Community discussions

Search found 123 matches

by kobuki
Sat Sep 15, 2018 10:37 pm
Forum: Announcements
Topic: Winbox vulnerability: please upgrade
Replies: 244
Views: 30669

Re: Winbox vulnerability: please upgrade

What do you want to say? Have you example of hacked 6.42.7 or are you just guessing and making noise? One of a client's main router with ros 6.42.7 has been compromised and a lot of traffic was beeing generated before i replace it for a new one. Ros 6.42.7 with only winbox port open to web, and the...
by kobuki
Sat Sep 08, 2018 6:08 pm
Forum: General
Topic: IPSEC between public IPs intermittently working
Replies: 1
Views: 176

Re: IPSEC between public IPs intermittently working

I removed the ipsec config for a while since the unsecured connection works between the 2 IPs and we need to do traffic between the peers. However I need the secure the connection, so I added the same config again. When I ping eg. IP2 from IP1, I see egress traffic in Torch on ether1 (the IF with th...
by kobuki
Wed Sep 05, 2018 5:24 pm
Forum: Announcements
Topic: Winbox vulnerability: please upgrade
Replies: 244
Views: 30669

Re: Winbox vulnerability: please upgrade

Currently heise.de writes about attacks on Mikrotik-Devices. Maybe you can correct something on the part of Mikrotik, because the news does not sound good. https://www.heise.de/security/meldung/Spionage-und-Krypto-Mining-MikroTik-Router-angreifbar-4155288.html It looks like a clickbait, smelling pi...
by kobuki
Thu Aug 30, 2018 11:57 pm
Forum: General
Topic: IPSEC between public IPs intermittently working
Replies: 1
Views: 176

IPSEC between public IPs intermittently working

I've set up a tunnel between 2 routers, one RB850Gx2 (6.42.7), and one x86 (6.42.6) in a KVM virtual environment. The connection is established, but it frequently drops the ball and no traffic can pass between them. Sometimes it works for a full day, then drops again for extended periods. There're n...
by kobuki
Thu Aug 23, 2018 4:18 pm
Forum: Announcements
Topic: Winbox vulnerability: please upgrade
Replies: 244
Views: 30669

Re: Winbox vulnerability: please upgrade

They do respond partially on port 80, but act strangely.

What do you mean by that?
by kobuki
Wed Aug 08, 2018 3:00 am
Forum: Announcements
Topic: Winbox vulnerability: please upgrade
Replies: 244
Views: 30669

Re: Winbox vulnerability: please upgrade

Is he trying to use Winbox to connect
No idea, but possible.
how would you route a Winbox connection through a socks proxy?
I assume that's a rhetorical question.
by kobuki
Wed Aug 08, 2018 2:44 am
Forum: Announcements
Topic: Winbox vulnerability: please upgrade
Replies: 244
Views: 30669

Re: Winbox vulnerability: please upgrade

It was empty where I checked, too. It's possibly just a presence indicator in the swarm for the C&C as you also mentioned...
by kobuki
Wed Aug 08, 2018 2:17 am
Forum: Announcements
Topic: Winbox vulnerability: please upgrade
Replies: 244
Views: 30669

Re: Winbox vulnerability: please upgrade

Now I can remote login to the infected router with user "sys" via SOCK
Good! Thanks for the feedback. Your attacker was a particularly malicious one, almost locking you out completely. Almost.
by kobuki
Tue Aug 07, 2018 8:06 pm
Forum: Announcements
Topic: Winbox vulnerability: please upgrade
Replies: 244
Views: 30669

Re: Winbox vulnerability: please upgrade

2. I have try to login to remote mikrotik with that password but no success so I think the problem come from the hacker allow only IP 127.0.0.1 to login with "sys" account. And the hacker use script to disable hard reset, so I just ask can I use the serial cable to login. (infected router is still ...
by kobuki
Mon Aug 06, 2018 12:46 pm
Forum: Announcements
Topic: Winbox vulnerability: please upgrade
Replies: 244
Views: 30669

Re: Winbox vulnerability: please upgrade

We have added more details, so that it is more clear:
https://blog.mikrotik.com/security/winb ... ility.html
It would be really useful to bump that post with today's date and tag with (UPDATED) or something.
by kobuki
Sun Aug 05, 2018 1:09 pm
Forum: Announcements
Topic: Winbox vulnerability: please upgrade
Replies: 244
Views: 30669

