Community discussions

Search found 241 matches

by dada
Fri Jun 08, 2018 4:53 pm
Forum: General
Topic: exploit-backup (ROS vulnerability)
Replies: 8
Views: 510

exploit-backup (ROS vulnerability)

Hi, Google revealed for me this github repo (5 month old files): https://github.com/0ki/mikrotik-tools/blob/master/exploit-backup/exploit_full.sh There are some scripts which shows how to enable devel mode on several ROS version exploiting a backup file. In short the attacker must know username/pass...
by dada
Wed May 30, 2018 7:17 pm
Forum: General
Topic: Too many levels of symbolic links?
Replies: 3
Views: 201

Re: Too many levels of symbolic links?

Hi,

recently I downgraded RB433AH from 6.42.1 to 6.40.8 and I had to bring it back to live using Netinstall. Since I had no access via serial line I have no additional information. What happened to you could explain the problem too IMHO.

Thanks for the posts
by dada
Fri May 25, 2018 6:39 pm
Forum: Announcements
Topic: v6.43rc [release candidate] is released!
Replies: 341
Views: 40055

Re: v6.43rc [release candidate] is released!

For secure connection use api-ssl implementing SSL in our utilities is a problem (time etc). Since the API is proprietary protocol the login phase could be easily changed to not send plain text password and still allow you in the RouterOS to store only hashed passwords. Just make the 'challenge' ha...
by dada
Sat May 05, 2018 9:25 am
Forum: General
Topic: A new scan has started
Replies: 10
Views: 641

Re: A new scan has started

Hi, known exploit for Chimay-Red needs to known some info about the device architecture and ROS version to prepare attack against web server code (where to place code on stack which will run the shell). If the attacker knows the version of ROS it can download proper ROS package, extract WEB server c...
by dada
Thu Apr 26, 2018 3:42 pm
Forum: Scripting
Topic: Handling different syntax
Replies: 1
Views: 77

Re: Handling different syntax

Hi,

you have to detect actual ROS version in your script and then you have to fill appropriate commands into a string and then execute the string :parse. An example:

set cfgstr "place you commands here";
local func [:parse $cfgstr];
$func;
by dada
Wed Apr 25, 2018 2:49 pm
Forum: Announcements
Topic: Advisory: Vulnerability exploiting the Winbox port [SOLVED]
Replies: 204
Views: 73080

Re: Advisory: Vulnerability exploiting the Winbox port

That is basically what you have when you set the "allowed from" in the service. At least when you can confine your internal networks using IP subnet declarations. Also, you can match on in-interface in firewall filters. So you don't need to match on source IP when you don't like to. No, it isn't th...
by dada
Tue Apr 24, 2018 2:28 pm
Forum: Announcements
Topic: Advisory: Vulnerability exploiting the Winbox port [SOLVED]
Replies: 204
Views: 73080

Re: Advisory: Vulnerability exploiting the Winbox port

Hi,

another report and still the same attack IP 103.1.221.39. Do the attacker really sends these probes from the same IP? Or it is some bug in Router OS logging improper IP source?
by dada
Mon Apr 23, 2018 2:20 pm
Forum: Announcements
Topic: Advisory: Vulnerability exploiting the Winbox port [SOLVED]
Replies: 204
Views: 73080

Re: Advisory: Vulnerability exploiting the Winbox port

On Czech forum is user which have winbox in IP services allowed only for his private range and is hacked :-( https://ispforum.cz/viewtopic.php?p=228863#p228863 It's possible the attack came from his LAN Hi Normis, the Czech case contained the same IP in the log like the others I have seen yet. The ...
by dada
Tue Jul 25, 2017 11:59 am
Forum: RouterBOARD hardware
Topic: RB922 shows no wireless
Replies: 9
Views: 639

Re: RB922 shows no wireless

HI,

Does the Fix package exist only for 6.35? Do we have to upgrade/downgrade to 6.35? I think the last batch of these board had higher version of ROS than the 6.35 (but maybe someone in our comapny upgraded them before they landed on my desk)
by dada
Tue Jul 25, 2017 11:43 am
Forum: RouterBOARD hardware
Topic: RB922 shows no wireless
Replies: 9
Views: 639

