Community discussions

Search found 45 matches

by smytht
Wed Mar 22, 2017 5:20 pm
Forum: General
Topic: CIA exploits against Mikrotik hardware
Replies: 97
Views: 44375

Re: CIA exploits against Mikrotik hardware

I think you best buy only equipment from that other vendor and leave us alone here...
No Need to be like that :) cant we all just get along ...
by smytht
Wed Mar 22, 2017 5:06 pm
Forum: General
Topic: CIA exploits against Mikrotik hardware
Replies: 97
Views: 44375

Re: CIA exploits against Mikrotik hardware

Another Vendor of Networking Hardware recently published a security advisory, via email I was wondering if any thing could be learned from their approach, The ideas implemented below make sense to me! I was wondering what do you think ? Dedicated Security Director focused 100% on Vendors software vu...
by smytht
Thu Mar 16, 2017 11:04 am
Forum: General
Topic: CIA exploits against Mikrotik hardware
Replies: 97
Views: 44375

Re: CIA exploits against Mikrotik hardware

Just a note - this topic is officially successfully drowned by you two... I hope that fact alone smytht indicate that your "method of delivery" seriously lacks something.. yeah you may have a Point... Lets return it to a technical discussion ... Ill work on my delivery, thanks, re V7 I think there ...
by smytht
Thu Mar 16, 2017 3:49 am
Forum: General
Topic: CIA exploits against Mikrotik hardware
Replies: 97
Views: 44375

Re: CIA exploits against Mikrotik hardware

I think it would be good if MikroTik share with the community some of the mitigations they do implement in Router OS... It would help the discussion, and certainly put our minds at ease, (well Mine at least ) :) what do people think of compiler based mitigations ? http://oss-security.openwall.org/wi...
by smytht
Thu Mar 16, 2017 2:04 am
Forum: General
Topic: CIA exploits against Mikrotik hardware
Replies: 97
Views: 44375

Re: CIA exploits against Mikrotik hardware

I know it's illegal, but i've reverse enigineered Mikrotik :D And I can confirm, all this Nova stuff - they do care about security, most of intermediate libs/sw is writted by them in C++, and finding exploits surely is possible, but TAKES TIME AND MONEY, unlikely open-sourced UBNT products, as we s...
by smytht
Thu Mar 16, 2017 1:52 am
Forum: General
Topic: CIA exploits against Mikrotik hardware
Replies: 97
Views: 44375

Re: CIA exploits against Mikrotik hardware

... free market of Ideas... and I want to see if other users agree with some of my ideas.. A. Free market ? So why do you rate people not opinions ? They could be different than yours. It is forum, not your discourse. B. If you want to see opinions about your ideas then you should do not be offened...
by smytht
Thu Mar 16, 2017 1:34 am
Forum: General
Topic: CIA exploits against Mikrotik hardware
Replies: 97
Views: 44375

Re: CIA exploits against Mikrotik hardware

Dont Take it Personally Im Not :) ... your tone says other wise I think you can conduct yourself better... You sitll continue to attack my opinion rather than engage in proper discussion -3 A . Please make up your mind: "You sitll continue to attack my opinion" vs "Play the Ball not Man ..." B. You...
by smytht
Thu Mar 16, 2017 1:01 am
Forum: Announcements
Topic: Statement on Vault 7 document release
Replies: 92
Views: 46293

Re: Statement on Vault 7 document release

Hi, It would be nice if Mikrotik can take some proactive steps. For example IOS/Junos devices has proper shell in devices, and as sysadmin i can inspect system integrity easily, including taking storage/filesystem dumps over dd, checksums for all filesystem files and etc, and i can run also scripts...
by smytht
Thu Mar 16, 2017 12:51 am
Forum: General
Topic: CIA exploits against Mikrotik hardware
Replies: 97
Views: 44375

Re: CIA exploits against Mikrotik hardware

You are using big word, big ideas which we all have to agree with as they are true. No one or almost no one, including me, do not say "It is totally wrong idea" to you but you expect all to say "YES, YES it is great idea, let implement it. Now". If anyone is not fully with you, he/she is suspected ...
by smytht
Wed Mar 15, 2017 10:04 pm
Forum: General
Topic: CIA exploits against Mikrotik hardware
Replies: 97
Views: 44375

