Community discussions

Search found 25 matches

by mt99
Tue Sep 24, 2019 7:50 pm
Forum: RouterOS v7 BETA
Topic: Torrent client
Replies: 25
Views: 4097

Re: Torrent client

So there has to be years worth of "please enable feature X in v7" threads, why not investigate and prioritize those? If you don't know the use cases already, you have a solution in search of a problem. As for what to do with the torrent client, perhaps it's too simplistic but from a security perspec...
by mt99
Mon May 27, 2019 7:11 pm
Forum: General
Topic: save my router backups on a usb stick
Replies: 3
Views: 410

Re: save my router backups on a usb stick

Assuming you connected the USB, it's formatted, and shows up as disk1 in System -> Disks:
/system backup save name=disk1/yourbackup.backup
by mt99
Sat Apr 27, 2019 3:05 am
Forum: General
Topic: DNS Failover
Replies: 8
Views: 1366

Re: DNS Failover

Everything starting with my_* should be customized for your environment. I use the router as the DNS server so I can still have control and a central place to redirect via NAT rule. For this to work best, I also recommend setting the router as a second DNS server address on all clients. This works f...
by mt99
Mon Apr 22, 2019 2:54 am
Forum: General
Topic: DNS Failover
Replies: 8
Views: 1366

Re: DNS Failover

This is exactly correct, all DNS servers are equal to the client so setting a “secondary” DNS server doesn’t work the way you might think. I use a Pihole which runs on a 2010 Mac Mini, and even though I dropped in a new hard drive I had concerns about redundancy. So I use scripts with netwatch to se...
by mt99
Sat Feb 23, 2019 3:55 am
Forum: General
Topic: Security issue when Winbox exposed
Replies: 68
Views: 5956

Re: Security issue when Winbox exposed

I think it's great that Zerodium started a bug bounty program for Mikrotik. It's not like the bad guys don't know, they're just providing incentives for full disclosure. So patch early and patch often my friends! Unfortunately that isn't how it works. Zerodium will pay for Mikrotik exploits and the...
by mt99
Fri Feb 22, 2019 5:38 am
Forum: General
Topic: Security issue when Winbox exposed
Replies: 68
Views: 5956

Re: Security issue when Winbox exposed

Agree. Changelog should reflect the fact that this is a security fix rather claiming it's some sort of "improvement" pe1chl called this in post #2 of the 6.43.12 thread so nice catch by him. It's a shame but people who want to get a heads up on recently disclosed RouterOS vulnerabilities can't reli...
by mt99
Mon Sep 17, 2018 11:01 pm
Forum: General
Topic: Stopping connections to TCP port 1720
Replies: 6
Views: 1070

Re: Stopping connections to TCP port 1720

R1CH, I think you're exactly right. I own my own cable modem, and I just unplugged it from the router and was still able to access TCP port 1720 externally. I feel stupid/relieved. Thanks.
by mt99
Mon Sep 17, 2018 2:56 pm
Forum: General
Topic: Stopping connections to TCP port 1720
Replies: 6
Views: 1070

Re: Stopping connections to TCP port 1720

No, luckily socks is still disabled and no UPnP either. I don't have any reason to believe that the router is compromised, everything looks the way I set it. But I'm concerned that there's no way to stop a compromise if someone can figure out a way to exploit that open port. I can't close it, or dro...
by mt99
Mon Sep 17, 2018 12:59 am
Forum: General
Topic: Stopping connections to TCP port 1720
Replies: 6
Views: 1070

Stopping connections to TCP port 1720

I decided to nmap my external IP today to see how my firewall is doing. I was surprised to see that TCP 1720 is wide open to the Internet, and I was confirmed being able to telnet to the port and stay connected as long as I want. I have firewall rules that specifically drop new inbound connections f...
by mt99
Thu Jun 21, 2018 7:14 am
Forum: Announcements
Topic: v6.42.4 [current]
Replies: 93
Views: 16527

Re: v6.42.4 [current]

I upgraded an RB750GL, a 3011, a CRS226, and a RB951G-2HnD from 6.41.4 to 6.42.4 with no issues. However, after the upgrade I noticed that the two routers with DNS servers (one for internal, one for my guest network) were no longer resolving. This wasn't an issue before the upgrade. I did see them ...
by mt99
Wed Jun 20, 2018 2:17 am
Forum: Announcements
Topic: v6.42.4 [current]
Replies: 93
Views: 16527

Re: v6.42.4 [current]

I upgraded an RB750GL, a 3011, a CRS226, and a RB951G-2HnD from 6.41.4 to 6.42.4 with no issues. However, after the upgrade I noticed that the two routers with DNS servers (one for internal, one for my guest network) were no longer resolving. This wasn't an issue before the upgrade. I did see them r...
by mt99
Tue May 15, 2018 2:07 am
Forum: Announcements
Topic: v6.42.1 [current]
Replies: 272
Views: 45680

Re: v6.42.1 [current]

Ive been testing 43RC11.. It addressed a huge number of issues posted in this thread. Good job Mikrotik. It does not address the short sighted feature neutering of Netwatch tho. I still cannot send a alert or change a LED state based on a ping of a target. Because I use Netwatch for many things, I ...
by mt99
Wed Apr 25, 2018 3:24 am
Forum: Announcements
Topic: v6.42.1 [current]
Replies: 272
Views: 45680

