Community discussions

MikroTik App

Search found 43 matches

by Seccour
Wed Jan 23, 2013 7:09 am
Forum: General
Topic: PCI-DSS/Security Risk Assessment/Gap Analysis
Replies: 4
Views: 2242

Re: PCI-DSS/Security Risk Assessment/Gap Analysis

Certainly some advice to take to heart on that. The most recent request for the elevation of privvies wasn't PCI but an internal risk assessment they had built up using bits and pieces here and there. Now that you mention it, I think it has only been internal risk assessments that have had that ques...
by Seccour
Wed Jan 23, 2013 2:29 am
Forum: General
Topic: PCI-DSS/Security Risk Assessment/Gap Analysis
Replies: 4
Views: 2242

PCI-DSS/Security Risk Assessment/Gap Analysis

This topic doesn't seam to come up at all. I started out in the ISP biz and moved over to Information security for a company who was small enough that tik's still seamed to fit the bill. However we are starting to get hit with PCI-DSS evaluations, Risk Assessments and Gap Analysis with an array of r...
by Seccour
Mon Nov 17, 2008 7:22 pm
Forum: General
Topic: 3.16 - SSH attacks Opens Router
Replies: 4
Views: 1094

Re: 3.16 - SSH attacks Opens Router

I 100% whole heartedly agree that proper firewall setup and maintenance is necessary to protecting our routers and network. I will never argue you that on that point. Even the best firewalls can be compromised though, and having a brute force attack simply render the most basic of unauthorized acces...
by Seccour
Mon Nov 17, 2008 5:40 am
Forum: General
Topic: 3.16 - SSH attacks Opens Router
Replies: 4
Views: 1094

3.16 - SSH attacks Opens Router

ROS 3.16 RB230 Current Routerboard Firmware 1.3.8 The Only configuration is nat, Public IP and a gateway and Queues. The router is a test machine for a inhouse bandwidth management system using the ROS API. Problem: The router goes under a SSH attack and we experience a symptom where we cannot get i...
by Seccour
Wed Sep 24, 2008 7:08 pm
Forum: General
Topic: 3.14 upgrade bad on X86!!! causes CPU peg
Replies: 3
Views: 998

Re: 3.14 upgrade bad on X86!!! causes CPU peg

3.14 on a 532A using routing-test package w/ ospf also pegs CPU at 100%

So it appears that its not just on a X86
by Seccour
Thu Aug 02, 2007 12:27 am
Forum: Beginner Basics
Topic: FreeRadius auth by MAC address
Replies: 1
Views: 5026

Re: FreeRadius auth by MAC address

I had built such a setup a while ago but abandoned it due to some problems that hotspot had with retarded consumer routers. This was all done pre 2.9.40 So I don't know what changes have been made to possibly help me with the problems I had. Do a search on the forum for my username and i'll get the ...
by Seccour
Fri Jun 08, 2007 3:06 am
Forum: General
Topic: Linux and Mikrotik Integration
Replies: 1
Views: 840

Re: Linux and Mikrotik Integration

1.Hotspot Is possible without MT DHCP server? My client will get ip from Linux DHCP server. Hotspot doesn't care how a client gets an IP. So you may use your Linux box for DHCP. You can actually use the MT as a DHCP relay which I've done as part of my network design. Allows me to have a single DHCP...
by Seccour
Thu Jun 07, 2007 7:20 pm
Forum: General
Topic: Squid Cache server with MikroTik
Replies: 10
Views: 2718

Re: Squid Cache server with MikroTik

Knowing a little bit more about your current configuration for your network and for squid. Off the top of my head it sounds like Squid isn't listening on the correct port. You're going to need to make sure you have squid listening on the same port you have the MT redirecting your port 80 traffic to....
by Seccour
Thu Mar 22, 2007 8:06 am
Forum: General
Topic: Hotspot Problems with Mac Authentication
Replies: 6
Views: 2270

Nope, I'm not missing that. #1) Users authenticate just fine, if you read my first message again you will see that they authenticate the first time fine, but if they Idle out then some of them aren't able to reauthenticate without removing them from the host list in the hotspot on the MT. #2) We are...
by Seccour
Wed Mar 21, 2007 10:47 pm
Forum: General
Topic: Hotspot Problems with Mac Authentication
Replies: 6
Views: 2270

