Community discussions

Search found 115 matches

by nuclearcat
Wed Mar 15, 2017 2:29 pm
Forum: General
Topic: CIA exploits against Mikrotik hardware
Replies: 97
Views: 43998

Re: CIA exploits against Mikrotik hardware

You guys should carefully rethink the definition of an exploit. RouterOS already has these checks! It does check also on upgrade. The definition of an exploit is that somebody has found a bug how to overcome or fool these checks. So MikroTik makes new checks and more security wizards. This does not...
by nuclearcat
Wed Mar 15, 2017 1:32 pm
Forum: General
Topic: CIA exploits against Mikrotik hardware
Replies: 97
Views: 43998

Re: CIA exploits against Mikrotik hardware

On my opinion, at least for the beginning: 1)Securing rommon. This is holy grail in any security. I dont know if all units has similar architecture, but rommon on some SXT i guess is in MX25L512C, maybe even keeping WP# low by separate IC (some attiny?) and requiring secure key to unlock write. atti...
by nuclearcat
Tue Mar 14, 2017 12:54 pm
Forum: General
Topic: CIA exploits against Mikrotik hardware
Replies: 97
Views: 43998

Re: CIA exploits against Mikrotik hardware

It seems that already there is such tool. It could be just extended for some more checks if they are needed
checkinstallation.PNG
It is very basic, just to verify possible filesystem/files corruption, too easy to fool it, and wont cover even known implants.
by nuclearcat
Mon Mar 13, 2017 3:18 pm
Forum: General
Topic: CIA exploits against Mikrotik hardware
Replies: 97
Views: 43998

Re: CIA exploits against Mikrotik hardware

The best solution is to always keep your device up to date, always do the maximum possible in securing your devices and keep following announcements and news. Still it is nice, also, if manufacturer(Mikrotik) provide some inspection tools, that makes job of implant authors much harder, and customer...
by nuclearcat
Fri Mar 10, 2017 1:10 pm
Forum: General
Topic: CIA exploits against Mikrotik hardware
Replies: 97
Views: 43998

Re: CIA exploits against Mikrotik hardware

There has never been any backdoor. "devel" user is created by installing a special debug package by mikrotik staff, which would appear in the packages menu, and allow a new user "devel" to access the device. The user "devel" uses the admin password, so there is no way to access the device without a...
by nuclearcat
Fri Mar 10, 2017 12:55 pm
Forum: Announcements
Topic: Statement on Vault 7 document release
Replies: 92
Views: 45662

Re: Statement on Vault 7 document release

Can you imagine labor cost and downtime comparing with proper integrity verification that is done completely automated way? Yes... What I cannot imagine is such a company leaving webfig enabled and open to the internet (or any other management tools) . Mikrotik would produce such detection package ...
by nuclearcat
Fri Mar 10, 2017 12:33 pm
Forum: Announcements
Topic: Statement on Vault 7 document release
Replies: 92
Views: 45662

Re: Statement on Vault 7 document release

...So proper solution is needed badly, and will be great if mikrotik can make in very reasonable time some tool, for existing systems, to verify if they have such implants. [...] It will be MUCH more difficult to hide all traces of presence from raw storage reading tool (similar to dd) + memory ins...
by nuclearcat
Fri Mar 10, 2017 12:17 pm
Forum: General
Topic: CIA exploits against Mikrotik hardware
Replies: 97
Views: 43998

Re: CIA exploits against Mikrotik hardware

Ouch! I didnt noticed this statement, and it is raising big questions.
by nuclearcat
Thu Mar 09, 2017 8:18 pm
Forum: Announcements
Topic: Statement on Vault 7 document release
Replies: 92
Views: 45662

Re: Statement on Vault 7 document release

RB1100/1200, CCR - doesnt have such rules.
Often inexperienced admins removed such rules intentionally, to access mikrotik from outside.
by nuclearcat
Thu Mar 09, 2017 7:44 pm
Forum: Announcements
Topic: Statement on Vault 7 document release
Replies: 92
Views: 45662

Re: Statement on Vault 7 document release

If you opened your management services to the internet and run old versions of software then it's your own problem. Any service exposed to the internet without being updated is in the same situation, expect outdated services to be compromised regardless if it's RouterOS, Linux, Windows, etc. I want...
by nuclearcat
Thu Mar 09, 2017 7:13 pm
Forum: Announcements
Topic: Statement on Vault 7 document release
Replies: 92
Views: 45662

Re: Statement on Vault 7 document release

v6.38.5 has just been released, with vulnerabilities closed. Everyone please upgrade. RC and Bugfix builds coming a bit later. After people have had time to upgrade, could you share some technical details of how the exploit work or what was vulnerable? Why to give hints for hackers, who will might ...
by nuclearcat
Thu Mar 09, 2017 6:53 pm
Forum: General
Topic: CIA exploits against Mikrotik hardware
Replies: 97
Views: 43998

Re: CIA exploits against Mikrotik hardware

Sure, but you still need to wait for Wikileaks to release all information and tools, to know for sure :) . I'm not sitting and waiting on that to happen . Tonight is an update night - hardest decision is to 6.37.5 or 6.38.5... It is already lot of info there. Take a look: https://wikileaks.org/ciav...
by nuclearcat
Thu Mar 09, 2017 6:38 pm
Forum: General
Topic: CIA exploits against Mikrotik hardware
Replies: 97
Views: 43998