Re: CIA exploits against Mikrotik hardware

Instead wasting time for pompous writing just prepare script which closes all volunerable settings. Help save the World from CIA and NSA :-) Cant we all just get along... :) I have no issue with the NSA or CIA ... they are spies :) and they do spy stuff... :) my efforts here are to improve MT secur...
by smytht
Wed Mar 15, 2017 3:09 pm
Forum: General
Topic: CIA exploits against Mikrotik hardware
Replies: 97
Views: 44375

Re: CIA exploits against Mikrotik hardware

You guys should carefully rethink the definition of an exploit. RouterOS already has these checks! It does check also on upgrade. The definition of an exploit is that somebody has found a bug how to overcome or fool these checks. So MikroTik makes new checks and more security wizards. This does not...
by smytht
Wed Mar 15, 2017 3:03 pm
Forum: General
Topic: CIA exploits against Mikrotik hardware
Replies: 97
Views: 44375

Re: CIA exploits against Mikrotik hardware

5 posts in a row is some kind of record in this forum smytht . what can I say I care.. and I hate forums... the fact im posting on it tells you how seriously I view the issue My bottom line is I do not see this issue as cause to start global revolution and i don't remember any other issues to do so...
by smytht
Wed Mar 15, 2017 1:03 pm
Forum: General
Topic: CIA exploits against Mikrotik hardware
Replies: 97
Views: 44375

Re: CIA exploits against Mikrotik hardware

2) I would like to see a bug bounty program from MikroTik and crowd source expertise and reward responsible security issue disclosure to MikroTik, How much are you willing to pay for that? Did you notice Mikrotik is really cheap compared to competitors? You can't ask a company to be low-priced and ...
by smytht
Wed Mar 15, 2017 12:07 pm
Forum: General
Topic: CIA exploits against Mikrotik hardware
Replies: 97
Views: 44375

Re: CIA exploits against Mikrotik hardware

You have not answered my questions. You are saying that security is important. Yes, it is. You are trying to persuade us that construction company, lock makers, window and glass makers shoud harden their products as you want to be safe in your home. They ought to list all security problems which th...
by smytht
Wed Mar 15, 2017 11:36 am
Forum: General
Topic: CIA exploits against Mikrotik hardware
Replies: 97
Views: 44375

Re: CIA exploits against Mikrotik hardware

2) I would like to see a bug bounty program from MikroTik and crowd source expertise and reward responsible security issue disclosure to MikroTik, How much are you willing to pay for that? Did you notice Mikrotik is really cheap compared to competitors? You can't ask a company to be low-priced and ...
by smytht
Wed Mar 15, 2017 3:38 am
Forum: General
Topic: CIA exploits against Mikrotik hardware
Replies: 97
Views: 44375

Re: CIA exploits against Mikrotik hardware

The best solution is to always keep your device up to date, always do the maximum possible in securing your devices and keep following announcements and news. Still it is nice, also, if manufacturer(Mikrotik) provide some inspection tools, that makes job of implant authors much harder, and customer...
by smytht
Wed Mar 15, 2017 3:35 am
Forum: General
Topic: CIA exploits against Mikrotik hardware
Replies: 97
Views: 44375

Re: CIA exploits against Mikrotik hardware

The best solution is to always keep your device up to date, always do the maximum possible in securing your devices and keep following announcements and news. Still it is nice, also, if manufacturer(Mikrotik) provide some inspection tools, that makes job of implant authors much harder, and customer...
by smytht
Wed Mar 15, 2017 3:33 am
Forum: General
Topic: CIA exploits against Mikrotik hardware
Replies: 97
Views: 44375