Seccour 1) Please, provide complete log errors, when users are unable to authenticate in HotSpot+RADIUS. I've since disabled the hotspot (clients were getting way to mad at me.) I'll dig up the info and paste it here. I also have a supout i should be able to send. I've not tried the hotspot since 2...
by Seccour
Fri Feb 09, 2007 8:21 pm
Forum: General
Topic: Hotspot passthrough MAC address
Replies: 6
Views: 8070

Mac Authentication has some weird quirks, so unless you need some radius specific return attributes like rate limiting, I would use IP bindings, you can actually just put in a mac address and any IP that is bound to it will pass traffic.
by Seccour
Wed Jan 17, 2007 6:54 pm
Forum: General
Topic: Hotspot Problems with Mac Authentication
Replies: 6
Views: 2270

Hotspot Problems with Mac Authentication

I have a few hotspot problems and unfortunately its forcing me to not use Hotspot until I can get it fixed. Here are the two problems. one of them I've sent into Mikrotik but they unfortunately ignored my support request. I'll be more than happy to send it in again if they happen to see this thread....
by Seccour
Thu Nov 16, 2006 11:17 pm
Forum: General
Topic: Problems with Hostpot users staying connected & reconnec
Replies: 3
Views: 1711

I'm getting a similar problem only I'm using MAC authentication, and it seams to be random. Clearing them out of the hotspot host list will get them to automatically and immediately authenticate properly. I think the problem may be the radius server that I'm using, but I'll let you know. I recently ...
by Seccour
Wed Nov 08, 2006 9:32 pm
Forum: General
Topic: plz help
Replies: 5
Views: 1172

You can also try a firewall rule to drop the incoming traffic from a IP or range (likely the better of the two idea's )
by Seccour
Wed Nov 08, 2006 12:57 am
Forum: General
Topic: plz help
Replies: 5
Views: 1172

Use a Queue to rate-limit the ip. queue simple> print Flags: X - disabled, I - invalid, D - dynamic 0 name="attacker" target-addresses=10.10.10.10/32 dst-address=0.0.0.0/0 interface=all parent=none direction=both priority=8 queue=default-small/default-small limit-at=0/0 max-limit=1000/1000 total-que...
by Seccour
Wed Nov 08, 2006 12:40 am
Forum: General
Topic: NAT and Bridged Interfaces
Replies: 1
Views: 953

NAT and Bridged Interfaces

I have a unique scenario in which using NAT (to free up IP's) cases browsing and general internet to stop working. Let me explain... I have a Mikrotik RB532 with 5 total interfaces, 3 Ethernet and two wireless. The internet comes into this MT via ether1. All of the interfaces are bridged. The other ...
by Seccour
Wed Nov 01, 2006 11:39 pm
Forum: General
Topic: Radius Client not recieving requests
Replies: 8
Views: 2022

email me your config's and i'll see what I figure out.

seccour [at] nebonet [dot] com
by Seccour
Fri Oct 27, 2006 1:23 am
Forum: General
Topic: Radius Client not recieving requests
Replies: 8
Views: 2022

in my rad reply table i have a attribute called Framed-Ip-Address and the address they are assigned. I assign then the network parameters in the DHCP server so that they get their Netmask, gateway, and DNS correctly without interaction from Radius. Radius only needs to know then the IP address and i...
by Seccour
Thu Oct 26, 2006 10:50 pm
Forum: General
Topic: Scheduler problems - attn. MT support
Replies: 14
Views: 2664

use NTP to keep the date and time on the boxes. Then you don't need to manually go in and reset the date and time if the box gets rebooted.
by Seccour
Thu Oct 26, 2006 10:39 pm
Forum: General
Topic: Radius Client not recieving requests
Replies: 8
Views: 2022

I use sql for my setup so it may differ from your config, but my radius uses the mac address to see whether or not to give out a DCHP lease, and then for my replies i ahve framed-ip-address and the ip, plus other nifty stuff like my rate limiting. The user that you are using, can you paste that conf...
by Seccour
Wed Oct 25, 2006 10:56 pm
Forum: General
Topic: Radius Client not recieving requests
Replies: 8
Views: 2022

Make sure that the Mikrotik is listed in the radius configuration as an accepted NAS (client). If its not, then the mikrotik logs will give you error (assuming your logging radius messages) but freeradius will not log it by default, at least mine didn't. I use DCHP and Hotspot with Radius in combina...
by Seccour
Wed Oct 18, 2006 5:27 am
Forum: General
Topic: Hotspot Authentication Issue
Replies: 2
Views: 2015

We were going to use session time out to get proper accounting logs every so often. I am now using Interim update, so this shouldn't be an issue. I will move over to using an Idle-timeout instead.

