Community discussions

Search found 22798 matches

by normis
Tue Apr 24, 2018 10:45 am
Forum: Announcements
Topic: Advisory: Vulnerability exploiting the Winbox port
Replies: 128
Views: 28348

Re: Advisory: Vulnerability exploiting the Winbox port

1. No. RouterOS user passwords are not stored in plain text, but anything can be decrypted with enough effort. We will now make this much harder to do.
2. Even if your device has other firewalls, but you have Management access open to the world, yes this still means unprotected.
by normis
Tue Apr 24, 2018 8:53 am
Forum: General
Topic: Quick set manual does not include "Basic AP"
Replies: 2
Views: 80

Re: Quick set manual does not include "Basic AP"

Like the above poster said, "Home AP" sets the router for basic home use. Why do you assume something about switches? Basic AP is identical to Home AP, except it doesn't allow you to set possibly confusing settings (it leaves them as default in Home AP). Basic AP is not in the manual, because it is ...
by normis
Tue Apr 24, 2018 8:50 am
Forum: General
Topic: Anyone else getting flooded by this forum?
Replies: 8
Views: 223

Re: Anyone else getting flooded by this forum?

PHPBB has no settings that control this. Either you get notified about every new reply, every time, or you turn it off.
by normis
Tue Apr 24, 2018 8:48 am
Forum: Announcements
Topic: Advisory: Vulnerability exploiting the Winbox port
Replies: 128
Views: 28348

Re: Advisory: Vulnerability exploiting the Winbox port

sorry for my english. Let's say the files save.sh and dnstest hit the router. By changing the password and limiting access from outside through winbox, is there a guarantee that there will be no outgoing connection from my infected router and the new password will not be transferred to the attacker...
by normis
Tue Apr 24, 2018 8:34 am
Forum: General
Topic: Anyone else getting flooded by this forum?
Replies: 8
Views: 223

Re: Anyone else getting flooded by this forum?

No changes to forum settings in last weeks. When did this start ?
by normis
Mon Apr 23, 2018 5:15 pm
Forum: Wireless Networking
Topic: hAP ac^2 Problems---Extremely Poor Performance found in 2.4G and 5G WiFi
Replies: 128
Views: 10007

Re: hAP ac^2 Problems---Extremely Poor Performance found in 2.4G and 5G WiFi

Jarda already wrote that he is in contact with support. Thank you for that.
We have currently not seen any issues outside this Forum thread. It could be a combination of specific factors, this is why we ask you to contact MikroTik with details of your setup.
by normis
Mon Apr 23, 2018 5:10 pm
Forum: Announcements
Topic: Advisory: Vulnerability exploiting the Winbox port
Replies: 128
Views: 28348

Re: Advisory: Vulnerability exploiting the Winbox port

Like I said, this issue is secondary. It exists yes.
by normis
Mon Apr 23, 2018 4:57 pm
Forum: Announcements
Topic: v6.42.1 [current]
Replies: 35
Views: 2569

Re: v6.42.1 [current]

And implement "security fix" in 6.40.7 PLEASE!!!!!
coming next
by normis
Mon Apr 23, 2018 4:49 pm
Forum: Wireless Networking
Topic: hAP ac^2 Problems---Extremely Poor Performance found in 2.4G and 5G WiFi
Replies: 128
Views: 10007

Re: hAP ac^2 Problems---Extremely Poor Performance found in 2.4G and 5G WiFi

MikroTik support has seen this discussion, but generic complaints are not the way to resolve issues. Like it has always been requested, we need supout.rif file, network description and possibly remote access to your device. This information is not on the forum or on twitter. This is why we ask you t...
by normis
Mon Apr 23, 2018 4:09 pm
Forum: Announcements
Topic: Advisory: Vulnerability exploiting the Winbox port
Replies: 128
Views: 28348

Re: Advisory: Vulnerability exploiting the Winbox port

Correct me if I'm wrong, but isn't something missing here? Now we know how they got passwords to log in, but what about those files (script and binary) uploaded to router and (probably) executed by RouterOS? Is it some other hidden functionality of WinBox we know nothing about? When the tool gets y...
by normis
Mon Apr 23, 2018 4:05 pm
Forum: General
Topic: Btest.exe
Replies: 2
Views: 103

Re: Btest.exe

Please use iperf3 on your computer, and traffic generator in your RouterOS system.
btest.exe is an old software that doesn't utilize the maximum possible anyway.
by normis
Mon Apr 23, 2018 4:04 pm
Forum: Announcements
Topic: Advisory: Vulnerability exploiting the Winbox port
Replies: 128
Views: 28348

Re: Advisory: Vulnerability exploiting the Winbox port

Just FYI,

in logs I saw login attemps, but they all seems to failed, not one of them is successfull.
This is from Web. Most likely unrelated.
by normis
Mon Apr 23, 2018 3:43 pm
Forum: Announcements
Topic: Advisory: Vulnerability exploiting the Winbox port
Replies: 128
Views: 28348

Re: Advisory: Vulnerability exploiting the Winbox port

v6.42.1 and v6.43rc4 have been released! They fix the vulnerability.