Re: Winbox vulnerability: please upgrade

... Create Security mailing list (the Blog you created is a nice step forward, but this is useful for "post event summary" and maybe not exactly for urgent security advisories). ... [/b][/i] I think this one would be very useful. I for one am subscribed to multiple ones already, and do pay attentio...
by kobuki
Fri Aug 03, 2018 8:02 pm
Forum: Announcements
Topic: Winbox vulnerability: please upgrade
Replies: 244
Views: 30669

Re: Winbox vulnerability: please upgrade

So what about version 6.40.8, is vulnerable or not? Could somebody from Mikrotik finally confirm it? Have you read the first post of this thread? EDIT: hmm, now that you asked, and reading the blog post again, it's really not very apparent which version pertains to which release branch at a single ...
by kobuki
Fri Aug 03, 2018 6:03 pm
Forum: Announcements
Topic: Winbox vulnerability: please upgrade
Replies: 244
Views: 30669

Re: Winbox vulnerability: please upgrade

Since the attacker is inserting his script into the targeted routers and changing configuration in them, we recommend to carefully inspect the configuration of your device, restore it from verified backups or export files, and follow generic advice in the above links. What sorts of changes are bein...
by kobuki
Fri Aug 03, 2018 2:41 pm
Forum: Announcements
Topic: Winbox vulnerability: please upgrade
Replies: 244
Views: 30669

Re: Winbox vulnerability: please upgrade

Figuratively asking: Are you saying that Mikrotik has hundreds of thousands devices? No, users are owners of them. Should Mikrotik call/inform each user/owner and "persude" to upgrade? What if user says NO? What if admins in DC ignore such info? I'm not "advocatus diaboli" of Mikrotik but you shoul...
by kobuki
Fri Aug 03, 2018 12:55 pm
Forum: Announcements
Topic: Winbox vulnerability: please upgrade
Replies: 244
Views: 30669

Re: Winbox vulnerability: please upgrade

Hopefully the userdb (and every bit doing anything with passwords in ROS) gets hashes for passwords from now on, and hopefully a modern one. From "now on"? Really? Like stated repeatedly, this has been fixed a long time ago. This is just a reminder AGAIN to please upgrade, where all these things ar...
by kobuki
Fri Aug 03, 2018 12:58 am
Forum: Announcements
Topic: Winbox vulnerability: please upgrade
Replies: 244
Views: 30669

Re: Winbox vulnerability: please upgrade

This vulnerablity is from 6.28. I try it: https://github.com/BigNerd95/WinboxExploit https://github.com/BasuCert/WinboxPoC On the first link WinboxExploit.py reveals that the admin password is stored in the clear in the device. It simply requests the userdb and prints stuff found at offset 55. Mind...
by kobuki
Fri Jul 20, 2018 5:31 pm
Forum: Wireless Networking
Topic: hAP ac^2 Problems---Extremely Poor Performance found in 2.4G and 5G WiFi
Replies: 279
Views: 36177

Re: hAP ac^2 Problems---Extremely Poor Performance found in 2.4G and 5G WiFi

hi guys considering buying one of these for general home use.. want to use it for wifi & VPN. Would wifi be ok using latest stock f/w for general home use? whats best speed anyones got using VPN single tunnel 256bit? cheers See here . I was able to saturate my 110 Mb downstream using AES-128+SHA256...
by kobuki
Tue Jul 17, 2018 7:34 pm
Forum: RouterBOARD hardware
Topic: CRS354-48P-4S+2Q+ Dimensions
Replies: 4
Views: 590

Re: CRS354-48P-4S+2Q+ Dimensions

Does anyone have the depth of the new CRS354-48P-4S+2Q+?

I am curious if it will fit into some customer wall mount racks.
Maybe this helps a bit.
by kobuki
Mon Jul 16, 2018 5:12 pm
Forum: RouterBOARD hardware
Topic: RB850Gx2 vs RB450Gx4
Replies: 49
Views: 5237

Re: RB850Gx2 vs RB450Gx4

It doesn't work.
Well, I guess that would nail it for @acruhl then.
by kobuki
Mon Jul 16, 2018 5:07 pm
Forum: RouterBOARD hardware
Topic: RB850Gx2 vs RB450Gx4
Replies: 49
Views: 5237

Re: RB850Gx2 vs RB450Gx4

Metarouter does not work on RB850Gx2.
The menu is actually there in Winbox, but it doesn't work? Never tried it since I don't need it at that site.
by kobuki
Mon Jul 16, 2018 12:23 pm
Forum: RouterBOARD hardware
Topic: RB850Gx2 vs RB450Gx4
Replies: 49
Views: 5237