Thank you Normis! I appreciate the reply.
by Seccour
Tue Oct 10, 2006 10:00 pm
Forum: General
Topic: BIG PING ON LOCAL INTERFACE EVEN FEW TIME OUTS
Replies: 5
Views: 3176

Take a look at your system resources when the ping time starts to increase, I see this problem when I have an abuser and my Routerboard CPU goes to 100%. But with only 15 users, it likely is something else as I'm running 500+ clients through my Routerboard 230 only get that problem with abusers. Hop...
by Seccour
Mon Oct 09, 2006 7:18 pm
Forum: General
Topic: Hotspot Authentication Issue
Replies: 2
Views: 2015

Hotspot Authentication Issue

I have a hotspot setup for MAC Authentication against a Radius Server (Works great now, btw!). Now I'm encountering this weird issue : If I have a user who's authenticated for a while, some of them will fail to reauthenticate to the hotspot if they've timed out. So they get the hotspot page and can'...
by Seccour
Tue Sep 26, 2006 9:18 pm
Forum: General
Topic: DHCP Quirkyness
Replies: 1
Views: 920

Shameless bump

Anyone else have experience with using DHCP and Radius ? I'm using Freeradius if that matters any. Does mikrotik have any thoughts ? I've setup another MT for production, and its now doing the same thing but now regardless if I've got a pool in or not. Just no DHCP via Radius. I've been mulling over...
by Seccour
Tue Sep 26, 2006 1:12 am
Forum: General
Topic: DHCP Quirkyness
Replies: 1
Views: 920

DHCP Quirkyness

I have been developing my new AAA and BW Management system using Mikrotiks and RouterOS and ran into something odd. When first on the DEV, I was running ROS 2.9.29, Using the MT's to do my DHCP requests via a Radius Connection which worked exactly like we want. [admin@MikroTik] ip dhcp-server> print...
by Seccour
Tue Sep 05, 2006 12:10 am
Forum: Wireless Networking
Topic: Wireless rate limit
Replies: 2
Views: 862

Use the radius attribute Mikrotik-Rate-Limit The manual has a section for the different options you can do (Bursting) and it also appears to have a option for Marking the MAC via radius attribut but says its for Hotspot only. http://www.mikrotik.com/docs/ros/2.9/guide/aaa_radius I've used the Mikrot...
by Seccour
Fri Jul 07, 2006 6:45 pm
Forum: General
Topic: Feature Suggestion for Graphs
Replies: 1
Views: 1392

Feature Suggestion for Graphs

It would be nice to be able to have graphs from a router stored on / at a central location. Would make looking at all my graphs localized without loading up all my routers / routerboard systems seperate to overview my system health.
by Seccour
Tue Jun 20, 2006 1:59 am
Forum: Wireless Networking
Topic: Wireless AP Clients lose association...
Replies: 3
Views: 1105

I had set the power to lower because I had read reports of the routerboard 532 not being able to supply enough power or have enough power itself if you had too much. When I first put both cards In I had a hard time getting clients to connect ( the AP was put in to replace a AP which took a direct li...
by Seccour
Mon Jun 19, 2006 11:50 pm
Forum: Wireless Networking
Topic: Wireless AP Clients lose association...
Replies: 3
Views: 1105

Wireless AP Clients lose association...

A long time ago I recall seeing a thread about a situation where a Mikrotik AP would lose its clients, changing channel, power output, or enabling disabling the wireless interface would temporarily fix the problem. This is also only when using a SR2. Could someone point me to that post or perhaps he...
by Seccour
Wed May 17, 2006 12:04 am
Forum: General
Topic: Hotspot coexisting with Fixed Wireless
Replies: 2
Views: 740

have the Hotspot have a link to where they can pay for the service, this server would be in your Walled Garden list. During the sign up process, they need to input their Mac address of their wireless card or ethernet if they are using a bridge device. The sign up form shoudl place their mac in a Rad...
by Seccour
Fri Mar 24, 2006 1:25 am
Forum: General
Topic: Question about NAT and Routing co-existing
Replies: 5
Views: 1141

Hrm...

both seam to work okay and switching between the two dont' make a difference with telnet / winbox / icmp...

by your recommendation i'll stick with the accept :D
by Seccour
Fri Mar 24, 2006 12:37 am
Forum: General
Topic: Question about NAT and Routing co-existing
Replies: 5
Views: 1141

Test appears to work...