Bugfix coming soon as well.
by normis
Mon Apr 23, 2018 3:36 pm
Forum: Announcements
Topic: Advisory: Vulnerability exploiting the Winbox port
Replies: 128
Views: 28348

Re: Advisory: Vulnerability exploiting the Winbox port

Changing the Winbox port only protects your device from being found. If the attacker finds the new port, he can still gain access.
Firewall and the new RouterOS version is the best way to protect your device.
by normis
Mon Apr 23, 2018 3:34 pm
Forum: Announcements
Topic: Advisory: Vulnerability exploiting the Winbox port
Replies: 128
Views: 28348

Re: Advisory: Vulnerability exploiting the Winbox port

That is true, yes.
We have a nice article on how to make your device secure, I suggest everyone read it, as it contains most of the basics:

https://wiki.mikrotik.com/wiki/Manual:S ... our_Router
by normis
Mon Apr 23, 2018 3:28 pm
Forum: Announcements
Topic: Advisory: Vulnerability exploiting the Winbox port
Replies: 128
Views: 28348

Re: Advisory: Vulnerability exploiting the Winbox port

Concur this is a serious issue and glad Mikrotik is addressing it promptly. However it appears, (not 100% sure) that the failure by an admin to ensure WINBOX is not accessible from the outside is what allows this exploit to be used. Most experienced admins would use vpn to access the router and the...
by normis
Mon Apr 23, 2018 3:19 pm
Forum: Announcements
Topic: Advisory: Vulnerability exploiting the Winbox port
Replies: 128
Views: 28348

Re: Advisory: Vulnerability exploiting the Winbox port

It is a bug though, very specific check was broken for a very specific feature.
I don't want to give ideas to other people, as the fixed versions are not out yet, and it will take a while until most people upgrade.
This is why I don't want to give too many details away.
by normis
Mon Apr 23, 2018 2:45 pm
Forum: Announcements
Topic: Advisory: Vulnerability exploiting the Winbox port
Replies: 128
Views: 28348

Re: Advisory: Vulnerability exploiting the Winbox port

RouterOS doesn't have backdoors. This is a bug that was introduced in 6.29.

The fact that password encryption was considered "weak" is not news. The file was previously hard to get. We are also improving the encryption of the user password file now.
by normis
Mon Apr 23, 2018 2:26 pm
Forum: Announcements
Topic: Advisory: Vulnerability exploiting the Winbox port
Replies: 128
Views: 28348

Re: Advisory: Vulnerability exploiting the Winbox port

How do we know if our router is infected what are the symptoms for this vulnerability ??? Currently there is no sure way to see if you were affected. If your Winbox port is open to untrusted networks, assume that you are affected and upgrade + change password + add firewall. The log may show unsucc...
by normis
Mon Apr 23, 2018 2:15 pm
Forum: Announcements
Topic: Advisory: Vulnerability exploiting the Winbox port
Replies: 128
Views: 28348

Re: Advisory: Vulnerability exploiting the Winbox port


it looks like a wan attack and IP services does not protect the login
Supout.rif will be useful, thanks. The Screenshot doesn't show if the "allowed from" was correctly set.
by normis
Mon Apr 23, 2018 1:48 pm
Forum: Announcements
Topic: Advisory: Vulnerability exploiting the Winbox port
Replies: 128
Views: 28348

Re: Advisory: Vulnerability exploiting the Winbox port

On Czech forum is user which have winbox in IP services allowed only for his private range and is hacked :-(
https://ispforum.cz/viewtopic.php?p=228863#p228863
It's possible the attack came from his LAN
by normis
Mon Apr 23, 2018 1:45 pm
Forum: Announcements
Topic: Advisory: Vulnerability exploiting the Winbox port
Replies: 128
Views: 28348

Re: Advisory: Vulnerability exploiting the Winbox port


No, do you? I f so let me know
the file contains RouterOS system usernames and passwords.
by normis
Mon Apr 23, 2018 1:05 pm
Forum: Announcements
Topic: Advisory: Vulnerability exploiting the Winbox port
Replies: 128
Views: 28348

Advisory: Vulnerability exploiting the Winbox port

We have discovered a new RouterOS vulnerability affecting all RouterOS versions since v6.29. How it works : The vulnerability allowed a special tool to connect to the Winbox port, and request the system user database file. Versions affected : 6.29 to 6.43rc3 (included). Updated versions in all relea...
by normis
Mon Apr 23, 2018 12:21 pm
Forum: RouterBOARD hardware
Topic: Setup suggestion for mini-ISP (not really an ISP)
Replies: 5
Views: 178

