Community discussions

Search found 62 matches

  • 1
  • 2
by Samot
Fri Aug 10, 2018 4:41 pm
Forum: General
Topic: MT sending spam !? Confused!
Replies: 11
Views: 541

Re: MT sending spam !? Confused!

Even with all the local interfaces disabled the emails are being sent. How is that possible? SYN packets with TCP 25 port are visible only coming out from my public interface. I have set several mangle rules and nothing comes to the router on this port, just goes out... This is why I said you need ...
by Samot
Fri Aug 10, 2018 3:43 pm
Forum: General
Topic: MT sending spam !? Confused!
Replies: 11
Views: 541

Re: MT sending spam !? Confused!

Then I would go through it and make sure that there is nothing there that shouldn't be. Someone seems to be using you as an SMTP relay and that's bad.
by Samot
Fri Aug 10, 2018 3:41 pm
Forum: Announcements
Topic: WPA2 preshared key brute force attack
Replies: 13
Views: 2627

Re: WPA2 preshared key brute force attack

I think as long as your wifi password/keys are not something an idiot would use as their luggage combination you're fine.

Image
by Samot
Fri Aug 10, 2018 3:33 pm
Forum: General
Topic: MT sending spam !? Confused!
Replies: 11
Views: 541

Re: MT sending spam !? Confused!

Should this router be connecting to mx.mail.ru? Sounds like you are compromised. What version of ROS are you running?
by Samot
Mon Aug 06, 2018 8:41 pm
Forum: General
Topic: New Attack on WPA/WPA2 Discovered, Most Modern Routers Might be at Risk
Replies: 7
Views: 647

Re: New Attack on WPA/WPA2 Discovered, Most Modern Routers Might be at Risk

This is a vague article that tells us nothing. Sure they found a flaw but was it a fluke? Was it it isolated? Who knows really because it seems they've done nothing more but find it on they equipment they were using/testing and it was a mistake that they found it. They did not provide any informatio...
by Samot
Thu Aug 02, 2018 3:14 pm
Forum: General
Topic: Mikrotik in the news..bad news
Replies: 57
Views: 2715

Re: Mikrotik in the news..bad news

I think he means the default action of "if not filters apply", which is a non issue given the factory "default" firewall filters. I did think which reading this post that maybe the firewall should default to deny with no rules, so you have to explicitly allow everything you want to go through. As i...
by Samot
Thu Aug 02, 2018 2:25 pm
Forum: General
Topic: Mikrotik in the news..bad news
Replies: 57
Views: 2715

Re: Mikrotik in the news..bad news

Mikrotik staff already posted a reminder for users to upgrade. More info here https://forum.mikrotik.com/viewtopic.php?f=21&t=137572 The sad part it's that the exploit is more than two months old.... Have a look at the posting times and my posting is probably the trigger to have Mikrotik posting an...
by Samot
Thu Aug 02, 2018 2:08 pm
Forum: General
Topic: Mikrotik in the news..bad news
Replies: 57
Views: 2715

Re: Mikrotik in the news..bad news

Mikrotik staff already posted a reminder for users to upgrade. More info here https://forum.mikrotik.com/viewtopic.php?f=21&t=137572 The sad part it's that the exploit is more than two months old.... You mean the one the patched back in April 2018? Or the one that was patched in March 2017? What re...
by Samot
Thu Aug 02, 2018 2:05 pm
Forum: General
Topic: Mikrotik in the news..bad news
Replies: 57
Views: 2715

Re: Mikrotik in the news..bad news

The sad part is that owners/admins DO NOT CARE.
And that statement right there is the crux of the issue.
by Samot
Thu Aug 02, 2018 2:04 pm
Forum: General
Topic: Mikrotik in the news..bad news
Replies: 57
Views: 2715

Re: Mikrotik in the news..bad news

Mikrotik staff already posted a reminder for users to upgrade. More info here https://forum.mikrotik.com/viewtopic.php?f=21&t=137572 The sad part it's that the exploit is more than two months old.... Have a look at the posting times and my posting is probably the trigger to have Mikrotik posting an...
by Samot
Thu Aug 02, 2018 1:58 pm
Forum: General
Topic: Mikrotik in the news..bad news
Replies: 57
Views: 2715

