Hey caresss As mentioned by vecernik87 , MAC-Telnet and MAC-WinBox are not an IP protocols, so an IP firewall will do nothing to block it. You need to configure your interface list to prevent access from any untrusted networks. The fact that the attacker is using MAC-Telnet or MAC-WinBox means that...

you can change the password all day long but if someone has remote access on you pc most probably has installed a keyloger also 11/5/18 22:38:15 system,info,account user NewUserCreated logged in from ??:3B:??:22:??:AC via mac-telnet system,info,account user NewUserCreated logged in from ??:3B:??:22...

Can you identify the MAC address (mac vendor)? Have you tried looking it up via ip/arp / bridge/hosts or switch/hosts after regaining access to check which interface it is connected to? Have you crossed checked with your own machines and ensured it isn't a local device? Didn't bother to look! This ...

With my total respect to Mikrotik let me tell you guys again that your ROS 6.43.4 is still vulnerable .... Is this the first time this router has been hacked? Have you done netinstall and added config from scratch? Unfortunately, it wasn't the 1st time. I was cleaning after him every time but he ke...

Thanks for sharing! This does not look good and support staff should be notified. However, unless we give them some better info (ideally packet capture from TAP) I do not believe, they will be able to help. I can personally confirm that the known attack vector was closed. (I still have few devices ...

Fix ROS6.43.3 because I am sure 10000% it is still vulnerable and I saw the proof tonight with a very long fight. You have a proof? For example, screens or something? I have a full Syslog! And? Can you share it with us? Or with support@mikrotik.com Date Time Message Text #Password changed and I can...

Fix ROS6.43.3 because I am sure 10000% it is still vulnerable and I saw the proof tonight with a very long fight. You have a proof? For example, screens or something? I have a full Syslog! And? Can you share it with us? Or with support@mikrotik.com I will mask the users and mac address and post the...

Hi. if you just connect the device to network and you don't care about config at all, it become a ticking bomb for the rest of the network We have no chance to filter the WAN side, because the Android WinBox app over a mobile net is comes from "random" IP's You can use VPN for remote acce...

Fix ROS6.43.3 because I am sure 10000% it is still vulnerable and I saw the proof tonight with a very long fight.

You have a proof? For example, screens or something?

I have a full Syslog!

Hi. If you can, try to switch on the packet sniffer, and log everything to and from your WinBox/API port.. and stream it to another machine to record it. Probably it can be help to discover and resolve the problem. Best regards: CsXen I will do so when I reset the router in order to gain access bac...

With my total respect to Mikrotik let me tell you guys again that your ROS 6.43.4 is still vulnerable and tonight I was playing with the hacker by closing every single door to access my router. He was kind enough not to directly change my password and kick me out ... He was just playing with some ma...