Re: Setup suggestion for mini-ISP (not really an ISP)

What are the distances and lines of sight? Have you considered wireless?
What is your budget?
by normis
Mon Apr 23, 2018 10:12 am
Forum: Beginner Basics
Topic: forcing https
Replies: 2
Views: 106

Re: forcing https

Disable the www service in "ip -> services"
Make a dst-nat rule with action "redirect" for condition "dst-port" tcp 80, and action redirect to tcp port 443.
by normis
Mon Apr 23, 2018 9:01 am
Forum: Beginner Basics
Topic: CAP ac: Update not found
Replies: 2
Views: 110

Re: CAP ac: Update not found

From the router command line (Terminal), can you ping "upgrade.mikrotik.com" ?
by normis
Sun Apr 22, 2018 3:25 pm
Forum: General
Topic: winbox vulnerable! Unusual login to routers [SOLVED]
Replies: 44
Views: 4189

Re: winbox vulnerable! Unusual login to routers [SOLVED]

Until we know more, Firewall the Winbox port for unknown IP addresses.
Email any useful information to support@mikrotik.com

Thank you. We are working on it.
by normis
Fri Apr 20, 2018 3:54 pm
Forum: Announcements
Topic: v6.42 [current]
Replies: 146
Views: 12595

Re: v6.42 [current]

netwatch - limit to read, write, test and reboot policies for Netwatch script execution; Maybe i don't understand something, but why? Now we can not use /tool fetch (for example, telegram bots), can not set global variables!. Please add at least "ftp" and "policy"! It's very annoying. If you had a ...
by normis
Fri Apr 20, 2018 11:13 am
Forum: General
Topic: CCR1072 @50% CPU, since last week!
Replies: 2
Views: 139

Re: CCR1072 @50% CPU, since last week!

What RouterOS version are you running? Make sure it's 6.42

Check Tool -> Torch, to see what kind of traffic this is
by normis
Thu Apr 19, 2018 2:28 pm
Forum: Wireless Networking
Topic: LHG 60G experience
Replies: 10
Views: 553

Re: LHG 60G experience

Nice comments, thanks! I'm glad to see it works as expected.
by normis
Thu Apr 19, 2018 2:10 pm
Forum: General
Topic: Need Help
Replies: 1
Views: 73

Re: Need Help

Any model will handle it fine. Choose the one you like best:
https://mikrotik.com/products
by normis
Thu Apr 19, 2018 12:04 pm
Forum: Announcements
Topic: Photos of towers and masts
Replies: 13
Views: 2290

Re: Photos of towers and masts

i couldn't upload pic , next to options no attachments
fixed it ! try now
by normis
Thu Apr 19, 2018 11:59 am
Forum: Announcements
Topic: Photos of towers and masts
Replies: 13
Views: 2290

Re: Photos of towers and masts

Doesn't have to be "cool", just post any installation photos where we could see how you mount the products. Any kind of tricky masts, or maybe other challenges you have seen in placing a MikroTik device onto a tower? Close ups welcome.
by normis
Thu Apr 19, 2018 11:41 am
Forum: General
Topic: CHR still communicates with 169.254.169.254
Replies: 7
Views: 173

Re: CHR still communicates with 169.254.169.254

Starting from v6.42 CHR will detect that it's inside AWS EC2 and will not do these checks. Upgrade should fix it.
by normis
Thu Apr 19, 2018 11:26 am
Forum: General
Topic: CHR still communicates with 169.254.169.254
Replies: 7
Views: 173

Re: CHR still communicates with 169.254.169.254

Are you using CHR on AWS?
This address is used by the Amazon EC2 system, Amazon gives your device the configuration and SSH keys from this IP.
The fetch will only be repeated if there is no route to this address. Otherwise it will stop at the first failure.
by normis
Thu Apr 19, 2018 10:58 am
Forum: Announcements
Topic: Winbox 3.13 released!
Replies: 45
Views: 4266

Re: Winbox 3.13 released!