Re: CIA exploits against Mikrotik hardware

The reason for such tools are inability to release properly patched versions in time. Cisco release cycle and bug fixing cycle takes years. MT just updated all their versions with a fix. Also nobody knows how compromised router actually looks like, so how can you create tool for that? Normis replie...
by nuclearcat
Thu Mar 09, 2017 6:23 pm
Forum: Announcements
Topic: Statement on Vault 7 document release
Replies: 92
Views: 45662

Re: Statement on Vault 7 document release

They get shell access by exploiting an unknown vulnerability. But the funny part is, we as the owner of these devices with full privileges doesnt have any shell access to play with :) It is time for mikrotik to step up and give us a basic shell where we can check suspicious files etc.. As @nuclearc...
by nuclearcat
Thu Mar 09, 2017 6:18 pm
Forum: Announcements
Topic: Statement on Vault 7 document release
Replies: 92
Views: 45662

Re: Statement on Vault 7 document release

...So proper solution is needed badly, and will be great if mikrotik can make in very reasonable time some tool, for existing systems, to verify if they have such implants. Are you sure ? You are asking them to write antivirus software for all version till 6.30.2 ? Isn't it smarter to upgrade route...
by nuclearcat
Thu Mar 09, 2017 4:56 pm
Forum: General
Topic: CIA exploits against Mikrotik hardware
Replies: 97
Views: 43998

Re: CIA exploits against Mikrotik hardware

As i mentioned in post about statement, other vendors released documents, how to check integrity of systems. I will wait reasonable time any statement from mikrotik, if they plan to release reliable tools for checking integrity, otherwise, if no answer or negative answer - it will play very negative...
by nuclearcat
Thu Mar 09, 2017 3:00 pm
Forum: Announcements
Topic: Statement on Vault 7 document release
Replies: 92
Views: 45662

Re: Statement on Vault 7 document release

They get shell access by exploiting an unknown vulnerability. But the funny part is, we as the owner of these devices with full privileges doesnt have any shell access to play with :) It is time for mikrotik to step up and give us a basic shell where we can check suspicious files etc.. As @nuclearc...
by nuclearcat
Thu Mar 09, 2017 1:06 pm
Forum: Announcements
Topic: Statement on Vault 7 document release
Replies: 92
Views: 45662

Re: Statement on Vault 7 document release

Hi, It would be nice if Mikrotik can take some proactive steps. For example IOS/Junos devices has proper shell in devices, and as sysadmin i can inspect system integrity easily, including taking storage/filesystem dumps over dd, checksums for all filesystem files and etc, and i can run also scripts ...
by nuclearcat
Sat Dec 14, 2013 3:46 am
Forum: General
Topic: raw table, NOTRACK, SYN flood
Replies: 9
Views: 7068

raw table, NOTRACK, SYN flood

Hi I have a customers who love your products, are subject to DDoS attacks (SYN flood), and it hurts that Mikrotik doesn't have "notrack" target, just SYN flood over his CCR will knock down CPU to 100%. And if it had -j NOTRACK (or newer kernels: -j CT --notrack), it can be solved, he needed conntrac...
by nuclearcat
Mon Aug 27, 2012 1:49 am
Forum: Wireless Networking
Topic: a interesting comparison between Groove and Bullet...
Replies: 13
Views: 4329

Re: a interesting comparison between Groove and Bullet...

Like I said, there can be no such situation where you have Power, but no Ethernet, and vice versa. Nope :) AP with sector antenna is on Site B, Site A and Site C connected to Site B over wireless, and can't see each other, so Site B is sort of relay. In this case ethernet cable used purely just for...
by nuclearcat
Mon Jul 30, 2012 3:37 pm
Forum: Wireless Networking
Topic: PtP 80km link
Replies: 10
Views: 3511

Re: PtP 80km link

Make sure:
1)Fresnel zone clearance
2)Possible signal ducting (on such distances can be very significant)
3)Signal fading due weather conditions

Most probably link will work, but no guarantee it will be stable.
by nuclearcat
Sat Jul 21, 2012 1:54 pm
Forum: RouterBOARD hardware
Topic: MikroTik/RouterBOARD SXT 5D 16dB antenna weather concern?
Replies: 43
Views: 15929

Re: MikroTik/RouterBOARD SXT 5D 16dB antenna weather concern

3 units failed, within 2 month.
All of them near sea, there is a lot of duststorms, plus sometimes there is fog.
Fog and dirt on board wil create a shortcut. I am not sure covering by chemicals will help at all.
by nuclearcat
Sun Jul 08, 2012 9:08 am
Forum: RouterBOARD hardware
Topic: RB SXT losing configuration on each reboot
Replies: 21
Views: 11043

Re: RB SXT losing configuration on each reboot

Very good idea indeed, but maybe try to avoid putting inhibitor on parts with RF signal, i am not sure it will not make leakage. RF signal very different from DC. I start reading forums, how people who work on PCB development protecting their products, and as i heard silicone based coating is much b...
by nuclearcat
Sat Jul 07, 2012 11:07 pm
Forum: RouterBOARD hardware
Topic: throughput capabilities
Replies: 4
Views: 1051

Re: throughput capabilities

Performance over softrouters are complicated question. Each new feature is imposing processing overhead, and official tests are just done for some predefined configurations. IMO you should test by yourself and estimate how much horsepower you will have, and how much each new feature add overhead to ...
by nuclearcat
Sat Jul 07, 2012 9:40 pm
Forum: Wireless Networking
Topic: MISO mode in Mikrotik
Replies: 4
Views: 933

