Community discussions

Search found 23 matches

by VipITBE
Tue Apr 02, 2019 8:49 am
Forum: General
Topic: UKNOF 43 CVE
Replies: 223
Views: 40664

Re: UKNOF 43 CVE

@normis Is it possible to get an honest responce about ROS v7's release timetable? We and many other people have been struggling with BGP performance so much so we've had to reject larger potential clients because we cannot offer MPLS due to large packet loss with routing convergence on the CCR1072...
by VipITBE
Fri Mar 22, 2019 10:51 am
Forum: Announcements
Topic: v6.43.13 [long-term] is released!
Replies: 44
Views: 9794

Re: v6.43.13 [long-term] is released!

Hmmmm It's good that these steps have been taken to encrypt local user passwords the only issue is we had jinja2 scripts creating config that essentially renamed the local admin to a site/customer specific username for rollout. Will have to play around and see what to do now . Probably create a new...
by VipITBE
Fri Dec 07, 2018 12:55 pm
Forum: Beginner Basics
Topic: Forwarding Avaya via VPN
Replies: 2
Views: 504

Re: Forwarding Avaya via VPN

make sure that you don't NAT over the VPN tunnel.
no sound or one-way-audio typically also means that the audio is hitting a firewall rule, check those as well
by VipITBE
Fri Dec 07, 2018 12:48 pm
Forum: Forwarding Protocols
Topic: BGP Prefix are advertised , But unreachable.
Replies: 4
Views: 621

Re: BGP Prefix are advertised , But unreachable.

It is likely that your provider is filtering traffic originating from a peering IP Provider already created a out filter for accepting my prefix. Did you specify a source IP from inside your prefix? Didn't understand this. with /tool traceroute you can specify a source IP or interface from which th...
by VipITBE
Fri Dec 07, 2018 11:57 am
Forum: Forwarding Protocols
Topic: BGP Prefix are advertised , But unreachable.
Replies: 4
Views: 621

Re: BGP Prefix are advertised , But unreachable.

Did you specify a source IP from inside your prefix?
It is likely that your provider is filtering traffic originating from a peering IP
by VipITBE
Wed Dec 05, 2018 9:32 am
Forum: Announcements
Topic: v6.43.7 [stable] is released!
Replies: 53
Views: 12607

Re: v6.43.7 [stable] is released!

Today I wanted to upgrade some production routers to 6.43.4 after having tested it at some less critical sites and found that the stable version has just been updated to 6.43.7 Normally I do not want to upgrade production routers to a version released an hour ago. I know it is possible to upload an...
by VipITBE
Wed Dec 05, 2018 8:51 am
Forum: Announcements
Topic: v6.43.7 [stable] is released!
Replies: 53
Views: 12607

Re: v6.43.7 [stable] is released!

Today I wanted to upgrade some production routers to 6.43.4 after having tested it at some less critical sites and found that the stable version has just been updated to 6.43.7 Normally I do not want to upgrade production routers to a version released an hour ago. I know it is possible to upload an...
by VipITBE
Thu Nov 29, 2018 2:35 pm
Forum: Scripting
Topic: Traccar GPS http post advice
Replies: 11
Views: 1823

Re: Traccar GPS http post advice

v6.44beta37 will have: *) gps - added "coordinate-format" parameter (CLI only); ddmm will be an option. Sweet! Is there some way of extracting or generating a datetime timestamp ? Timestamp issue solved with a script from forum user adeeadee https://forum.mikrotik.com/viewtopic.php?t=75555 script u...
by VipITBE
Tue Nov 27, 2018 1:50 pm
Forum: Scripting
Topic: Traccar GPS http post advice
Replies: 11
Views: 1823

Re: Traccar GPS http post advice

v6.44beta37 will have:

*) gps - added "coordinate-format" parameter (CLI only);

ddmm will be an option.
Sweet!
Is there some way of extracting or generating a datetime timestamp ?
by VipITBE
Tue Nov 27, 2018 10:57 am
Forum: Scripting
Topic: Traccar GPS http post advice
Replies: 11
Views: 1823

Re: Traccar GPS http post advice

I've got a working script since last night. Started working on it and took some code snips from other scripts, including a github page I've found to be very helpfull, and the script translates the coordinates - outputted by /gps monitor - to decimal coordinates. I've uploaded the script to github, b...
by VipITBE
Mon Nov 26, 2018 12:34 pm
Forum: Scripting
Topic: Traccar GPS http post advice
Replies: 11
Views: 1823

Re: Traccar GPS http post advice

The problem is that the values returned by the tik GPS are not in a decimal value. You need the data in a decimal value to post to traccar. Same with altitude and speed. For those you need to remove m and km/h from the data. Just tested with Postman and after converting the latitude and longtitude t...
by VipITBE
Wed Apr 25, 2018 12:15 pm
Forum: Announcements
Topic: Advisory: Vulnerability exploiting the Winbox port [SOLVED]
Replies: 204
Views: 164321

Re: Advisory: Vulnerability exploiting the Winbox port

my take on remote accessible device management - and some may be behind a "one-way" access medium, like NAT or 3G/4G, where you can't just connect to the device from the outside - is to have a VPS running routeros. and there's no ports exposed there, but only IPSec. so the managed devices shall con...
by VipITBE
Tue Apr 24, 2018 9:29 am
Forum: Announcements
Topic: Advisory: Vulnerability exploiting the Winbox port [SOLVED]
Replies: 204
Views: 164321