Re: Mikrotik in the news..bad news

Mikrotik staff already posted a reminder for users to upgrade. More info here https://forum.mikrotik.com/viewtopic.php?f=21&t=137572 The sad part it's that the exploit is more than two months old.... You mean the one the patched back in April 2018? Or the one that was patched in March 2017? What re...
by Samot
Thu Aug 02, 2018 1:55 pm
Forum: General
Topic: RouterOS 6.20 is not sending LCP Term-Req when receives PoD
Replies: 5
Views: 606

Re: RouterOS 6.20 is not sending LCP Term-Req when receives PoD

I have the same problem. Lot of SOHO PPPoE routers do not reconnect again after PoD (or CLI, Winbox method, it makes no difference) disconnect if do not receive correct LCP Term-Req packet before PADT. MikroTik sends only PADT. It is incorrect. Please fix it. You have the same problem someone on a ...
by Samot
Thu Aug 02, 2018 1:51 pm
Forum: Announcements
Topic: Winbox vulnerability: please upgrade
Replies: 108
Views: 11051

Re: Winbox vulnerability: please upgrade

That's what I figured.
by Samot
Thu Aug 02, 2018 1:41 pm
Forum: Announcements
Topic: Winbox vulnerability: please upgrade
Replies: 108
Views: 11051

Re: Winbox vulnerability: please upgrade

@normis, hey can you get this on the blog? I'd like the see any complainers cut off at the pass that this announcement didn't end up in the right spots.
by Samot
Wed Aug 01, 2018 3:24 pm
Forum: Beginner Basics
Topic: Help with Basic VLAN [SOLVED]
Replies: 30
Views: 1270

Re: Help with Basic VLAN [SOLVED]

I'm not sure why the majority of the suggestions are pre-6.41 since that hasn't been the case for almost a year now. You've got most of it right but here is what needs to happen. 1) Do not use the Switch setup. That's wrong, it's done via the Bridge now. 2) Under Bridge go to the VLAN tab, you'll wa...
by Samot
Thu Jul 26, 2018 2:16 pm
Forum: General
Topic: [Request] Add "DNS over HTTPS" to RouterOS (Internet security protocols)
Replies: 5
Views: 221

Re: [Request] Add "DNS over HTTPS" to RouterOS (Internet security protocols)

Why would Mikrotik enable a feature that has almost ZERO client support in its current incarnation? Also lets cover some things here. If I want to go to secretsite.com and I'm using DNS over HTTPS, my PC or router will send the request to the DNS over HTTPS servers. They will make the DNS queries. N...
by Samot
Tue Jul 24, 2018 5:19 am
Forum: Beginner Basics
Topic: Script to reduce Wi-Fi transmitter power on schedule/at night
Replies: 34
Views: 1245

Re: Script to reduce Wi-Fi transmitter power on schedule/at night

This is what technical fora are all about.... sharing KNOWLEDGE.... (If you want to rant, go to facebook or twitter and knock yourself out) Yes and a bunch of people with knowledge are saying this is a non-issue and shouldn't be something to worry about. None of us here are against sharing knowledg...
by Samot
Tue Jul 17, 2018 1:44 pm
Forum: Beginner Basics
Topic: Script to reduce Wi-Fi transmitter power on schedule/at night
Replies: 34
Views: 1245

Re: Script to reduce Wi-Fi transmitter power on schedule/at night

There is absolutely no need for this. I seriously do not recommend mucking around with these settings as you'll find yourself with issues down the road when something screws up. Let's be clear on this: Washer/Dryers, A/C units, Water Heaters, DECT/cordless phones, Microwaves, Bluetooth, Remote Contr...
by Samot
Sun Jul 15, 2018 11:23 pm
Forum: Beginner Basics
Topic: Script to reduce Wi-Fi transmitter power on schedule/at night
Replies: 34
Views: 1245

Re: Script to reduce Wi-Fi transmitter power on schedule/at night

even if someone sleeps only 1 meter away from the router?
Yes, it is a non-issue.
by Samot
Sun Jul 15, 2018 4:17 pm
Forum: Beginner Basics
Topic: Script to reduce Wi-Fi transmitter power on schedule/at night
Replies: 34
Views: 1245

Re: Script to reduce Wi-Fi transmitter power on schedule/at night

I want to reduce Wi-Fi transmitter power on schedule/at night because the router is located in a bed room. What on earth for? Does the 'excess' power keep someone awake or what? Or maybe you think it causes cancer or something? I'm with sid5632 on this. Why do you need to decrease the TX power of t...
by Samot
Sun Jul 15, 2018 3:51 pm
Forum: Beginner Basics
Topic: Help: I need to set a IP to use Wan1 only
Replies: 1
Views: 83