Re: RB922 shows no wireless

ROS on newer 922 boards is not able to detect wireless. Mikrotik created a special NPK package to fix it (perhaps to set the chipset to known state ?). New ROses will conta8in the fix too.
All the boards with the problem I have seen yet have serial number starting with 7F240 ...
by dada
Fri May 06, 2016 8:01 am
Forum: General
Topic: Files disapearing from flash after reboot
Replies: 2
Views: 311

Re: Files disapearing from flash after reboot

Hi,

thank you for the explanation.
by dada
Thu May 05, 2016 5:04 pm
Forum: General
Topic: Files disapearing from flash after reboot
Replies: 2
Views: 311

Files disapearing from flash after reboot

HI,

on 6.34.4 (hEX lite) I upload a file using scp and after reboot the file disapears. Tried 2 times with the same result. I observed the problem sooner on 6.35 too.
by dada
Mon Apr 11, 2016 3:56 pm
Forum: Beginner Basics
Topic: RouterOS v6.34.1 and UDPLite
Replies: 22
Views: 2317

Re: RouterOS v6.34.1 and UDPLite

dada,
and ... what we can do with the sutiation ?
As I wrote before - if you think the MT box is working improperly, send message to support@mikrotik.com.
by dada
Mon Apr 11, 2016 1:09 pm
Forum: Beginner Basics
Topic: RouterOS v6.34.1 and UDPLite
Replies: 22
Views: 2317

Re: RouterOS v6.34.1 and UDPLite

barkas, read with attention whole topic, try to get a basic knowledge in IP ... Sorry I have not a time to teaching every forum reader ... dada, what exactly configuration option can help me to turn on "correct check sum calculation for UDPLite" on the MT box ? :-) I asked for NAT CFG just because ...
by dada
Mon Apr 11, 2016 9:18 am
Forum: Beginner Basics
Topic: RouterOS v6.34.1 and UDPLite
Replies: 22
Views: 2317

Re: RouterOS v6.34.1 and UDPLite

HI,

How is your NAT configured? I have checked thelist of protocols in NAT rules and there is no UDP-lite protocol option. So I have no explanation how the MT box can affect the packet at all (SRC IP).
by dada
Sun Apr 10, 2016 12:39 pm
Forum: Beginner Basics
Topic: RouterOS v6.34.1 and UDPLite
Replies: 22
Views: 2317

Re: RouterOS v6.34.1 and UDPLite

Hi, I had the impression that there is internet cloud between your server and the MT box which could do something with the packet too... if you have proofs that the MT box is causing the problem you should contact support@mikrotik.com with details. I have no personal experience with UDPLite. And I a...
by dada
Sun Apr 10, 2016 11:58 am
Forum: Beginner Basics
Topic: RouterOS v6.34.1 and UDPLite
Replies: 22
Views: 2317

Re: RouterOS v6.34.1 and UDPLite

dada, Yes , the MT box threats the packets as usual UDP packets and it is IMHO ok. RTFM, for UDP packets check sum must be recalculated, as well for IP packets and so on ... of course. But when cheksum offloading is active the NIC does this and operating system IP stack doesn't bother with updating...
by dada
Sat Apr 09, 2016 7:08 pm
Forum: Beginner Basics
Topic: RouterOS v6.34.1 and UDPLite
Replies: 22
Views: 2317

Re: RouterOS v6.34.1 and UDPLite

dude ... Client (see "sent" dump) <---TP5 Cable ---> (LAN port) MT(WAN Port) <---- internet ----> (see "received") -- Server It's not a matter where is computing check sum by stack or by NIC ... On server side we see: Apr 7 12:59:28 hs1-nl kernel: [3735394.447354] UDPLite: bad checksum. From xx.zz....
by dada
Sat Apr 09, 2016 7:47 am
Forum: Beginner Basics
Topic: RouterOS v6.34.1 and UDPLite
Replies: 22
Views: 2317

Re: RouterOS v6.34.1 and UDPLite

I am assuming you captured the packet on outgoing interface on the MT which is doing the NAT. In the case if the network card does support IP checksum offloading the operating system will not spend CPU cycles on updating the checksum because it knows the card will calculate it during packet transmis...
by dada
Fri Apr 08, 2016 5:32 pm
Forum: Beginner Basics
Topic: RouterOS v6.34.1 and UDPLite
Replies: 22
Views: 2317