Re: MISO mode in Mikrotik

Seems you are right, MCS 0-7 single stream, but i will try to check later by spectrum analyser, if it is exactly same what i want :)
by nuclearcat
Sat Jul 07, 2012 4:58 pm
Forum: Wireless Networking
Topic: MISO mode in Mikrotik
Replies: 4
Views: 933

Re: MISO mode in Mikrotik

For now if i enable both channels for RX and TX, i will get double capacity (channels are bonded), but it should be possible to have SAME data on TX(links are mirrored/duplicating data, as other vendor have on atheros cards), and RX will use best channel, it will improve link margin around 1-2db, ca...
by nuclearcat
Fri Jul 06, 2012 7:43 pm
Forum: RouterBOARD hardware
Topic: RB SXT losing configuration on each reboot
Replies: 21
Views: 11043

Re: RB SXT losing configuration on each reboot

ddd thank you for sharing info!
Btw Mikrotik even not answered to my ticket, 4 days passed. Not impressed at all.
by nuclearcat
Thu Jul 05, 2012 12:14 pm
Forum: Wireless Networking
Topic: MISO mode in Mikrotik
Replies: 4
Views: 933

MISO mode in Mikrotik

Hi Is it possible to set in Mikrotik MISO mode? While MIMO is to double capacity, MISO is to send same data over both polarisations, and whoever is receiving better - will be primary channel, so it will act as polarisation diversity. Other vendor devices has it, while it cut bandwidth in half, it im...
by nuclearcat
Tue Jul 03, 2012 11:23 am
Forum: RouterBOARD hardware
Topic: IP67 and better - rugged enclosure
Replies: 2
Views: 1329

Re: IP67 and better - rugged enclosure

normis, thanks a lot, i am already browsing there.
Sure i checked them, but just need feedback, and if someone used successfully some specific products.
by nuclearcat
Tue Jul 03, 2012 11:15 am
Forum: RouterBOARD hardware
Topic: IP67 and better - rugged enclosure
Replies: 2
Views: 1329

IP67 and better - rugged enclosure

Hi to community again Does anybody know manufacturers for the IP67(or higher) insulated outdoor enclosures with integrated antenna (gain not so important, it is close distance, SXT worked well before)? I have location, very close to the sea with very harsh environment, temperature at day can reach u...
by nuclearcat
Tue Jul 03, 2012 9:26 am
Forum: RouterBOARD hardware
Topic: RB SXT losing configuration on each reboot
Replies: 21
Views: 11043

Re: RB SXT losing configuration on each reboot

For me also there is two choices, if it is reset button issue. If corrosion is so fast, i guess i will have to replace SXT at least on this location very soon, because it will corrode also all board. I will need IP67/IP68 with pressure compensation, and i never seen such enclosure for Mikrotik (most...
by nuclearcat
Tue Jul 03, 2012 8:59 am
Forum: RouterBOARD hardware
Topic: RB SXT losing configuration on each reboot
Replies: 21
Views: 11043

Re: RB SXT losing configuration on each reboot

Updated information, since team came to office, two units went insane at this location. One unit worked after configuration reinserted, and another one losing configuration continuously. I really hope Mikrotik team can take a look to supout, and if they can see GPIO status, is reset is short or open...
by nuclearcat
Mon Jul 02, 2012 5:06 pm
Forum: RouterBOARD hardware
Topic: RB SXT losing configuration on each reboot
Replies: 21
Views: 11043

RB SXT losing configuration on each reboot

Hello I'm trying to push mikrotik for new company, and installed 4 links so far , one is RB boards, and 3 is RB SXT. On one location two Mikrotik device suddenly lost configuration (not at same time), it is relay location, and if one i just reinserted config, and it is working fine, on another even ...
by nuclearcat
Thu Mar 15, 2012 11:13 am
Forum: Wireless Networking
Topic: Spectral Scan
Replies: 8
Views: 3319

Re: Spectral Scan

What do you think is the reason people try to switch to 900MHz, 5GHz, 700MHz etc? 2.4 is overcrowded. You have bluetooth devices, microwave ovens, neighbors wifi, and all kinds of other 2.4GHz devices in this spectrum. So yes, it's full of noise, unless you are in the middle of the desert, with thi...
by nuclearcat
Tue Jan 04, 2011 3:44 pm
Forum: General
Topic: EoIP support in Linux
Replies: 6
Views: 5046

Re: EoIP support in Linux

Thanks If it is required - this code can be extended, e.g. config file for multiple tunnels and etc. If someone using FreeBSD, other flavors of BSD, QNX, Solaris - he can provide patch to make code portable, they have also tap device interface, similar to Linux one. Actually even Windows has tap dev...
by nuclearcat
Mon Jan 03, 2011 11:35 pm
Forum: General
Topic: PPPoE over EoIP ?!
Replies: 5
Views: 2900

Re: PPPoE over EoIP ?!