Re: Help: I need to set a IP to use Wan1 only

Well regardless of the load balancing or not I do see one issue you're going to have with the the connections: add comment=isp1 distance=1 gateway=192.168.1.1 routing-mark=isp1 add comment=isp2 distance=1 gateway=192.168.0.1 routing-mark=isp2 You are 100% being double NAT'd right now. So right now y...
by Samot
Sun Jul 15, 2018 3:31 pm
Forum: General
Topic: Load balancer issue
Replies: 1
Views: 89

Re: Load balancer issue

You need to show your config so we can see how you've done this load balancing and failover. Do an /export hide-sensitive and post the config.
by Samot
Sun Jul 15, 2018 3:28 pm
Forum: Wireless Networking
Topic: Drop all traffic besides port 80 for unauthorized hotspot users
Replies: 4
Views: 208

Re: Drop all traffic besides port 80 for unauthorized hotspot users

And I answered. You cannot DROP the traffic, well I guess you could, but how would they log in? Only by getting to the hotspot address? You realize that most devices are going to detect they are on a hotspot/proxied network and send them to the login page? Again, once the hotspot is active and the u...
by Samot
Sat Jul 14, 2018 3:29 pm
Forum: General
Topic: Problem with hotspot
Replies: 2
Views: 122

Re: Problem with hotspot

And how is this AP configured? Is it in Bridge mode? Is it still running a DCHP-Client or a DHCP-Server? Sounds like the AP is the only device the Mikrotik is seeing in this scenario so the AP is considered the "user".
by Samot
Sat Jul 14, 2018 3:25 pm
Forum: Wireless Networking
Topic: Drop all traffic besides port 80 for unauthorized hotspot users
Replies: 4
Views: 208

Re: Drop all traffic besides port 80 for unauthorized hotspot users

The hotspot will block/redirect traffic to the login page when unauthorized or non-authorized users connect and try to surf. However, without proper HTTPS setup on the hotspot requests to like Google, YouTube or pretty much normal traffic since almost all "major" sites are HTTPS will die and just sh...
by Samot
Thu Jul 12, 2018 4:14 pm
Forum: Wireless Networking
Topic: Hotspot not redirecting to login page
Replies: 4
Views: 272

Re: Hotspot not redirecting to login page

In order to redirect HTTPS requests to the Hotspot login, it needs to know to redirect HTTPS. Right now the login is set to http-chap. There's no SSL cert assigned and nothing is showing port 443 active on the router for this. HTTPS requests will redirect to an HTTPS version of the login page and th...
by Samot
Mon Jul 09, 2018 5:20 pm
Forum: Beginner Basics
Topic: Load balancing with 2 Wan links plus peering, Is it possible on Mikrotik routers?
Replies: 1
Views: 132

Re: Load balancing with 2 Wan links plus peering, Is it possible on Mikrotik routers?

Hi all, I have 2 WAN links of 45 Mbps each and peering link of 100 Mbps. My software vendor says, Mikrotik router is not good in doing load balancing so better avoid. Is it so? If its possible, please guide me how to establish load balancing, so that I ll get the combined bandwidth of 90 Mbps. I am...
by Samot
Mon Jul 09, 2018 4:38 pm
Forum: Beginner Basics
Topic: No access on HTTP pages on RB941-2nD-TC
Replies: 6
Views: 230

Re: No access on HTTP pages on RB941-2nD-TC

Hi, In this case, the problem occurs with Firefox, Chrome and Internet explorer. I'll try some other browsers but i noticed that this problem is really on my router, because i temporally fixed the access on HTTP sites replacing my mikrotik to a basic router From my experience "basic routers" only a...
by Samot
Tue Jul 03, 2018 2:30 pm
Forum: General
Topic: Web Proxy Hacked
Replies: 8
Views: 590

Re: Web Proxy Hacked

What version of ROS are you running on the SXT's? That will determine the answer to your question as there are older versions with vulnerabilities known to them.
by Samot
Tue Jul 03, 2018 2:28 pm
Forum: General
Topic: RB1100AHx2 bridge HW-offload issue [SOLVED]
Replies: 4
Views: 226

