WAN-IP:1234 to LAN-IP:4321 won't work

Many thanks for the information, I will not mishap next time as I didn't understand fully what was going on in an unconditional masquerade - I only use with configured out-interface-list, so thinking without that generated that big error of mine.

Good day @Sob!
by BRMateus2
Tue Jul 17, 2018 3:51 am
Forum: General
Topic: Port forwarding WAN-IP:1234 to LAN-IP:4321 won't work
Replies: 9
Views: 911

Re: Port forwarding WAN-IP:1234 to LAN-IP:4321 won't work

I think your unconditional masquerade is doing it's job, it is masquerading the server output and changing the header to router IP, meaning the browser error is very clear as it did not get data from (..).20.
by BRMateus2
Thu Jul 12, 2018 10:23 pm
Forum: Announcements
Topic: v6.42.6 [current]
Replies: 102
Views: 28531

Re: v6.42.6 [current]

Perfect update and upgrade from 6.42.3 to this in RB951G-2HnD
by BRMateus2
Fri Jun 29, 2018 8:31 pm
Forum: General
Topic: [REQ] use not Google search in the Wiki.mikrotik.com
Replies: 1
Views: 289

Re: [REQ] use not Google search in the Wiki.mikrotik.com

Agreed - this goes more for an privacy concern them, and Duckduckgo is an very good alternative - I use it primally.
by BRMateus2
Thu Jun 28, 2018 8:09 pm
Forum: Announcements
Topic: VPNfilter official statement
Replies: 191
Views: 74783

Re: VPNfilter official statement

Many thanks @vecernik87 for such information, I've updated the original post tasking the reader to create layer 7 rules which is not my knowledge for all case scenario.
by BRMateus2
Thu Jun 28, 2018 7:07 am
Forum: Announcements
Topic: VPNfilter official statement
Replies: 191
Views: 74783

Re: VPNfilter official statement

Actually the second stage is, if this reference is correct (https://blog.securityevaluators.com/vpnfilter-threat-how-to-prevent-detect-and-mitigate-9cdf74fee92a), just detecting specific hardcoded destination IPs (supposing all VPNFilter code has the same IPs) # Address list /ip firewall address-lis...
by BRMateus2
Thu Jun 07, 2018 1:34 am
Forum: General
Topic: Massive PPPoE Drops
Replies: 8
Views: 1001

Re: Massive PPPoE Drops

You should never put an server IP you don't own and explicitly disallows such an shame ping flood..
by BRMateus2
Sat Jun 02, 2018 3:37 am
Forum: General
Topic: Winbox encoding error when launched from windows command promt
Replies: 2
Views: 337

Re: Winbox encoding error when launched from windows command promt

Even all programming languages that I know do use tricks to make Unicode work, because the Unicode specification is very hard to understand and implement literally how it is specified without many performance constraints. Command prompt as I know, only supports ASCII specifications with ISO-8859 ("A...
by BRMateus2
Wed Apr 25, 2018 11:49 pm
Forum: General
Topic: Ping Knock
Replies: 20
Views: 2461

Re: Ping Knock

Well this deserves a page in the wiki or even forum pin
by BRMateus2
Tue Apr 24, 2018 12:24 am
Forum: Announcements
Topic: Advisory: Vulnerability exploiting the Winbox port [SOLVED]
Replies: 204
Views: 155233

Re: Advisory: Vulnerability exploiting the Winbox port

So how do you expect to secure 3000 routers without even reading MikroTik Documentation which is way smaller than the C++17 release specification??
by BRMateus2
Tue Apr 17, 2018 9:02 pm
Forum: General
Topic: redirect Youtube to non SSL
Replies: 3
Views: 522

Re: redirect Youtube to non SSL

This isn't ethical, you will break everyone in your network for MitM attacks and too, break Google hard work at cryptography.
by BRMateus2
Sat Apr 07, 2018 8:22 pm
Forum: General
Topic: Please, help for Mikrotik WiFi network
Replies: 6
Views: 706

Re: Please, help for Mikrotik WiFi network

I can't recommend the MikroTik WiFi for low latency 802.11; but they have good signal and very good bandwidth management so everyone can get some. My testings show an average jitter of 30 in some very high interference places, that's why ISP only use MikroTik with its proprietary wireless protocols....
by BRMateus2
Tue Mar 27, 2018 6:06 pm
Forum: General
Topic: High CPU on CCR1072 every pppoe-client go down
Replies: 13
Views: 1502

Re: High CPU on CCR1072 every pppoe-client go down

What is at tools profiler when this happens? Percentage by process.
by BRMateus2
Sat Mar 24, 2018 6:57 am
Forum: General
Topic: WLAN REGISTRATION LAST IP
Replies: 3
Views: 767

Re: WLAN REGISTRATION LAST IP

What is at IP addresses and bridge ports?
by BRMateus2
Tue Mar 20, 2018 4:40 am
Forum: General
Topic: Lost connection to multiple LHG units [SOLVED]
Replies: 25
Views: 2411

Re: URGENT Help !! any security vulnerabilitie ? [SOLVED]

Version?
... details, formulate an relatory.
by BRMateus2
Thu Mar 08, 2018 4:39 pm
Forum: General
Topic: Winbox on Linux Problems
Replies: 20
Views: 5348

Re: Winbox on Linux Problems

Winbox officially doesn't support MAC at Linux, and the default settings from the MikroTik starts IP at 192.168.88.1.
  • 1
  • 2