PPP has much higher overhead. Control protocol with authentication and negotiation, plus PPP frame encapsulation, it is also stateful, and can stop in case of packetloss or etc.
EoIP is plain stateless tunnel, which is more stable also, with only 28 bytes overhead (IP header + gre header).
by nuclearcat
Mon Jan 03, 2011 10:33 pm
Forum: General
Topic: EoIP support in Linux
Replies: 6
Views: 5046

Re: EoIP support in Linux

Since noone said no, here it is:
http://code.google.com/p/linux-eoip/
by nuclearcat
Mon Jan 03, 2011 2:50 pm
Forum: General
Topic: EoIP support in Linux
Replies: 6
Views: 5046

EoIP support in Linux

I wrote opensource implementation for EoIP in Linux, so now it is possible to link mikrotik in simple way to Linux. For me it was important, because i have some applications under Linux, and i need to bridge mikrotiks to that server some "light" way. Is it ok for Mikrotik if i post link to it here? ...
by nuclearcat
Mon May 26, 2008 2:23 am
Forum: Wireless Networking
Topic: My explanations of some "features"
Replies: 1
Views: 982

My explanations of some "features"

Just long time i was interested, what means famous Atheros "periodic calibration" and "ANI"(adaptive noise immunity). Many people give "voodoo" explanations, using their imaginations. Some telling it is temperature adjustment calibration, some is telling it is ACK calibration and etc. Periodic calib...
by nuclearcat
Tue Apr 29, 2008 7:56 pm
Forum: General
Topic: Bridge MAC addresses is not in FDB
Replies: 0
Views: 542

Bridge MAC addresses is not in FDB

Hi2all I notice on my wireless bases, which is WDS + bridge and EoIP till PPPoE unit, that lcnc@GHADEER-BASE] /interface bridge host> print gives only MAC addresses for local interfaces and 2-3 others, while there is 58 CPE connected, about 3 customers on each. So it must be PLENTY of mac addresses....
by nuclearcat
Tue Jan 22, 2008 1:28 pm
Forum: General
Topic: PPC cd-image?
Replies: 8
Views: 1726

Re: PPC cd-image?

promind, Mikrotik images is "set" for specific hardware/peripherals. It's not generic, it will not run on PPC Mac's.
Just because for example CPU is completely different, than Mikrotiks CPU.
by nuclearcat
Wed Jan 09, 2008 8:25 am
Forum: General
Topic: Feature proposal (also community pls say if it is required)
Replies: 14
Views: 4388

Re: Feature proposal (also community pls say if it is required)

There is no need to go inside Mikrotik. I can get all names of interfaces by walking (it can be done by perl code or even using libnetsnmp, instead forking snmpwalk binary), it is just standart MIB. IF-MIB::ifDescr.1 = STRING: ether1 IF-MIB::ifDescr.2 = STRING: ether2 IF-MIB::ifDescr.3 = STRING: eth...
by nuclearcat
Tue Jan 08, 2008 10:06 pm
Forum: General
Topic: Feature proposal (also community pls say if it is required)
Replies: 14
Views: 4388

Re: Feature proposal (also community pls say if it is required)

FWIW, you can gather this information from SNMP. Not a perfect method, but it is certainly a usable method. Butche, thanks a lot, for a time being it can help in most difficult situations. Probably i will write some tool in perl to get only specific values of interface by name (first getting one by...
by nuclearcat
Tue Jan 08, 2008 12:15 pm
Forum: General
Topic: Feature proposal (also community pls say if it is required)
Replies: 14
Views: 4388

Re: Feature proposal (also community pls say if it is required)

I dont agree about specific drivers. From me it took about 30 minutes to implement interface, and there is various ways to do it (over netlink or plain file /proc/net/dev lookups) Just look to /proc/net/dev. Majority of drivers have "tp->stats.tx_errors++;" at least and similar things. Example my "h...
by nuclearcat
Fri Jan 04, 2008 6:37 pm
Forum: General
Topic: Feature proposal (also community pls say if it is required)
Replies: 14
Views: 4388

Re: Feature proposal (also community pls say if it is required)

Imho it is too trivial to include it to wiki. Already Mikrotik taking from /proc or somewhere else information about counters, so it is just few lines more in code. Not complicated like other things in WIKI.
by nuclearcat
Thu Jan 03, 2008 2:08 am
Forum: General
Topic: rc13, lot of bugs/ not for production, rc14 wanted
Replies: 1
Views: 1160

rc13, lot of bugs/ not for production, rc14 wanted

Hi Sent reports with wireless "stale" bug, while all clients is associated, but traffic not able to pass. Got on my home link (x86), and one of bases who i upgrade to rc13. Mikrotik asked me for supout, but it is kind of difficult to do, cause client is down at this time and i cannot reach him. Prob...
by nuclearcat
Thu Dec 13, 2007 4:57 pm
Forum: General
Topic: Nstreme option suggestion/cosmetic
Replies: 0
Views: 879

Nstreme option suggestion/cosmetic

Hi again :-)

As i understand (and it is logic), polling cannot be enabled without Nstreme. And CSMA-Disable cannot be enabled without nstreme.
Is it possible to "disable" checkboxes? Cause some people thinking, they can enable polling without nstreme.
by nuclearcat
Wed Dec 12, 2007 1:43 am
Forum: General
Topic: Feature proposal (also community pls say if it is required)
Replies: 14
Views: 4388

Feature proposal (also community pls say if it is required)

1)We faced recently strange issue with lightening - 3 cards in PC, one of the cards was damaged (it is was not shown anywhere, card was visible). All cards was dead (i can change settings, but cards dont see anything in air), cause by "unexpected replies to driver" from damaged card was blocking ath...
by nuclearcat
Fri Sep 21, 2007 5:08 pm
Forum: General
Topic: MUM in Egypt - DONE!
Replies: 26
Views: 5261

Re: MUM Egypt who is coming?