Re: v6.42.1 [current]

Just updated one of our Metal G-52SHPacn to new v6.42.1 RouterOS. tools/netwatch does not work anymore. When the tested server is "up", we run [:global srvstat "up"] to set the variable srvstat. Did work with 6.41.2 Looks like up event is not working. Version 6.42 has this changelog entry: *) netwa...
by mt99
Mon Mar 26, 2018 5:28 pm
Forum: Announcements
Topic: v6.42rc [release candidate] is released!
Replies: 538
Views: 97357

Re: v6.42rc [release candidate] is released!

nice of the info, could I use the nas synology or qnap to save or view the logs?
Synology NAS can do it if you install the Log Center package and configure it as the syslog destination for your Mikrotik. QNAP probably does something similar.
by mt99
Wed Mar 14, 2018 9:56 pm
Forum: Announcements
Topic: Winbox 3.12 released!
Replies: 55
Views: 43931

Re: Winbox 3.12 released!

In the Checksums link on the Downloads page, I notice that there's no MD5 or SHA256 hash listed for winbox.exe. Can this please be added for Winbox 3.12, and future releases moving forward? If it's kept somewhere else, could somebody point out where? Many thanks....
by mt99
Tue Mar 13, 2018 3:41 am
Forum: General
Topic: Slingshot APT [SOLVED]
Replies: 44
Views: 24602

Re: Slingshot APT, RouterOS spying software NOT [SOLVED]

I manage all sorts of systems and I get notified about all of the vulnerabilities for Windows, Windows Software, Linux, Apple, Android, and many others. I subscribe to many different security sites and I am used to detailed explanations of reasons to patch systems so I can determine whether or not ...
by mt99
Sat Feb 17, 2018 5:46 am
Forum: Beginner Basics
Topic: What hardware to use at home
Replies: 6
Views: 732

Re: What hardware to use at home

Emulation is the best idea when you want to learn, but I'm assuming you want to buy the hardware. I don't look at network gear as an investment, or put all my eggs in one basket. I scale out, not up, and buy smaller boxes that are meant for the tasks I have at hand. Let switches be switches and let ...
by mt99
Sat Jan 13, 2018 8:59 pm
Forum: Announcements
Topic: Securing your device is important
Replies: 32
Views: 11345

Re: Securing your device is important

mt99, do you really expect that every owner of every MikroTik device would follow such a lengthy advise? No, that's why you script it. I would never hand edit all that stuff, plus scripting eliminates the possibility of mistakes. I have a deployment script that I run on every router that has baseli...
by mt99
Sat Jan 13, 2018 7:38 am
Forum: Announcements
Topic: Securing your device is important
Replies: 32
Views: 11345

Re: Securing your device is important

I agree that Mikrotik should move toward unique default passwords, which many other manufacturers have done (usually some component of the MAC address). But at least so far, it seems like these defacements have been happening in instances where the router's administrative services were available fro...
by mt99
Mon Jan 08, 2018 1:24 am
Forum: Beginner Basics
Topic: 6.41: When Netinstall just doesn't cut it
Replies: 8
Views: 884

Re: 6.41: When Netinstall just doesn't cut it

Yes, exact same device. I only have one RB750GL, and that's the only device I was working on at the time. I know you can't mix backups between devices, even if they are the same model. But I'm glad I got the box back up. It's a decent little performer and the 64 MB of NAND lets me have 3 partitions.
by mt99
Fri Jan 05, 2018 9:50 pm
Forum: Beginner Basics
Topic: 6.41: When Netinstall just doesn't cut it
Replies: 8
Views: 884

Re: 6.41: When Netinstall just doesn't cut it

I'm just reporting what I personally experienced. I specifically posted this in the beginner forum with an acknowledgement that I might have done something wrong. If Netinstall can be reliably used to do all those things, I'm glad for such a useful tool and I look forward to seeing better documentat...
by mt99
Fri Jan 05, 2018 4:47 am
Forum: Beginner Basics
Topic: 6.41: When Netinstall just doesn't cut it
Replies: 8
Views: 884

Re: 6.41: When Netinstall just doesn't cut it

That's a good point, I know that ether1 works because you have to use it for Netinstall. But I hadn't thought about explicitly testing the rest of the ports since I was seeing link lights. So I went ahead and tried MAC Winbox on all of them and verified they are working. I got the box back in shape ...
by mt99
Wed Jan 03, 2018 10:42 pm
Forum: Beginner Basics
Topic: 6.41: When Netinstall just doesn't cut it
Replies: 8
Views: 884

Re: 6.41: When Netinstall just doesn't cut it

Thanks for asking - I did do System > Reset Configuration as well, and even used the reset button to do the same thing. I always thought that Netinstall could reinstall the OS and apply the default config, but in this case it doesn't seem to do that. I'm hoping I just did something wrong, but not su...
by mt99
Wed Jan 03, 2018 6:41 pm
Forum: Beginner Basics
Topic: 6.41: When Netinstall just doesn't cut it
Replies: 8
Views: 884

6.41: When Netinstall just doesn't cut it

Hi folks, I've read the forum for a while but here is my first question. I was settig up interVLAN routing on my switch and RB750GL router, when I noticed that I couldn't ping the default gateways on the router anymore. So I restored a known good backup on the router, but that didn't fix the problem...