Re: RB850Gx2 vs RB450Gx4

Why shouldn't I buy the RB850Gx2? ARM SOCs are faster, run a lot colder and more commonplace (~= cheaper). If you don't need the additional speed of IPSEC HW acceleration, there's no real need to consider the outdated RB850Gx2. The new one beats it in every other way. EDIT: oh, and the RB850Gx2 doe...
by kobuki
Mon Jun 25, 2018 8:42 pm
Forum: Announcements
Topic: v6.42.4 [current]
Replies: 93
Views: 10169

Re: v6.42.4 [current]

@mducharme: thanks for the heads-up about STP. I might switch to standard bridge config later, for now it works so I'll just let it be. I need remote hands to power-cycle, so maybe tomorrow. Luckily the SFP cage is vacant.
by kobuki
Mon Jun 25, 2018 8:29 pm
Forum: Announcements
Topic: v6.42.4 [current]
Replies: 93
Views: 10169

Re: v6.42.4 [current]

@mducharme: in the meantime I've "found" the VLAN filtering option (I was in a kind of hurry to bring things back online), so I'll start testing it on the RB2011. I've modified my original post, removing the false info. So it might become possible to use the bridge config and ditch the old switch co...
by kobuki
Mon Jun 25, 2018 7:48 pm
Forum: Announcements
Topic: v6.42.4 [current]
Replies: 93
Views: 10169

Re: v6.42.4 [current]

RB2011 upgrade from 6.34.2. - VLANs are not converted - new bridge is not created but interface master-slave relations removed - after removing all VLANs to re-create the configuration manually using a new bridge, 2 bridges are automagically created somehow (RB2011 has 2 switch groups) and interface...
by kobuki
Mon Jun 25, 2018 3:16 pm
Forum: RouterBOARD hardware
Topic: RB850Gx2 vs RB450Gx4
Replies: 49
Views: 5237

Re: RB850Gx2 vs RB450Gx4

I found this page on the HAP AC2 the other day. I thought it's relevant because the CPU is almost the same, barring wlan capabilities in the RB450Gx4. It's mostly throughput tests (including PPPoE over Gbit), in Russian but the screen shots should speak for themselves.
by kobuki
Thu Jun 21, 2018 10:18 pm
Forum: RouterBOARD hardware
Topic: RB850Gx2 vs RB450Gx4
Replies: 49
Views: 5237

Re: RB850Gx2 vs RB450Gx4

@chechito: I stated my needs. I don't need a $300 router. Believe me, I don't mix up heavy queues with some NAT or filter rules. I also separate my APs and gateway, though HAP AC^2 and RB450Gx4 use a similar CPU. After reading posts on other forums and also here I concluded that the RB450Gx4 would b...
by kobuki
Tue Jun 19, 2018 7:36 pm
Forum: RouterBOARD hardware
Topic: RB850Gx2 vs RB450Gx4
Replies: 49
Views: 5237

Re: RB850Gx2 vs RB450Gx4

@chechito, chanks for the insight, though comparing the devices in itself doesn't tell much. Obviously the RB1100 series is way faster. But many small, cheap routers are capable of what I ask and I think for MT to stay competitive in that price range they should be able to handle that, too. There's ...
by kobuki
Tue Jun 19, 2018 2:22 pm
Forum: RouterBOARD hardware
Topic: RB850Gx2 vs RB450Gx4
Replies: 49
Views: 5237

Re: RB850Gx2 vs RB450Gx4

I'm considering the local provider's gigabit GPON offering, which comes with an ONT with AC wifi, but I Want to use the PPPoE pass-through option. Would I be able to saturate Gbit wtih an RB450Gx4 and PPPoE using NAT and around 10 effective FW rules? Has really no one attempted using Gbit PPPoE on ...
by kobuki
Sat Jun 16, 2018 7:21 pm
Forum: RouterBOARD hardware
Topic: RB850Gx2 vs RB450Gx4
Replies: 49
Views: 5237

Re: RB850Gx2 vs RB450Gx4

I'm considering the local provider's gigabit GPON offering, which comes with an ONT with AC wifi, but I Want to use the PPPoE pass-through option. Would I be able to saturate Gbit wtih an RB450Gx4 and PPPoE using NAT and around 10 effective FW rules?
by kobuki
Sat Mar 31, 2018 2:16 am
Forum: General
Topic: Problems with mynetname.net cloud IP service DNS
Replies: 7
Views: 1317

Re: Problems with mynetname.net cloud IP service DNS

I would highly doubt that the existing name servers would be having degradation from legitimate updates or queries.