I will send my boss :-)
by nuclearcat
Mon Sep 17, 2007 6:18 am
Forum: Wireless Networking
Topic: 65km p2p link - floating and unstable signal
Replies: 2
Views: 727

Re: 65km p2p link - floating and unstable signal

IMHO it is another issue, require space diversity actual for 5Ghz links (but not very for 2.* ghz).
It means depends on weather conditions possible path of signal changes.
But this is just an idea.
by nuclearcat
Sat Sep 01, 2007 5:38 pm
Forum: General
Topic: Defcal in RC4?
Replies: 1
Views: 1137

Defcal in RC4?

What is "defcal" on wireless interface settings, first page?
by nuclearcat
Mon Aug 20, 2007 1:14 pm
Forum: General
Topic: WiFi compatibility RC1,RC2 & 2.9.x
Replies: 10
Views: 2073

Re: WiFi compatibility RC1,RC2 & 2.9.x

I have the same problem. Beta working very bad with stable. Customers disconnecting non-stop even with good signal ime=04:13:22 topics=wireless,info message=00:80:48:41:94:43@OW1: disconnected, extensive data loss time=04:13:30 topics=wireless,info message=00:80:48:41:94:43@OW2: connected, wants WDS...
by nuclearcat
Wed Aug 01, 2007 12:55 am
Forum: General
Topic: ROS v3 RC 1
Replies: 66
Views: 13492

Re: ROS v3 RC 1

Yes, it looks something in bridge. I will remove bridge on my system now and will see if it works fine. Btw at my place issue with "stopped traffic for some time" was caused by system reboot. It was stopped, just because Mikrotik rebooted. No supout actually was generated. Update: It didn't help. Po...
by nuclearcat
Tue Jul 31, 2007 3:12 pm
Forum: General
Topic: ROS v3 RC 1
Replies: 66
Views: 13492

Re: ROS v3 RC 1

I had something similar. Do you have any queues?
by nuclearcat
Fri Jul 13, 2007 12:47 am
Forum: General
Topic: 3.0Beta10 RIP doesn't work?
Replies: 2
Views: 1091

Re: 3.0Beta10 RIP doesn't work?

Same thing for me
by nuclearcat
Mon Jul 09, 2007 10:09 am
Forum: Wireless Networking
Topic: NLOS
Replies: 8
Views: 1471

Re: NLOS

As my expirience show, 5/10 Mhz is worse with same power in NLOS conditions.
For example Atheros XR seems using Turbo (40 Mhz).
by nuclearcat
Sat Jul 07, 2007 2:34 pm
Forum: General
Topic: beta10 bug (export)
Replies: 4
Views: 1346

Re: beta10 bug (export)

I am not using ripng!!!.
Just i did system, using regular RIP, and trying to do over such way backup with diff's.
in beta10 it is crashing on that stage, thats it...
If there is in menu /ripng, i dont have any glue how to remove it separately without removing whole routing package.
by nuclearcat
Fri Jul 06, 2007 5:18 pm
Forum: General
Topic: beta10 bug (export)
Replies: 4
Views: 1346

Re: beta10 bug (export)

I cannot install packages, which i am not using.
I guess it is bug, but for me not critical if going to be fixed in beta11. Configuration must be exported IMHO in any case, and it is wrong if i install routing package, i will need install also ipv6 package.
by nuclearcat
Fri Jul 06, 2007 3:54 pm
Forum: General
Topic: beta10 bug (export)
Replies: 4
Views: 1346

beta10 bug (export)

on export: redistribute-connected=no redistribute-rip=no redistribute-static=no \ router-id=0.0.0.0 /routing rip set distribute-default=never garbage-timer=2m metric-bgp=1 metric-connected=1 \ metric-default=1 metric-ospf=1 metric-static=1 redistribute-bgp=no \ redistribute-connected=no redistribute...
by nuclearcat
Wed Jul 04, 2007 4:33 pm
Forum: Wireless Networking
Topic: Ubiquiti High Power - Amplifier question
Replies: 0
Views: 597

Ubiquiti High Power - Amplifier question

Dear All
Just question, is Ubiquiti amplifier is working linearly (or almost linearly) (let's say on whole range 4.9-6.1 range)?

Because there is some rumors that its amplifying only in manual-txpower range (unlicensed frequencies?).
by nuclearcat
Fri Jun 29, 2007 11:38 am
Forum: General
Topic: Skype don´t login. Who knows autentication hosts?
Replies: 3
Views: 744

Re: Skype don´t login. Who knows autentication hosts?

Chinese "big firewall" able to block Skype as i heard
by nuclearcat
Wed Jun 27, 2007 12:26 am
Forum: General
Topic: NAT improve performance
Replies: 7
Views: 6762

Re: NAT improve performance

In RouterOS 3.0 conntrack using new hashes. This tweaking is outdated...
I tested by myself, 500000 concurrent connections, more than 120Mbps real traffic - no difference.
Only one thing HIGHLY useful - net.netfilter.nf_conntrack_max = NNNNN
by nuclearcat
Tue Jun 26, 2007 10:15 am
Forum: General
Topic: Mikrotik VIDEOS!
Replies: 35
Views: 6152

Re: Let's try something new ...