Re: CIA exploits against Mikrotik hardware

Well of course, but as you can see in this situation, many of the big router manufacturers are facing the same issues or even much bigger ones. I guess this type of risk has always existed and in theory - always will. The best solution is to always keep your device up to date, always do the maximum...
by smytht
Wed Mar 15, 2017 3:17 am
Forum: General
Topic: CIA exploits against Mikrotik hardware
Replies: 97
Views: 44375

Re: CIA exploits against Mikrotik hardware

Too many words to describe situation when the admin simply does not care about firewall rules. Im not sure what you mean by that ....[ciach-ciach] ....in other words it is not good enough to say Oh firewall the vulnerable services and everything will be ok ... Easy questions: Do you left access to ...
by smytht
Wed Mar 15, 2017 2:57 am
Forum: General
Topic: CIA exploits against Mikrotik hardware
Replies: 97
Views: 44375

Re: CIA exploits against Mikrotik hardware

in other words it is not good enough to say Oh firewall the vulnerable services and everything will be ok ... Who said that? MikroTik has found the vulnerability and released a patch. This was done by carefully parsing all the discussions in the leaked documents. There are enough hints as to how it...
by smytht
Sat Mar 11, 2017 2:33 pm
Forum: General
Topic: CIA exploits against Mikrotik hardware
Replies: 97
Views: 44375

Re: CIA exploits against Mikrotik hardware

Too many words to describe situation when the admin simply does not care about firewall rules. Im not sure what you mean by that I Certainly care about Firewall rules and Im saying there are times you cant firewall a service off from the outside world, VPN services are just an example of that that ...
by smytht
Fri Mar 10, 2017 1:56 pm
Forum: General
Topic: CIA exploits against Mikrotik hardware
Replies: 97
Views: 44375

Re: CIA exploits against Mikrotik hardware

Yes, this is because all these documents are describing how these "hackers" are configuring their own systems for testing. This explains why they remove firewall and talk about "devel" login. This is because the documents do not describe penetration of remote systems. It describes their test networ...
by smytht
Fri Mar 10, 2017 1:31 pm
Forum: General
Topic: CIA exploits against Mikrotik hardware
Replies: 97
Views: 44375

Re: CIA exploits against Mikrotik hardware

Yes, this is because all these documents are describing how these "hackers" are configuring their own systems for testing. This explains why they remove firewall and talk about "devel" login. This is because the documents do not describe penetration of remote systems. It describes their test networ...
by smytht
Fri Mar 10, 2017 1:25 pm
Forum: General
Topic: CIA exploits against Mikrotik hardware
Replies: 97
Views: 44375

Re: CIA exploits against Mikrotik hardware

OpenBSD did implement work around on i386 to get around the lack of NX .. and they actually use multiple architectures to help show up bugs in software that runs across multiple platforms... so a bug that would appear in one platform easily would not appear in another platform that easily, but the b...
by smytht
Fri Mar 10, 2017 1:17 pm
Forum: General
Topic: CIA exploits against Mikrotik hardware
Replies: 97
Views: 44375

Re: CIA exploits against Mikrotik hardware

One of my concerns, and what I certainly don't want to continue, is that we all treat this as a single vulnerability and and that 6.37.5 / 6.38.5 solves it... cause it doesn't.....of particular concern is the devel login and its purpose and the process around its design and implementation and the d...
by smytht
Fri Mar 10, 2017 1:02 pm
Forum: General
Topic: CIA exploits against Mikrotik hardware
Replies: 97
Views: 44375

Re: CIA exploits against Mikrotik hardware

There has never been any backdoor. "devel" user is created by installing a special debug package by mikrotik staff, which would appear in the packages menu, and allow a new user "devel" to access the device. The user "devel" uses the admin password, so there is no way to access the device without a...
by smytht
Fri Mar 10, 2017 12:02 pm
Forum: General
Topic: CIA exploits against Mikrotik hardware
Replies: 97
Views: 44375

Re: CIA exploits against Mikrotik hardware

One of my concerns, and what I certainly don't want to continue, is that we all treat this as a single vulnerability and and that 6.37.5 / 6.38.5 solves it... cause it doesn't, one of the docs refers to "the many ways" in which to get in to a MikroTik Box, that is of particular concern, I think the ...
by smytht
Fri Mar 10, 2017 3:29 am
Forum: General
Topic: CIA exploits against Mikrotik hardware
Replies: 97
Views: 44375

