I didn't read this thread closely and there's already been some good suggestions - but is your external IP on Shodan? You don't need a logon or API key to check for one IP on their site. https://www.shodan.io/search?query= and type in your external IP at the end of the link. Once I saw activity from...

I'm not familiar with these devices, but I took a look at the CRS125. It's got a lot going for it, but whether it's the best choice depends on the capabilities you need now or anticipate needing soon. Take a look at https://wiki.mikrotik.com/wiki/Manual:CRS1xx/2xx_series_switches to see how it stack...

First of all, good job in asking these questions before making the purchase. There's so many posts where someone bought a CRS, thinking or hoping that it could be their all in one solution, only to be schooled the hard way. I would never call myself a expert in Mikrotik gear, but I don't think any C...

So there has to be years worth of "please enable feature X in v7" threads, why not investigate and prioritize those? If you don't know the use cases already, you have a solution in search of a problem. As for what to do with the torrent client, perhaps it's too simplistic but from a security perspec...

Assuming you connected the USB, it's formatted, and shows up as disk1 in System -> Disks:

Everything starting with my_* should be customized for your environment. I use the router as the DNS server so I can still have control and a central place to redirect via NAT rule. For this to work best, I also recommend setting the router as a second DNS server address on all clients. This works f...

This is exactly correct, all DNS servers are equal to the client so setting a “secondary” DNS server doesn’t work the way you might think. I use a Pihole which runs on a 2010 Mac Mini, and even though I dropped in a new hard drive I had concerns about redundancy. So I use scripts with netwatch to se...

I think it's great that Zerodium started a bug bounty program for Mikrotik. It's not like the bad guys don't know, they're just providing incentives for full disclosure. So patch early and patch often my friends! Unfortunately that isn't how it works. Zerodium will pay for Mikrotik exploits and the...

Agree. Changelog should reflect the fact that this is a security fix rather claiming it's some sort of "improvement" pe1chl called this in post #2 of the 6.43.12 thread so nice catch by him. It's a shame but people who want to get a heads up on recently disclosed RouterOS vulnerabilities can't reli...

R1CH, I think you're exactly right. I own my own cable modem, and I just unplugged it from the router and was still able to access TCP port 1720 externally. I feel stupid/relieved. Thanks.

No, luckily socks is still disabled and no UPnP either. I don't have any reason to believe that the router is compromised, everything looks the way I set it. But I'm concerned that there's no way to stop a compromise if someone can figure out a way to exploit that open port. I can't close it, or dro...

I decided to nmap my external IP today to see how my firewall is doing. I was surprised to see that TCP 1720 is wide open to the Internet, and I was confirmed being able to telnet to the port and stay connected as long as I want. I have firewall rules that specifically drop new inbound connections f...

Nice write up.

https://www.trustwave.com/Resources/Spi ... he-World-/

I upgraded an RB750GL, a 3011, a CRS226, and a RB951G-2HnD from 6.41.4 to 6.42.4 with no issues. However, after the upgrade I noticed that the two routers with DNS servers (one for internal, one for my guest network) were no longer resolving. This wasn't an issue before the upgrade. I did see them ...

I upgraded an RB750GL, a 3011, a CRS226, and a RB951G-2HnD from 6.41.4 to 6.42.4 with no issues. However, after the upgrade I noticed that the two routers with DNS servers (one for internal, one for my guest network) were no longer resolving. This wasn't an issue before the upgrade. I did see them r...

Ive been testing 43RC11.. It addressed a huge number of issues posted in this thread. Good job Mikrotik. It does not address the short sighted feature neutering of Netwatch tho. I still cannot send a alert or change a LED state based on a ping of a target. Because I use Netwatch for many things, I ...

Just updated one of our Metal G-52SHPacn to new v6.42.1 RouterOS. tools/netwatch does not work anymore. When the tested server is "up", we run [:global srvstat "up"] to set the variable srvstat. Did work with 6.41.2 Looks like up event is not working. Version 6.42 has this changelog entry: *) netwa...

nice of the info, could I use the nas synology or qnap to save or view the logs?

Synology NAS can do it if you install the Log Center package and configure it as the syslog destination for your Mikrotik. QNAP probably does something similar.

In the Checksums link on the Downloads page, I notice that there's no MD5 or SHA256 hash listed for winbox.exe. Can this please be added for Winbox 3.12, and future releases moving forward? If it's kept somewhere else, could somebody point out where? Many thanks....

I manage all sorts of systems and I get notified about all of the vulnerabilities for Windows, Windows Software, Linux, Apple, Android, and many others. I subscribe to many different security sites and I am used to detailed explanations of reasons to patch systems so I can determine whether or not ...

Emulation is the best idea when you want to learn, but I'm assuming you want to buy the hardware. I don't look at network gear as an investment, or put all my eggs in one basket. I scale out, not up, and buy smaller boxes that are meant for the tasks I have at hand. Let switches be switches and let ...

mt99, do you really expect that every owner of every MikroTik device would follow such a lengthy advise? No, that's why you script it. I would never hand edit all that stuff, plus scripting eliminates the possibility of mistakes. I have a deployment script that I run on every router that has baseli...

I agree that Mikrotik should move toward unique default passwords, which many other manufacturers have done (usually some component of the MAC address). But at least so far, it seems like these defacements have been happening in instances where the router's administrative services were available fro...

Yes, exact same device. I only have one RB750GL, and that's the only device I was working on at the time. I know you can't mix backups between devices, even if they are the same model. But I'm glad I got the box back up. It's a decent little performer and the 64 MB of NAND lets me have 3 partitions.

I'm just reporting what I personally experienced. I specifically posted this in the beginner forum with an acknowledgement that I might have done something wrong. If Netinstall can be reliably used to do all those things, I'm glad for such a useful tool and I look forward to seeing better documentat...

That's a good point, I know that ether1 works because you have to use it for Netinstall. But I hadn't thought about explicitly testing the rest of the ports since I was seeing link lights. So I went ahead and tried MAC Winbox on all of them and verified they are working. I got the box back in shape ...

Thanks for asking - I did do System > Reset Configuration as well, and even used the reset button to do the same thing. I always thought that Netinstall could reinstall the OS and apply the default config, but in this case it doesn't seem to do that. I'm hoping I just did something wrong, but not su...

Hi folks, I've read the forum for a while but here is my first question. I was settig up interVLAN routing on my switch and RB750GL router, when I noticed that I couldn't ping the default gateways on the router anymore. So I restored a known good backup on the router, but that didn't fix the problem...