WordPress database error: [Table 'tiktube.wp_Counterize' doesn't exist] INSERT INTO wp_Counterize (IP, klucis, url, referer, useragent) VALUES ('195.69.XXX.X','2007-06-26 10:15:18', '/', 'http://forum.mikrotik.com/viewtopic.php?f=7&t=16721', 'Opera/9.10 (X11; Linux i686; U; en)') I delete part of my...
by nuclearcat
Sat Jun 23, 2007 12:42 pm
Forum: General
Topic: Syslog Daemon Compatibility for Linux
Replies: 2
Views: 731

Re: Syslog Daemon Compatibility for Linux

syslog-ng can work fine too (over external scripts, you can make parsing rules)
by nuclearcat
Fri Jun 22, 2007 11:34 pm
Forum: Wireless Networking
Topic: WR: 304km with RouterOS + XR5 + handmade antenna
Replies: 77
Views: 62783

Re: WR: 304km with RouterOS + XR5 + handmade antenna

I guess without space diversity it will be not very stable.
by nuclearcat
Fri Jun 22, 2007 11:32 pm
Forum: General
Topic: PPPoE client behind an AP acting as client....Problem
Replies: 7
Views: 1182

Re: PPPoE client behind an AP acting as client....Problem

It must be bridge mode, which cannot be done in Client-AP mode. It must be WDS or some sort of pseudo-bridge
by nuclearcat
Tue Jun 19, 2007 12:03 pm
Forum: Wireless Networking
Topic: Problem with bandwidth over 3-4 hops
Replies: 22
Views: 2535

Re: Problem with bandwidth over 3-4 hops

Mt2 and MT3 - does they use non-interfering channels?
by nuclearcat
Wed Jun 13, 2007 11:11 pm
Forum: General
Topic: RB133 process TOO HIGH
Replies: 2
Views: 739

Re: RB133 process TOO HIGH

I guess you forgot also to put proxy, dhcp, ntp and few more things :-)
RB133 - CPE, i dont think it will handle such load.
by nuclearcat
Wed Jun 13, 2007 12:16 am
Forum: General
Topic: Inte 965 chipset support
Replies: 6
Views: 2144

Re: Inte 965 chipset support

Problems is DOM Flash is still PATA :-(
But i will see, maybe some SATA->PATA convertor available.
by nuclearcat
Wed Jun 06, 2007 7:53 pm
Forum: General
Topic: Inte 965 chipset support
Replies: 6
Views: 2144

Re: Inte 965 chipset support

Beta9 - yes It is not connecting even connected PATA IDE, cause controller chip is not ICH. Even most of linux distro had problems, but it is workaround by string in bootloader, and later they add driver for this controller, BUT! in libata (and it appears as /dev/sd*), and Mikrotik use old PATA driv...
by nuclearcat
Tue Jun 05, 2007 6:46 pm
Forum: General
Topic: Inte 965 chipset support
Replies: 6
Views: 2144

Inte 965 chipset support

Is it possible to make Intel 965 chipset to be supported? At least to boot mikrotik with options all-generic-ide New Intel ICH chipset is WITHOUT PATA IDE, and for now they include for compatibility Marvell IDE chipset, which is supported only under libata drivers. It is bad to not be able use new I...
by nuclearcat
Wed May 16, 2007 2:09 am
Forum: Wireless Networking
Topic: How big is a Normal 2.4GHz Channel
Replies: 4
Views: 900

Spectrum size for 802.11a and 802.11g (both OFDM) standart channel 20 Mhz Sure mikrotik have unofficial 10 and 5 Mhz(in theory), but noone know how precise it is and is there "safety spacing". Real spectrum size can show only spectrum analyser, it can be bit bigger or smaller. 802.11b (DSSS) - 25 Mh...
by nuclearcat
Mon May 14, 2007 3:30 pm
Forum: Wireless Networking
Topic: More than 40Mhz ?
Replies: 6
Views: 1496

I would prefer 256QAM miniPCI or PCI or PCI-E. At least it is same result - more bandwidth, but without wasting "air", just by using better antennas. Is there any? And if drivers for Linux available, i guess it will work in near future for Mikrotik also. By the way, maybe such powerful company as Mi...
by nuclearcat
Sun Apr 08, 2007 7:45 pm
Forum: Wireless Networking
Topic: Wimax is here what is the solution MT
Replies: 13
Views: 2281

There is NLOS, and it is not because air is clear. First - Navini for example have on each card manageable number of carriers, on CPE from 1 to 4, each carrier 500 Khz, power of CPE(not sure) 2 Watt, it is disabling power, if human coming close to CPE or taking it to hands, to not harm customer by R...
by nuclearcat
Fri Apr 06, 2007 9:19 pm
Forum: General
Topic: reboot bug on beta7
Replies: 8
Views: 2387

2Mikrotik guys

If you are using 2.6.20 kernel, and sch_htb or mirred(iproute2 action) - check please netdev maillist, i report few critical bugs in them and they are fixed in git tree. They can cause kernel panic.
by nuclearcat
Fri Mar 30, 2007 3:44 am
Forum: General
Topic: OPEN PROXY Notice From DoT
Replies: 4
Views: 1085

Close by firewall access from WAN interface to port 8085
by nuclearcat
Mon Mar 26, 2007 4:07 am
Forum: General
Topic: Mikrotik support 64bit high end server
Replies: 3
Views: 1712

IMHO 64-bit build is useless. x86_64 gives ONLY memory management for >2GB ram's. No significant performance win.
by nuclearcat
Sat Mar 24, 2007 3:37 am
Forum: General
Topic: GPS wireless sync
Replies: 13
Views: 4680