Re: RouterOS v6.34.1 and UDPLite

NAT - is the Mikrotik box under Router OS ... :-)
so If you are aware of the NAT - what is the problem with the packet?
by dada
Fri Apr 08, 2016 5:02 pm
Forum: Beginner Basics
Topic: RouterOS v6.34.1 and UDPLite
Replies: 22
Views: 2317

Re: RouterOS v6.34.1 and UDPLite

it looks like something rewrote the SRC IP (from private one to public one perhaps). Is there NAT in the way of the packet?
by dada
Sat Mar 05, 2016 10:44 am
Forum: RouterOS v6 RC and v7 BETA
Topic: Feature request: Enhanced script editor in winbox
Replies: 6
Views: 1033

Re: Feature request: Enhanced script editor in winbox

for the start it would be enough to improve the built-in editor. For example PgUp/PgDn would be fine :-)
by dada
Wed Mar 02, 2016 7:48 am
Forum: General
Topic: Block DDoS on Prerouting chain on firewall
Replies: 24
Views: 2188

Re: Block DDoS on Prerouting chain on firewall

You are right, if connection tracking is enabled then you will never be able to find fragmented packet because it get assembly at door. How other company handling this kind of attack? I hope the fragments you want to eliminate are part of some DDoS attack. For example if the attack is made by DNS p...
by dada
Tue Mar 01, 2016 9:55 pm
Forum: General
Topic: Block DDoS on Prerouting chain on firewall
Replies: 24
Views: 2188

Re: Block DDoS on Prerouting chain on firewall

Okay! Enable IP Fragment option in "Prerouting" chain to mark fragmented packet but its not matching any single packet. If i disable check mark "IP fragment" it start matching packet.. As you already mentioned the problem is probably that ROS does the fragment reassembly automatically when connecti...
by dada
Mon Feb 29, 2016 5:59 pm
Forum: General
Topic: Block DDoS on Prerouting chain on firewall
Replies: 24
Views: 2188

Re: Block DDoS on Prerouting chain on firewall

new mangle rule/extra/[x] ip fragment

as mentioned before - fragmented traffic is perfectly legal. By dropping subsequent fragments you will probably make more problems than you solve
by dada
Thu Jan 28, 2016 1:34 pm
Forum: General
Topic: can I use telnet + port to do the testing?
Replies: 1
Views: 227

Re: can I use telnet + port to do the testing?

/system telnet 1.2.3.4 25
/system telnet address=1.2.3.4 port=25
by dada
Wed Dec 23, 2015 11:35 pm
Forum: Forwarding Protocols
Topic: Search routing table by subnet mask
Replies: 2
Views: 1013

Re: Search routing table by subnet mask

IMHO you should have filters which will not allow to accept longer prefixes (than /24) from BGP peers (among with other things which is not safe to receive from a peer)...
by dada
Sun Dec 20, 2015 1:54 pm
Forum: General
Topic: ping can't find addresses IP scan shows
Replies: 5
Views: 766

Re: ping can't find addresses IP scan shows

IP scan probably doesn't relay just only on ICMP responces. It probably looks to ARP table too. If there is a device which uses IP stack but doesn't want to reply to ICMP echo request it must answer to ARP query(in other case it has no IP connectivity and it cannot communucate using IPv4 at all ). I...
by dada
Tue Dec 15, 2015 5:32 pm
Forum: General
Topic: How is CRS212-1G-10S-1S+IN for Fiber Ring Network ?
Replies: 18
Views: 1414

Re: How is CRS212-1G-10S-1S+IN for Fiber Ring Network ?

Hi, Okay so can we go with this, http://www.cisco.com/c/en/us/support/switches/sg300-28sfp-28-port-gigabit-sfp-managed-switch/model.html ? but it says, SMALL BUSINESS :( Dont know why! because it is an entry level switch. I have no experiences with them. I would go with 2960-x with LAN Base licence...
by dada
Tue Dec 15, 2015 2:31 pm
Forum: General
Topic: How is CRS212-1G-10S-1S+IN for Fiber Ring Network ?
Replies: 18
Views: 1414

Re: How is CRS212-1G-10S-1S+IN for Fiber Ring Network ?