But how to connect to ROS 5.26 now? Winbox 3.12 is not on download page. Use link to 3.13, just edit it to point to necessary version :) https://download.mikrotik.com/routeros/winbox/3.12/winbox.exe Thanks for link. This is the only way how to connect to clients with rb133 and others clients with R...
by normis
Thu Apr 19, 2018 10:49 am
Forum: RouterBOARD hardware
Topic: Woobm issues
Replies: 4
Views: 454

Re: Woobm issues

Wiki shows 1.1, but that is an internal testing number. Actually the software is identical to the factory installed one. Currently there is no near-term plan for a new software release. If you find a bug, please report it to support@mikrotik.com and we might make a new version.
by normis
Thu Apr 19, 2018 8:46 am
Forum: RouterBOARD hardware
Topic: RBM11G + R11e-LTE
Replies: 18
Views: 885

Re: RBM11G + R11e-LTE

I have a RBM11G & a R11e-LTE-US and it doesn't get the correct IP address from Verizon. It takes the gateway IP as its own and as a /32 which obviously doesn't work. It sets the default gw to the lte interface but its gets no Internet since it took the gateway IP and is not sending the default rout...
by normis
Wed Apr 18, 2018 4:17 pm
Forum: RouterBOARD hardware
Topic: RBM11G + R11e-LTE
Replies: 18
Views: 885

Re: RBM11G + R11e-LTE

To clarify, there are only some R11e-LTE cards that have incompatibility with RBM11G, and we have some ways to fix that. Not all cards are affected, actually a small number, this is why if you have the issue, contact support for more details: support@mikrotik.com
by normis
Wed Apr 18, 2018 3:47 pm
Forum: Announcements
Topic: Photos of towers and masts
Replies: 13
Views: 2290

Re: Photos of towers and masts

Thanks for the photos!

Anyone else? It would be great to see different types of masts and any tricky situations where you had to mount something.
by normis
Wed Apr 18, 2018 9:34 am
Forum: Beginner Basics
Topic: CAP ac: quick setup as Home AP Dual [SOLVED]
Replies: 4
Views: 201

Re: CAP ac: quick setup as Home AP Dual [SOLVED]

Ether1 is firewalled. Connecting to the device is only possible via Ether2 or WiFi

Ether1 is normally used for the ISP side (QuickSet assumes that).
by normis
Tue Apr 17, 2018 5:27 pm
Forum: General
Topic: Upgrade process RB450G (mipsbe)(6.34.1)
Replies: 4
Views: 105

Re: Upgrade process RB450G (mipsbe)(6.34.1)

For the automatic update, you need to be able to resolve upgrade.mikrotik.com normis@machine:~$ host upgrade.mikrotik.com upgrade.mikrotik.com is an alias for download.mikrotik.com. download.mikrotik.com has address 159.148.172.226 download.mikrotik.com has address 159.148.147.204 download.mikrotik....
by normis
Tue Apr 17, 2018 4:44 pm
Forum: Announcements
Topic: v6.42 [current]
Replies: 146
Views: 12595

Re: v6.42 [current]

I can't see any improvement on Nv2 PTMP, someone have some tests and can share AP and client configuration?
did you upgrade AP and stations, or only AP ?
by normis
Tue Apr 17, 2018 4:42 pm
Forum: General
Topic: Upgrade process RB450G (mipsbe)(6.34.1)
Replies: 4
Views: 105

Re: Upgrade process RB450G (mipsbe)(6.34.1)

No, simply upgrade directly to new one. You can do it from Webfig or Winbox, click on "Check for updates"
Screen Shot 2018-04-17 at 16.42.02.png
by normis
Tue Apr 17, 2018 4:17 pm
Forum: Announcements
Topic: v6.42 [current]
Replies: 146
Views: 12595

Re: v6.42 [current]

Previously you could not install User Manager server on ARM systems at all.
by normis
Tue Apr 17, 2018 2:40 pm
Forum: General
Topic: MikroTik 6.41.4 - FTP daemon Denial of Service PoC
Replies: 25
Views: 927

Re: MikroTik 6.41.4 - FTP daemon Denial of Service PoC

We did check it. Firewall stops it, like it was written above. I didn't talk about firewall, It's about FTP service and it's clear the firewalls can block any connection, as you know this service has a vulnerability on parsing function, you can fix that easily. I will not continue this conversation...
by normis
Tue Apr 17, 2018 1:55 pm
Forum: General
Topic: MikroTik 6.41.4 - FTP daemon Denial of Service PoC
Replies: 25
Views: 927

Re: MikroTik 6.41.4 - FTP daemon Denial of Service PoC

We did check it. Firewall stops it, like it was written above.
by normis
Tue Apr 17, 2018 1:53 pm
Forum: Announcements
Topic: Photos of towers and masts
Replies: 13
Views: 2290

Photos of towers and masts

Hi Everyone!

Let us make this topic a showcase of your tower and mast installations of MikroTik products. Post the types of masts and towers that you see the most, and showcase your installations. How are you mounting your devices? Who has the highest installation? Anything interesting is welcome.
by normis
Tue Apr 17, 2018 1:30 pm
Forum: General
Topic: MikroTik 6.41.4 - FTP daemon Denial of Service PoC
Replies: 25
Views: 927

Re: MikroTik 6.41.4 - FTP daemon Denial of Service PoC

Thanks for the image. Zero emails in last 5 months.