All of them IMHO use cheap quartz oscillator(cheap cards and expensive cards). Maybe GPS can be possible with (sure on wireless card): http://en.wikipedia.org/wiki/OCXO and smth called TCXO. http://www.meinberg.de/english/specs/gpsopt.htm By the way in GPS they use them, u can see that on link. As i...
by nuclearcat
Fri Mar 23, 2007 7:22 pm
Forum: General
Topic: GPS wireless sync
Replies: 13
Views: 4680

First thing as i heard, from RF engineers, frequency synthesizer even is unstable(drifting depends on voltage and temperature), and some of them changing it to some much more expensive component, and thats give miracle results. Info unconfirmed, but looks like that it correct. This is just cheap min...
by nuclearcat
Fri Mar 23, 2007 4:35 pm
Forum: General
Topic: GPS wireless sync
Replies: 13
Views: 4680

I guess, for proper GPS Sync also it will need not Atheros zoo (each card have own bugs, specs and etc), if will need specially designed SoC, where is everything inside. I dont think it will be possible on known miniPCI hardware...
by nuclearcat
Sat Mar 17, 2007 12:49 am
Forum: General
Topic: Feature REquest: graph of signal measurement
Replies: 5
Views: 1753

As idea, maybe better to make ability, to make graph of any monitored value? SNR, Noise floor, etc...
by nuclearcat
Thu Mar 15, 2007 12:48 am
Forum: Wireless Networking
Topic: 20MHz 40MHz 60MHz . . . . 160MHz - Up-to 400Mbit/s!!
Replies: 8
Views: 4482

I heard many times, that some developers did on Atheros SoC+vxworks support for more than 40 Mhz. So in theory it must be possible. But i didnt heard about QAM256.
by nuclearcat
Thu Mar 15, 2007 12:45 am
Forum: General
Topic: booting from usb sticks?
Replies: 22
Views: 6940

Well, i did that on my embedded solution long time ago. Only important question - small initramfs with klibc+simple app, which will do delay, until usb-storage become ready and mount it.
But that way maybe not useful for mikrotik...
by nuclearcat
Tue Mar 13, 2007 5:59 pm
Forum: General
Topic: Feature REquest: graph of signal measurement
Replies: 5
Views: 1753

Agree, useful feature.
by nuclearcat
Tue Mar 13, 2007 5:55 pm
Forum: General
Topic: SCP support
Replies: 3
Views: 5866

Well, i didn't try yet. Seems because http://www.mikrotik.com/testdocs/ros/2.9/ missing this point, i didnt knew that. I will try now, thanks for info. Seems i am becoming old and not doing experiments :-) upd: small line, "secure ftp is supported". Well, i think mikrotik must explain, that it is mu...
by nuclearcat
Tue Mar 13, 2007 5:49 pm
Forum: General
Topic: booting from usb sticks?
Replies: 22
Views: 6940

Mikrotik already supporting MTD devices, which was extremely difficult task. You can just use that (MTD) layer, and convert block-device(SCSI/sda, for usb-storage) to MTD, i was doing that already on my Linux solutions. Additionally all libata(and old IDE drivers will be deprecated) uses SCSI device...
by nuclearcat
Tue Mar 13, 2007 5:23 pm
Forum: General
Topic: SCP support
Replies: 3
Views: 5866

SCP support

I want to ask about SCP support, as client and server. Why? 1)You dont need to keep 21 port open. 2)File transfer is secure, authorization MUCH more secure. FTP pass can be sniffed, and that will make a lot of troubles. 3)Easy to manage by firewall (FTP open random ports). 4)Useful to schedule for e...
by nuclearcat
Tue Mar 13, 2007 5:15 pm
Forum: General
Topic: Suggestion: ability to do a remote wireless scan
Replies: 11
Views: 4027

maybe then "duration=N" ? :-D
by nuclearcat
Tue Mar 13, 2007 4:58 pm
Forum: General
Topic: booting from usb sticks?
Replies: 22
Views: 6940

Normis, reasons why USB Flash much better. Temperature range. Flash)Most is -10 to +60, Extended: -40°C to +85°C HDD)Maximum operating temperature change even is limited, and operating range 0-60C Size of solution. Especially for Mikrotik - HDD not suitable at all, as i know modern HDD's not less th...
by nuclearcat
Mon Mar 12, 2007 10:38 am
Forum: General
Topic: Suggestion: ability to do a remote wireless scan
Replies: 11
Views: 4027

yes, i really need that too
at least something like "once" parameter, to limit scan only for one time
by nuclearcat
Mon Mar 12, 2007 10:29 am
Forum: General
Topic: booting from usb sticks?
Replies: 22
Views: 6940

There is special "extender" cable for sticks. You can put stick inside computer case.
If you are maximum worried about such case - most modern motherboards have USB host pin's on motherboard, you can connect stick directly to them, inside the case.
by nuclearcat
Sat Mar 10, 2007 2:43 pm
Forum: Wireless Networking
Topic: Compression worsen a link
Replies: 6
Views: 1440

interlink - same for me, it is saying reason "data loss" when disconnecting, and i can see when compression on - ccq and signal becoming unstable.
by nuclearcat
Thu Mar 08, 2007 7:13 pm
Forum: Wireless Networking
Topic: Compression worsen a link
Replies: 6
Views: 1440

What is a cards?
CM9, and links >10 meg - it's worst with compression on :-( link becoming unstable
possible card overheat?
by nuclearcat
Tue Mar 06, 2007 12:42 pm
Forum: Wireless Networking
Topic: Compression worsen a link
Replies: 6
Views: 1440