Hi, 5gbps ? I wouldn't not think about CRS in such network. Use something: - better manageable. See the hell of options with strange names and meanings under Switch menu. Near no one option uses a name which is widely used in networking world. Simple things like VLANs are rather complicated here and...
by dada
Fri Oct 23, 2015 6:20 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: Winbox 3 RC
Replies: 640
Views: 106411

Re: Winbox 3 RC

We will revert change which set credentials to admin without password. Yes, please. I would like to say that I got empty password box each time I start the Winbox RC17 - even if previous session was used with manually entered password. (I am using [X] Keep password). hmm strange. After I checked "[...
by dada
Fri Oct 23, 2015 3:57 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: Winbox 3 RC
Replies: 640
Views: 106411

Re: Winbox 3 RC

We will revert change which set credentials to admin without password. Yes please. Now its very annoying. Any change to say something about my other remark? (Closing windows on disconnect...) +1 I am reposting updated list of problems/wishes I sent formerly after RC9 version was released: UI discom...
by dada
Fri Oct 23, 2015 2:37 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: Winbox 3 RC
Replies: 640
Views: 106411

Re: Winbox 3 RC

We will revert change which set credentials to admin without password.
Yes, please. I would like to say that I got empty password box each time I start the Winbox RC17 - even if previous session was used with manually entered password. (I am using [X] Keep password).
by dada
Fri Oct 23, 2015 10:58 am
Forum: RouterOS v6 RC and v7 BETA
Topic: Winbox 3 RC
Replies: 640
Views: 106411

Re: Winbox 3 RC

3) After multiple requests, we decided to use default admin without password if router is selected from Neighbours list. If that should not be used, then router must be saved in Managed tab. If you are changing something users are used too for long time (like this) you should add a settings which a...
by dada
Wed Oct 21, 2015 9:01 am
Forum: Scripting
Topic: Script to update Ros version and signal in Database
Replies: 4
Views: 634

Re: Script to update Ros version and signal in Database

Hello we wanted a script which can call our url every 10 mins and update our database with CPE RoS version and signal strength the url to call should be like http://example.com/cpe.php?mac=_WLAN_MAC&ros=_ROS_VERSION&signal=_WIFI_SIGNAL_STRENGHT in return the php will echo some commands that i want ...
by dada
Tue Oct 20, 2015 1:33 pm
Forum: General
Topic: Version naming
Replies: 16
Views: 1067

Re: 6.32.3 [CURRENT] version released!

Same story happens again: 6.32.2 [current] was pretty stable after being around for some weeks without too many new comments or disasters. This morning found a client that still wasn't upgraded to 6.32.2 so started the auto upgrade script and AGAIN to my surprise a new 'current' version (6.32.3) is...
by dada
Mon Oct 19, 2015 8:17 pm
Forum: General
Topic: CCR broadcasting unicast traffic? - Cisco MK, NSTREME FAILS
Replies: 4
Views: 387

Re: CCR broadcasting unicast traffic? - Cisco MK, NSTREME FAILS

Thanx dada. Have you any idea why it si happening only on new, replaced router? There maybe more reasons like different ARP table behavior on the routers - IMHO there is no way how to view all the entries in the cache on ROS (not the valid ones only). If the traffic is directed to valid MAC (i.e. e...
by dada
Mon Oct 19, 2015 1:44 pm
Forum: General
Topic: CCR broadcasting unicast traffic? - Cisco MK, NSTREME FAILS
Replies: 4
Views: 387

Re: CCR broadcasting unicast traffic? - Cisco MK, NSTREME FAILS

Hi, if you see unicast packets on other than expected interfaces then it means that the switch doesn't know the destination MAC address (so it floods it to all interfaces except the one the packet arrived through)). It can easily happen that gateway's ARP record's lives longer time than the MAC in s...
by dada
Thu Oct 15, 2015 9:39 am
Forum: General
Topic: ROS 6.30.1 - ARP table overflow, please consider increasing max-arp-entries.
Replies: 3
Views: 1291

Re: ROS 6.30.1 - ARP table overflow, please consider increasing max-arp-entries.