With 60 sec TTL it's entirely possible, but it was just a guess. If it keeps being DDOS'd, then well, SOL. And yes, using the serial directly in the host name is not a bright idea.
by kobuki
Fri Mar 30, 2018 11:12 pm
Forum: General
Topic: Problems with mynetname.net cloud IP service DNS
Replies: 7
Views: 1317

Re: Problems with mynetname.net cloud IP service DNS

I raised my concerns about the built-in function, the thread is not about the alternatives that I know and use as well (dns.he.net or freedns.afraid org are good examples among many). The functionality is a good addition to RouterOS but the backing service is flaky. Mikrotik might have underestimate...
by kobuki
Thu Mar 29, 2018 2:28 pm
Forum: Announcements
Topic: Urgent security advisory
Replies: 110
Views: 71094

Re: Urgent security advisory

(post Removed as others have answered my question)
by kobuki
Wed Mar 28, 2018 11:18 pm
Forum: Announcements
Topic: Urgent security advisory
Replies: 110
Views: 71094

Re: Urgent security advisory

Pardon me, but specifying "www server" is not clear, at all. A serious security vulnerability merits more than vague statements about services. Do the scripts only scan port 80? Are we safe behind HTTPS (which still fall under the "www server" category) or not? Etc. You're obviously not very familia...
by kobuki
Wed Mar 28, 2018 10:40 pm
Forum: Announcements
Topic: Urgent security advisory
Replies: 110
Views: 71094

Re: Urgent security advisory

Just to make it clear: only devices running a not up-to-date RouterOS version are affected, whose HTTP port (TCP/80) are open and provides the login facility and management GUI, right? I never allow unencrypted connections and always disable the HTTP and HTTPS interfaces. Only SSH and Winbox is enab...
by kobuki
Wed Mar 28, 2018 4:19 pm
Forum: General
Topic: Problems with mynetname.net cloud IP service DNS
Replies: 7
Views: 1317

Re: Problems with mynetname.net cloud IP service DNS

Nice to know that you take note of the problems, however it's still serviced from a single unicast IPv4 address...
by kobuki
Tue Mar 13, 2018 4:19 pm
Forum: General
Topic: Problems with mynetname.net cloud IP service DNS
Replies: 7
Views: 1317

Problems with mynetname.net cloud IP service DNS

See here for an overview: https://intodns.com/mynetname.net One server is not answering, lame delegation, etc, quite a handful. I'm a bit concerned about these DNS servers, there's only 2 of them for the "cloud" dynamic names, apparently no real strong clould backing infrastructure is present. Do yo...
by kobuki
Thu Aug 17, 2017 10:46 pm
Forum: Announcements
Topic: v6.41rc [release candidate] is released! New bridge implementation!
Replies: 561
Views: 103447

Re: v6.41rc [release candidate] is released! New bridge implementation!

With the new bridge implementation using HW offload, will it be possible to use multiple bridges using the offload capability, effectively creating multiple "switch groups" that retain wire speed in the group? It's now possible to do something similar using VLANs where each VLAN has a CPU port besid...
by kobuki
Mon May 23, 2016 4:35 pm
Forum: General
Topic: Using Huawei E3372 3G/4G stick
Replies: 20
Views: 4464

Re: Using Huawei E3372 3G/4G stick

@pe1chl: well, it was my mistake, the ack mail landed in the spam folder after all. It got lost with the junk there but just found it. I hope they can fix the issue. It works for you, it should for me as well. I hope it's not a faulty HAP AC where I tested it.
by kobuki
Mon May 23, 2016 11:22 am
Forum: General
Topic: Using Huawei E3372 3G/4G stick
Replies: 20
Views: 4464

Re: Using Huawei E3372 3G/4G stick

@pe1chl, can you please tell me what version of the srick you use? There're different series, 21.xx, 22.xx. Also, did you make any special settings?

My host is not spamming but that's only relevant when sending mails out of it, not when receiving...
by kobuki
Sun May 22, 2016 10:45 pm
Forum: General
Topic: Using Huawei E3372 3G/4G stick
Replies: 20
Views: 4464

Re: Using Huawei E3372 3G/4G stick

I also have a Huawei E3372, it works fine in Hilink mode under Debian Linux 8, kernel 4.2, but I can't make it work on my HAP AC. The modem is stuck in the vendor-id="0x12d1" device-id="0x1508" configuration, which is the "basic" mode without the Hilink interface. Linux can switch it to device-id="0...
by kobuki
Fri Apr 22, 2016 1:54 am
Forum: General
Topic: Regular x86 mikrotik vs CHR with a non-virtualized machine
Replies: 6
Views: 1538