Did my test using that reference...came up with this. [admin@MikroTik] ip firewall nat> print Flags: X - disabled, I - invalid, D - dynamic 0 chain=srcnat dst-address=10.0.1.0/24 action=passthrough 1 chain=srcnat dst-address=192.168.0.0/24 action=masquerade setup with appropriate routes for NAT and ...
by Seccour
Thu Mar 23, 2006 10:04 pm
Forum: General
Topic: Question about NAT and Routing co-existing
Replies: 5
Views: 1141

Awesome ! Thank you very much> I will be setting up and testing a configuration shortly :D
by Seccour
Thu Mar 23, 2006 8:10 pm
Forum: General
Topic: Question about NAT and Routing co-existing
Replies: 5
Views: 1141

Question about NAT and Routing co-existing

We are looking to cut down on our IP usage by switching our clients over to a NAT configuration and offering still public IP's to those who need it and businesses. Is it possible to have both NAT and a routed IP subnet co-existing on the same interface (bridge, ethernet or wireless, We have a very m...
by Seccour
Thu Mar 02, 2006 1:19 am
Forum: General
Topic: Strange problems with new hardware
Replies: 7
Views: 1482

Nic's

I had similar issue with old linux kernal and some new Intel nics in which a feature was trying to be supported by the driver but wasn't fully compatible with the older kernel. Upgrading the kernel fixed the issue...
by Seccour
Wed Jan 18, 2006 5:30 am
Forum: General
Topic: P2P and Hardware
Replies: 4
Views: 1432

Ram is a cheep upgrade and an easy one at that which requires hardly any downtime. So 512MB ram. As you'll notice i question everything, why 3Com over intel ? I current have two RouterOS routers which use 3Com and haven't had issues, but once again -- benchmarks have lead me to look at Intel vs 3Com...
by Seccour
Tue Jan 17, 2006 11:03 pm
Forum: General
Topic: P2P and Hardware
Replies: 4
Views: 1432

Re: P2P and Hardware

Hello, we are looking at putting in a RouterOS box specifically for managing our P2P traffic. We currently have 5 Class C subnet's which it would need to handle. What hardware would you recommend for such a task ? Right now I'm looking at an AMD 3000+, 1GB of Ram, CF OS Storage, Intel Network Cards...
by Seccour
Tue Jan 17, 2006 11:02 pm
Forum: General
Topic: Xeon vs AMD -- Not a debate, looking for price / performance
Replies: 0
Views: 765

Xeon vs AMD -- Not a debate, looking for price / performance

messed up my reply, moderater please delete
by Seccour
Tue Jan 17, 2006 8:47 pm
Forum: General
Topic: P2P and Hardware
Replies: 4
Views: 1432

P2P and Hardware

Hello, we are looking at putting in a RouterOS box specifically for managing our P2P traffic. We currently have 5 Class C subnet's which it would need to handle. What hardware would you recommend for such a task ? Right now I'm looking at an AMD 3000+, 1GB of Ram, CF OS Storage, Intel Network Cards ...
by Seccour
Wed Sep 21, 2005 8:38 pm
Forum: General
Topic: Yet another FTP Problem
Replies: 1
Views: 803

Shameless bump.

No thoughts ?
by Seccour
Wed Sep 21, 2005 1:16 am
Forum: General
Topic: Yet another FTP Problem
Replies: 1
Views: 803

Yet another FTP Problem

After looking through the FTP threads and taking their advice, I'm finally to the point of asking the community for feedback. I recently just placed a few Mikrotik routers at my NOC. Everyone loves RouterOS, so do we. Once we placed a RouterOS machine (both are non-routerboard, just PC's) we noticed...
by Seccour
Tue Apr 05, 2005 6:45 pm
Forum: General
Topic: Radio disables itself
Replies: 2
Views: 973

Details....

Switching out the board seamed to have fixed the problem. We even kept the same Radio's and memory card that held the OS and didn't experience the same issue with just the replacement board.

Anyone ?