Re: RB1100AHx2 bridge HW-offload issue [SOLVED]

There doesn't need to be another page. From 6.41 and up the Layer2 switching is done via the Bridge interface. So when it says "Pre-6.41" that means "Do this if you are not on 6.41 or higher" and when it says "Post-6.41" that means "Do this is you're running 6.41 or higher". Using examples and setup...
by Samot
Sun Jun 24, 2018 3:18 pm
Forum: Beginner Basics
Topic: Triple WAN VOIP Load Balancing
Replies: 8
Views: 362

Re: Triple WAN VOIP Load Balancing

What are the "limited connectivity" speeds of WAN 2 and WAN 3 that the VoIP is going over? How many phone devices are there? And what is simultaneous call average? Failing over the phones is possible but there are other considerations that have to factor in, such as the phone updating its "Location"...
by Samot
Sun Jun 24, 2018 3:04 pm
Forum: General
Topic: Pfsense on a Mikrotik KVM
Replies: 1
Views: 226

Re: Pfsense on a Mikrotik KVM

My thought on this

Image
by Samot
Sun Jun 24, 2018 2:22 pm
Forum: RouterBOARD hardware
Topic: Mikrotik with SIP port integrated
Replies: 6
Views: 499

Re: Mikrotik with SIP port integrated

But there are many protocols other than SIP that a "VoIP-to-analog adapter" with such a port might speak on the IP side: IAX2, MGCP, H.323, etc. For the record, if a modem/router is going to have a "VoIP" combination built into it that combination is going to be based on SIP. Both the MGCP and H.32...
by Samot
Fri Jun 22, 2018 2:00 pm
Forum: RouterBOARD hardware
Topic: Mikrotik with SIP port integrated
Replies: 6
Views: 499

Re: Mikrotik with SIP port integrated

Hi,
There's any plan to a routerboard have SIP port integrated and the possibility to configure it through routerOS?

Thanks.
What do you mean by this?
by Samot
Tue Jun 12, 2018 6:05 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: New IP cloud is coming.
Replies: 68
Views: 6912

Re: New IP cloud is coming.

/ip cloud set sdwan-enabled=yes
Ugh. Just, ugh.
by Samot
Thu Jun 07, 2018 6:04 pm
Forum: Announcements
Topic: VPNfilter official statement
Replies: 183
Views: 50319

Re: VPNfilter official statement

The fact that Mikrotik is still on the list due to them seeing Mikrotik routers still being hit by this means one thing only for Mikrotik users. They have failed to keep their routers current and are still running over a YEAR OLD (plus) version of ROS. Regardless of this virus attack, that is just ...
by Samot
Thu Jun 07, 2018 3:03 pm
Forum: Announcements
Topic: VPNfilter official statement
Replies: 183
Views: 50319

Re: VPNfilter official statement

The fact that Mikrotik is still on the list due to them seeing Mikrotik routers still being hit by this means one thing only for Mikrotik users. They have failed to keep their routers current and are still running over a YEAR OLD (plus) version of ROS. Regardless of this virus attack, that is just b...
by Samot
Thu Jun 07, 2018 2:58 pm
Forum: Beginner Basics
Topic: slaveless router
Replies: 3
Views: 271

Re: slaveless router

You need to post your config. From the terminal do: /export compact hide-sensitive
Then paste the config here so we can see what you did.
by Samot
Sun Jun 03, 2018 8:30 pm
Forum: General
Topic: Mikrotik Hotspot issues
Replies: 3
Views: 232

Re: Mikrotik Hotspot issues

All of these images are pointless. You did not describe or post any of your Hotspot setup/config. No idea what is happening or if this is a config issue, etc.

You need to post some real information (like the hotspot setup) so we can actually work the problem.
by Samot
Sat Jun 02, 2018 7:30 pm
Forum: Forwarding Protocols
Topic: sip phone being stopped at wan address
Replies: 7
Views: 340

Re: sip phone being stopped at wan address

Thanks, No it's not hosted in a DC. The PBX is a standalone PBx connected to a microtik router and a couple of onsite ip phones on the same router. It's the off site phones that are being blocked. Whats strange is that if I turn on the SIP helpers the Offsite phones register immediately, however if...
by Samot
Sat Jun 02, 2018 7:25 pm
Forum: Beginner Basics
Topic: Hotspot userman not redictering to login page
Replies: 11
Views: 495