Re: Regular x86 mikrotik vs CHR with a non-virtualized machine

Hi guys, We have bought a 2U Dell Server with 4 Dual 10Gbps ports and we would like to install RouterOS or CHR on it in order to overcome the BGP limitations of our CCR1036. We are not going to install anything else on this server to make sure it has all the power available to handle our multigigab...
by kobuki
Fri Apr 22, 2016 1:48 am
Forum: General
Topic: Regular x86 mikrotik vs CHR with a non-virtualized machine
Replies: 6
Views: 1538

Re: Regular x86 mikrotik vs CHR with a non-virtualized machine

For example x86 don't have virtio drivers, so you can't install RouterOS on a public cloud like Amazon EC2, Azure, or like it.
The installable x86 version does include virtio drivers, I use virtualised ROS instances at multiple places (on KVM, not Xen) with virtio, without problems.
by kobuki
Wed Apr 20, 2016 6:55 pm
Forum: Beginner Basics
Topic: Simple solution for prioritising IPSEC traffic
Replies: 0
Views: 362

Simple solution for prioritising IPSEC traffic

I'm not exactly new to Mikrotik and RouterOS in general, but aside from simple queues for DL/UL limitations, I've worked very little with them. I'd like to employ a simple priority measure for the IPSEC/ESP tunnel we installed between 2 offices. Sometimes the tunnel suffers because of other inetrnet...
by kobuki
Fri Feb 12, 2016 9:28 pm
Forum: RouterBOARD hardware
Topic: HAP AC
Replies: 540
Views: 122134

Re: HAP AC

kobuki product is called hAP AC (the same name as topic). I think it is easy name to remember. RB962UiGS-5HacT2HnT is product code, and it collects all information you need to know about ports and features (if you like). Thanks -- however the post where I noted that it was meant to be a joke and I ...
by kobuki
Wed Feb 10, 2016 2:25 pm
Forum: RouterBOARD hardware
Topic: HAP AC
Replies: 540
Views: 122134

Re: HAP AC

I'm glad it appeared finally. I have the AC Lite and it's fine so far, I'll probably replace an older TP-Link dualband as soon as I can get hold of a HAP AC, for testing.
by kobuki
Mon Dec 14, 2015 1:45 am
Forum: RouterBOARD hardware
Topic: Ubiquiti ERLite3 beats Mikrotik RB1100AHx2 on performance. Can it be possible?
Replies: 18
Views: 3742

Re: Ubiquiti ERLite3 beats Mikrotik RB1100AHx2 on performance. Can it be possible?

My experience...it depends on your understanding of "beating"..... I have just, finally, thanks my God, replaced an ERLITE-3 by an RB/3011 on a 300/300 Mbits PPOE/Nated fiber connection with IPTV and IP phone...unbeliable: back to have a router in a corner of my house acting as a router and not cal...
by kobuki
Wed Dec 02, 2015 11:50 am
Forum: RouterBOARD hardware
Topic: hEX nand size ONLY 16MB !!!!
Replies: 61
Views: 13431

Re: hEX nand size ONLY 16MB !!!!

I'm not very concerned about the problem, but I find it weird that with ever falling flash prices, Mikrotik wants to save the pennies on it. In large volumes, it turns into profit, that's for sure, but still...
by kobuki
Mon Aug 17, 2015 5:34 pm
Forum: RouterBOARD hardware
Topic: RB850Gx2 - Release date?
Replies: 193
Views: 44685

Re: RB850Gx2 - Release date?

Has anyone been able to conduct IPSEC throughput tests on the new RB850Gx2 with HW acceleration? My local supplier is already selling them with the new serial but I'm hesitant to buy them for new projects just for this feature yet.
by kobuki
Wed Aug 05, 2015 5:30 pm
Forum: Virtualization
Topic: Cloud Hosted Router
Replies: 583
Views: 166707

Re: Cloud Hosted Router

Please consider adding the recognition of extra virtual disks to the appliance. Additional virtual storage space would be very useful for larger web caches, FTP or Samba servers as a simple and easy alternative to other storage appliaces with no fancy requirements. Will this be possible in the fina...
by kobuki
Tue Aug 04, 2015 10:49 pm
Forum: Virtualization
Topic: Cloud Hosted Router
Replies: 583
Views: 166707

Re: Cloud Hosted Router

Great Idea. I'm already using several instances of ROS on virtualised platforms for live virtual systems and for testing. When a polished final product, I'm sure it will be a success. Please consider adding the recognition of extra virtual disks to the appliance. Additional virtual storage space wou...