Re: Advisory: Vulnerability exploiting the Winbox port

!) winbox - fixed vulnerability that allowed to gain access to an unsecured router; Shifting of the blame onto users... what else are we supposed to use for remote management? why would you let everyone have possible access to your router? EVERY router needs to be secured. You would not want anyone...
by VipITBE
Mon Apr 23, 2018 4:20 pm
Forum: Announcements
Topic: Advisory: Vulnerability exploiting the Winbox port [SOLVED]
Replies: 204
Views: 164321

Re: Advisory: Vulnerability exploiting the Winbox port

Just FYI, in logs I saw login attemps, but they all seems to failed, not one of them is successfull. This is from Web. Most likely unrelated. Maybe, but this is strange. Web interface indeed is available from Internet, but I changed default port from 80 to something else, and there was 5 attemps in...
by VipITBE
Mon Apr 23, 2018 4:07 pm
Forum: Announcements
Topic: Advisory: Vulnerability exploiting the Winbox port [SOLVED]
Replies: 204
Views: 164321

Re: Advisory: Vulnerability exploiting the Winbox port

Just FYI,

in logs I saw login attemps, but they all seems to failed, not one of them is successfull.
This is from Web. Most likely unrelated.
but should still be firewalled :)
by VipITBE
Mon Apr 23, 2018 3:34 pm
Forum: Announcements
Topic: Advisory: Vulnerability exploiting the Winbox port [SOLVED]
Replies: 204
Views: 164321

Re: Advisory: Vulnerability exploiting the Winbox port

What is happening here is downloading files from a router without the password. Over a port that normally doesn't even allow downloading those files. I find it hard to believe that this is simply "a bug". There must be base functionality of downloading, and the bug is only that it can be done witho...
by VipITBE
Mon Apr 23, 2018 3:32 pm
Forum: Announcements
Topic: Advisory: Vulnerability exploiting the Winbox port [SOLVED]
Replies: 204
Views: 164321

Re: Advisory: Vulnerability exploiting the Winbox port

Concur this is a serious issue and glad Mikrotik is addressing it promptly. However it appears, (not 100% sure) that the failure by an admin to ensure WINBOX is not accessible from the outside is what allows this exploit to be used. Most experienced admins would use vpn to access the router and the...
by VipITBE
Mon Apr 23, 2018 3:30 pm
Forum: Announcements
Topic: Advisory: Vulnerability exploiting the Winbox port [SOLVED]
Replies: 204
Views: 164321

Re: Advisory: Vulnerability exploiting the Winbox port

Even with the later versions or ROS, you can download a backup, restore it on a virtual machine running same software version As a user without insight in the internals, you can download a backup only from a router when you know the password already, right? What is happening here is downloading fil...
by VipITBE
Mon Apr 23, 2018 3:02 pm
Forum: Announcements
Topic: Advisory: Vulnerability exploiting the Winbox port [SOLVED]
Replies: 204
Views: 164321

Re: Advisory: Vulnerability exploiting the Winbox port

On the other hand, when you are the one that set the password and you can't log in to your own router, even though you could just reset to defaults or Netinstall to fix it, it's sometimes nice to be able to recover it so that the question of "what on EARTH could I have possibly set the password to?...
by VipITBE
Mon Apr 23, 2018 1:56 pm
Forum: Announcements
Topic: Advisory: Vulnerability exploiting the Winbox port [SOLVED]
Replies: 204
Views: 164321

Re: Advisory: Vulnerability exploiting the Winbox port

On Czech forum is user which have winbox in IP services allowed only for his private range and is hacked :-( https://ispforum.cz/viewtopic.php?p=228863#p228863 It's possible the attack came from his LAN I would also tend to agree. If you firewall all services on your WAN unless it comes from truste...
by VipITBE
Mon Apr 23, 2018 1:47 pm
Forum: Announcements
Topic: Advisory: Vulnerability exploiting the Winbox port [SOLVED]
Replies: 204
Views: 164321

Re: Advisory: Vulnerability exploiting the Winbox port

How it works: The vulnerability allowed a special tool to connect to the Winbox port, and request the system user database file. They gain access on a file within the router, right? What kind of information is stored in there? You don't know what is stored in the system user database file ???? :lol...
by VipITBE
Mon Apr 23, 2018 1:39 pm
Forum: Announcements
Topic: Advisory: Vulnerability exploiting the Winbox port [SOLVED]
Replies: 204
Views: 164321

Re: Advisory: Vulnerability exploiting the Winbox port

How it works: The vulnerability allowed a special tool to connect to the Winbox port, and request the system user database file. They gain access on a file within the router, right? What kind of information is stored in there? You don't know what is stored in the system user database file ???? :lol:
by VipITBE
Thu Feb 27, 2014 1:45 pm
Forum: General
Topic: Feature request: openvpn topology subnet mode
Replies: 4
Views: 3003

Re: Feature request: openvpn topology subnet mode

topology subnet is working for me, however, when connection with openvpn for windows to my linux openvpn server, I cannot contact the mikrotik clients connecting to that same openvpn server. from linux or from the server itself, the mikrotik clients and subnets are reachable, so this is something st...