Hi, IMHO the ROS doesn't show incomplete ARP entries (i.e. the cases when ARP query was not replied by remote host or is not considered valid for some other reason like timeout etc) so it is still possible that you have larger network assigned to some interface of the router and some kind of scan is...
by dada
Tue Oct 13, 2015 9:57 am
Forum: General
Topic: firmware version numbering confusion
Replies: 9
Views: 678

Re: firmware version numbering confusion

Hi,

why do you thing 5 is greater than 32 ?
by dada
Thu Oct 08, 2015 4:58 pm
Forum: Scripting
Topic: passing variable to script
Replies: 5
Views: 828

Re: passing variable to script

IMHO the only way is to use global variables

http://forum.mikrotik.com/viewtopic.php?f=9&t=23041
by dada
Mon Oct 05, 2015 11:01 am
Forum: General
Topic: Tunnel get only 400Mbps on CCR1036
Replies: 12
Views: 2298

Re: Tunnel get only 400Mbps on CCR1036

Well. the default MTU of all the path is 1500 (I mean the path trough my carrier to my remote router) The MTU of all my phisical interfaces is 1500.. but when I create the tunnel, the tunnel the default MTU of the tunnel is 1476 (since GRE is 24byte header) 1476+1500 is perfect.. but if the device ...
by dada
Tue Sep 29, 2015 7:56 am
Forum: Wireless Networking
Topic: max nv2 clients
Replies: 6
Views: 1326

Re: max nv2 clients

Hi,

when there is too much clients on NV2 sector you have to use larger TDMA Period to achieve good throughput. It of course means that ping time goes higher.
by dada
Thu Sep 24, 2015 10:14 am
Forum: General
Topic: Tunnel get only 400Mbps on CCR1036
Replies: 12
Views: 2298

Re: Tunnel get only 400Mbps on CCR1036

Hello. so a plain GRE tunnel (no encryption) over a fiber link (MTU1500) between a central CCR and a remote RB2011 or 1100AHx2. what are the expected performance? on a central HQ I plan to use a CCR 1009 and have 3 tunnels via fiber link to three remote sites: a 10mb, b 30mb, c 300mb full duplex. c...
by dada
Fri Sep 18, 2015 4:07 pm
Forum: General
Topic: Possible bridge leak problem
Replies: 9
Views: 1247

Re: Possible bridge leak problem

Thanks, dada! Seems like this is the issue indeed. I've checked the hosts toward which traffic is sent and they are indeed the ones that recently gone offline - ARP entry still exists in the router, but no such MAC address in bridge hosts table. What are my possibilities to prevent such flooding to...
by dada
Fri Sep 18, 2015 2:03 pm
Forum: General
Topic: Possible bridge leak problem
Replies: 9
Views: 1247

Re: Possible bridge leak problem

Hi folks, Most of the time everything works fine, but recently this problem started happening time to time: all bridge ports start to transmit exactly the same traffic (~6-8mbps) saturating the ether interface (that VLAN's belong to). I then disable few bridge ports for a couple seconds and everyth...
by dada
Thu Sep 17, 2015 12:16 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: Winbox 3 RC
Replies: 640
Views: 106411

Re: Winbox 3 RC

Is it possible to add one button on the left hand main menu; "close all" At times there are so many windows open you want to start with a new clean empty main window. Restart Winbox with a new Session (or session <none>) Normis, you showed again typical behavior of lazy developer. I met it several ...
by dada
Thu Sep 03, 2015 3:19 pm
Forum: Beginner Basics
Topic: ARP List bug?
Replies: 2
Views: 338

Re: ARP List bug?

Hi, I think ROS is innocent here. I don't know how is the server connected to the routerboard but proably you should check your server settings. The default values for some IP stack features IMHO can cause what you see. I think you should try to check/change values for arp_filter and arp_announce (a...
by dada
Wed Jun 03, 2015 11:12 am
Forum: Announcements
Topic: v6.29 released
Replies: 193
Views: 42079

Re: v6.29 released

Excessive flash writings are not solved. Tried on Omnitik for the first time, freshly updated from 6.28 to 6.29 via direct update. Opening the rule in firewall (just double click, no change, no save) adds two writes to the flash each time. Sometimes just opening makes "filter rule moved by user" in...
by dada
Thu May 21, 2015 4:32 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: Winbox 3 RC
Replies: 640
Views: 106411

Re: Winbox 3 RC

Hi, I decided to post my list of bugs/problems related to Winbox 3.0rc9 which bother us: Crashes when I start winbox and try to connect to a station sometimes winbox windows silently disappears without warning or error message (Winbox probably crashes). Usually the second attempt to connect is OK wh...