Re: Hotspot userman not redictering to login page

I keep asking the same thing because you haven't answer the question. I asked _what_ webpage you went to. Because if you went to http://microsoft.com and then ended up at https://microsoft.com then the Hotspot isn't "randomly" redirecting you to https://microsoft.com. If you said "I went to http://s...
by Samot
Sat Jun 02, 2018 4:46 am
Forum: Beginner Basics
Topic: Make devices with different LANs Communicate
Replies: 6
Views: 242

Re: Make devices with different LANs Communicate

The picture doesn't make sense until you label the devices with the red arrows. You shouldn't have to do anything to make the 2 networks communicate if both subnets are defined on the same router. If they aren't talking, you are blocking it. You don't need to add any routes, they are already there ...
by Samot
Sat Jun 02, 2018 3:34 am
Forum: Forwarding Protocols
Topic: Duel Firewall rule or HA failover
Replies: 9
Views: 558

Re: Duel Firewall rule or HA failover

hi I need help how I can use firewall on mikrotik to block an application named (netshare). I use hotspot so people use this app to share free internet to others. you can find it on google play and how it work. I see that this app use port 8282 and it give the client a diffrent ip which is 192.168....
by Samot
Sat Jun 02, 2018 3:29 am
Forum: Forwarding Protocols
Topic: sip phone being stopped at wan address
Replies: 7
Views: 340

Re: sip phone being stopped at wan address

Do you have a destination nat rule for you PBX? Something like: /ip firewall nat add chain=dst-nat dst-address=192.168.20.10 protocol=tcp dst-port=5060 to-address=192.168.0.5 This sounds like the PBX is "hosted" in a DC or another location, so that's not going to work as there would be multiple pho...
by Samot
Sat Jun 02, 2018 3:24 am
Forum: Beginner Basics
Topic: Make devices with different LANs Communicate
Replies: 6
Views: 242

Re: Make devices with different LANs Communicate

Also what is what in this drawing? Is the rounded object (router) actually the RB2011? If so, what is the squared object (smart switch?)? Please identify what those two objects in the drawing are because if you have a smart switch that might be doing something with the routing of the networks that w...
by Samot
Fri Jun 01, 2018 7:22 pm
Forum: Beginner Basics
Topic: Hotspot userman not redictering to login page
Replies: 11
Views: 495

Re: Hotspot userman not redictering to login page

Hi, Http only. after connecting to hotspot. it was supposed to go login page right. but it goes to Microsoft.com website insteadt and it's https. OK, so you made an HTTP request to where? Does the Hotspot login page load when you hit it directly via HTTP? Have you tested from another device to repr...
by Samot
Thu May 31, 2018 4:46 pm
Forum: General
Topic: Two mikrotik NAT to NAT
Replies: 15
Views: 620

Re: Two mikrotik NAT to NAT

Actually, the modem is not in bridge mode. it is pppoe client.
So you initially had three NATs stacked?
I was just writing a reply with that exact question. At best this is double NAT, at worse it's triple NAT. It's a mess.
by Samot
Thu May 31, 2018 5:56 am
Forum: Beginner Basics
Topic: Hotspot userman not redictering to login page
Replies: 11
Views: 495

Re: Hotspot userman not redictering to login page

What type of request was this? An HTTP or HTTPS request? And what was the site that you tried to hit when you were redirected to microsoft.com? Finally, was it https://microsoft.com?
by Samot
Wed May 30, 2018 5:30 pm
Forum: SwOS
Topic: RB250GS swos last version
Replies: 8
Views: 586

Re: RB250GS swos last version

There should always be a time frame in which software (alone or for a device) or the firmware for EOL devices/programs should no longer be available. Users need to be forced sometimes to upgrade to something supported and relevant. I'll give you an example (not Mikrotik but same type of case) User c...
by Samot
Wed May 30, 2018 5:16 pm
Forum: Scripting
Topic: i have postpaid subscribers how to script send to my email when user expired after 15 days
Replies: 3
Views: 198

Re: i have postpaid subscribers how to script send to my email when user expired after 15 days

If you've never done scripting in Mikrotik I suggest reading the first link to understand how scripting works and then the other two links for examples. Sample scripts for what you are looking for are in the example pages of the wiki for scripting. After you've done that and attempted a script of yo...
  • 1
  • 2