Re: CIA exploits against Mikrotik hardware

Mikrotiks Rapid Reaction to the exploits discussed on this thread are to be very much welcomed, however, I have a strong belief that more could be done and should be done to ensure the protection of our routers and firewalls, after all our customers trust us to provide a service and to protect their...
by smytht
Tue Feb 18, 2014 1:21 am
Forum: General
Topic: BGP Malformed AS_PATH
Replies: 5
Views: 2654

Re: BGP Malformed AS_PATH

... Check your Route Filters... Ensure that your AS Prepend is not set to 0

AS prepend should be Greater than or equal to 1

...your AS needs to be prepended at least once on any adverisements to your neighbour in most ISP e-BGP Configurations
by smytht
Sun Dec 09, 2012 4:56 pm
Forum: General
Topic: European MUM 2013: Croatia!
Replies: 51
Views: 17979

Re: European MUM 2013: Croatia!

Lads... Im Going.... I think it will be a good one....:)

Rock On :)
by smytht
Sun Jul 08, 2012 5:03 pm
Forum: General
Topic: DNS Changer Malware Identification and QuickFix for ISP
Replies: 2
Views: 754

DNS Changer Malware Identification and QuickFix for ISP

DNS Changer Malware Detection Script for MikroTik Router OS Routers. This Script is designed to identify users that are infected by DNS Changer Malware, and will redirect their DNS Requests to Legitimate DNS Servers. The FBi have been operating temporary Good DNS Servers on the IP addresses that wer...
by smytht
Sat Mar 10, 2012 5:59 pm
Forum: Beginner Basics
Topic: How to direct specific traffic through VPN please help
Replies: 2
Views: 1020

Re: How to direct specific traffic through VPN please help

simply place a specific route for each address and Set the gateway to be the PPPTP Interface if they are all in the same lan eg 10.1.1.0/24 you can just add a route for that network with the gateway being the PPPTP Interface, Remember both Routers (each of the VPN ) must be configured with Routes, (...
by smytht
Mon Mar 05, 2012 3:00 pm
Forum: Beginner Basics
Topic: Helllo ,
Replies: 4
Views: 893

Re: Helllo ,

Hello Check the Rx Sensitivity of the Boards you want to compare, the lower the number the better for Rx Sensitivity -97dB would see twice as far as -91dB Card, 6 db ---> 2x Distance 4x Power 3db---> 2x Power also if you need higher data rates you need to look at Rx Sensitivity for that particular d...
by smytht
Mon Feb 27, 2012 9:55 pm
Forum: Beginner Basics
Topic: Compromised Routerboard
Replies: 5
Views: 1229

Re: Compromised Routerboard

HI mobinz... Looks like you probably dodged the bullet.. .and got hit with an automated worm rather than a determined attacker, simply Net install the router to be absolutely certain, and you should be fine... socks / web proxy would be an ideal start point...for an attacker if they didnt use it hap...
by smytht
Mon Feb 27, 2012 4:26 pm
Forum: Beginner Basics
Topic: Helllo ,
Replies: 4
Views: 893

Re: Helllo ,

... 2.4 GHz.... not so good... I would Suggest 5GHz Stuff... for higher Client Density... High Density... use 4xxAH boards /or 7xxGs for maximum performance Use R52Hn for best performance and Range, Turn off Default Forward and use Nv2 for best performance if using 2Ghz you are going to have to use ...
by smytht
Mon Feb 27, 2012 4:05 pm
Forum: General
Topic: Improved String Matching ( Netfilter based) in IP Firewall
Replies: 2
Views: 1904

Re: Improved String Matching ( Netfilter based) in IP Firewa

I think this is a great Idea and MikroTik Should implement it as soon as possible...

Netfilter String Matcher / Firewall string matcher would be more stable than L7 Filters

Legend
by smytht
Mon Feb 27, 2012 4:00 pm
Forum: General
Topic: Feature request: Packet-Tracer (like in Cisco ASA)
Replies: 9
Views: 4054

Re: Feature request: Packet-Tracer (like in Cisco ASA)

Absolutely ... IT would be a big help for Firwall Engineers Im 100% behind this Idea... Have been begging for it since 2008
by smytht
Mon Feb 27, 2012 1:54 pm
Forum: General
Topic: Squid server and Load balancing..need help
Replies: 3
Views: 952

Re: Squid server and Load balancing..need help

You should be able to to do it by simply dst nat based on Dst address and port,

ie add a dst nat rule for each WAN connection,

ie, Publicip 1:80 dst nat to proxy server 8080
Publickip 2:80 dst nat to proxy server 8080
Contrack Should do the rest for you,

I hope this helps
by smytht
Mon Feb 27, 2012 12:58 pm
Forum: General
Topic: Trunking VLAN from one Switch group to another how?
Replies: 1
Views: 507

Re: Trunking VLAN from one Switch group to another how?

To Be honest , I found the Switch Interface on ROS to be a bit clunky... Ithink you would be far better of using the Software mode, ie use 1 bridge for each vlan and add vlan interfaces on trunk ports, and add physical interfaces to the bridge (these would be access ports)... if you want to forward ...
by smytht
Mon Feb 27, 2012 12:52 pm
Forum: Beginner Basics
Topic: Compromised Routerboard
Replies: 5
Views: 1229

Re: Compromised Routerboard

export compact will reveal any configs they may have added, being honest the one they probably added was web proxy ... that would allow for relaying spam/ attacks etc (TCP based Services)
by smytht
Mon Feb 27, 2012 12:50 pm
Forum: Beginner Basics
Topic: Compromised Routerboard
Replies: 5
Views: 1229

Re: Compromised Routerboard

oh yeah ,

going forward you should filter all admin services entering a router or disable them,

disable telnet http, api and ftp ( un-encrypted services) ...

Avoid Upnp like the plague, it is inherently insecure

Thanks,
by smytht
Mon Feb 27, 2012 12:47 pm
Forum: Beginner Basics
Topic: Compromised Routerboard
Replies: 5
Views: 1229

Re: Compromised Routerboard

Hi Mobiunz It Depends on the sensitive nature of the site, Ideally 1) Isolate the Compromised router, 2) try to check logs and configuration for clues to the perpetrator 3) if router is running > 5.12 then try export compact to see exactly what happened, 4) audit all systems behind the router... (an...
by smytht
Tue Feb 21, 2012 4:46 am
Forum: RouterBOARD hardware
Topic: Customizing web proxy HTML error page
Replies: 2
Views: 2062

Re: Customizing web proxy HTML error page

Im not sure what the Signature Is for ... however, I would suggest the following, 1) Remove the URL from the webpage (this causes false positives ) in relation to Web Scanner Software for XSS 2) Remove the Time / Date fro the Webpage as this gives an attacker the Time on the Proxy (gives them feedba...
by smytht
Wed Apr 01, 2009 4:56 pm
Forum: General
Topic: Epic fail - attempting install on Poweredge 1950
Replies: 11
Views: 4194

Re: Epic fail - attempting install on Poweredge 1950

Hi Omega -00 :) Sorry to hear about your installation issues with the PE 1950 Server ... I have good experience in operating these great servers, ... however the SAS / SATA Controller is custom and MT ROS does not in Seeing custom hardware such as the SAS5i / SAS6ir / PERC 5/6, I do know how you fee...
by smytht
Tue Jul 22, 2008 3:54 pm
Forum: General
Topic: PPPoE setup: don't get address of specified pool.
Replies: 3
Views: 1229

Re: PPPoE setup: don't get address of specified pool.

Hi Jan, How is it going ? I have setup a Radius server in a similar manner... Make sure you set up the user with the correct pool name (which im sure you have) http://wirelessconnect.eu/images/stories/support/mikrotik_forum/usermanager.jpg http://wirelessconnect.eu/images/stories/support/mikrotik_fo...