Compression worsen a link

Hi Versions of RouterOS 2.9.38, 2.9.39, 2.9.40 Who experience worst results, when run Atheros compression? On my own expirience when i enable on my test links compression, performance dropped, some links start disconnect suddently, signal become unstable. Does anybody have same experience and results?
by nuclearcat
Tue Mar 06, 2007 12:31 pm
Forum: Wireless Networking
Topic: packet loss if bit commet start to download
Replies: 10
Views: 2283

As i know it is using a lot small packets, and causing high PPS, which is killing wireless. Especially if you dont run Nstream - it will kill 802.11a/b/g instantly.
by nuclearcat
Sat Feb 24, 2007 6:58 am
Forum: General
Topic: Mikrotik to work on DELL Server
Replies: 3
Views: 1647

Also, based on my personal expirience - there is nothing to win, x86_64 in some applications lose, and in some win, only one good thing - support of big amounts of RAM, which is useless for most applications, except proxy. Plus most of the drivers have issues with DMA/memory addressing in x86_64, la...
by nuclearcat
Tue Feb 06, 2007 11:25 pm
Forum: General
Topic: Reboot - Tempature Issue
Replies: 27
Views: 5668

On RB532 there is powersaving mode in AP, in CPU settings cpu-mode (power-save | regular; default: power-save) - whether to enter CPU suspend mode in HTL instruction. Most OSs use HLT instruction during CPU idle cycle. When CPU is in suspend mode, it consumes less power, but in low-temperatire condi...
by nuclearcat
Tue Feb 06, 2007 11:22 pm
Forum: General
Topic: Yahoo Messanger and MSN BLOCKING
Replies: 8
Views: 1890

When you block port 1863, msn will use connection over HTTP In logs it looks like 1170741586.866 1049 195.X.X.X TCP_MISS/200 433 POST http://207.46.107.35/gateway/gateway.dll?Action=poll&SessionID=248323619.XXXXX - DIRECT/207.46.107.35 application/x-msn-m So you have to do ACL on proxy also, to clos...
by nuclearcat
Tue Feb 06, 2007 6:28 pm
Forum: General
Topic: Feature request: Intel TCO Watchdog timer driver
Replies: 0
Views: 588

Feature request: Intel TCO Watchdog timer driver

Is it possible to include to Mikrotik 2.x branch new Intel driver for TCO Watchdog? Seems it can be VERY useful. It is called iTCO_wdt in kernels 2.6 Or at least if possible in Mikrotik 3. Because we have issues with hardware(crashing/full lockup), and i guess it will be much more reliable, if hardw...
by nuclearcat
Mon Jan 15, 2007 1:53 pm
Forum: General
Topic: BUG in rip (2.9.*)?
Replies: 2
Views: 499

Where i have to send this bug report? seems noone answering.
by nuclearcat
Sat Jan 13, 2007 6:25 pm
Forum: General
Topic: BUG in rip (2.9.*)?
Replies: 2
Views: 499

BUG in rip (2.9.*)?

I will try to explain situation, which possible will let to reproduce it. Host MK-1 Two interfaces (ether1, wlan1) keypoints: add chain=BADROUTE prefix=2.2.2.0/24 invert-match=no action=discard comment="" \ disabled=no (i tried reject also) add interface=ether1 receive=v2 send=v2 authentication=none...
by nuclearcat
Thu Jun 22, 2006 4:52 pm
Forum: General
Topic: EoIP with Linux. HOW?
Replies: 4
Views: 1407

I think there is only one the way - to write your own drivers.
by nuclearcat
Sat Jun 17, 2006 8:28 pm
Forum: General
Topic: topic about vserver
Replies: 0
Views: 555

topic about vserver

Can i know why it is deleted? I will post again, cause i didnt see any rule, which it abuse. Dear community Just i have now one idea came in mind, because i have similar problems with proprioetary OS'es. Usually it is required to install some linux software, and i feel already installed software is ...
by nuclearcat
Sat Jun 17, 2006 6:41 pm
Forum: Wireless Networking
Topic: Turning pc into a router...
Replies: 9
Views: 1706

by nuclearcat
Wed Jun 07, 2006 3:25 pm
Forum: General
Topic: source routing
Replies: 13
Views: 4094

I was trying to explain, that i am not rookie in such things. :)
Is there a way to send you private message? Maybe over talkroom? Or email? I want to give move explanation about current situation, maybe you can give me advice also, but it is not for public.
by nuclearcat
Wed Jun 07, 2006 3:13 pm
Forum: General
Topic: source routing
Replies: 13
Views: 4094

I didnt said it is simple linux distribution, it is even i think more far from linux, than any other distribution :) It is totally different, and you have done very useful CLI and GUI interfaces, which make it totally different from Linux, and very easy to manage for newbies, and in same time it is ...
by nuclearcat
Wed Jun 07, 2006 2:52 pm
Forum: General
Topic: source routing
Replies: 13
Views: 4094

if you handle it over iif (ip rule add dev), it is handled directly in kernel code net/route.c (RTA_IIF option). If you are using iptables with mangle, you have to run netfilter, where is routine will do lookup of incoming interface(in netfilter), mark a packet, route.c will lookup for mark in packe...
by nuclearcat
Wed Jun 07, 2006 2:19 pm
Forum: General
Topic: source routing
Replies: 13
Views: 4094

normis, agree.
But maybe it is more correct (for performance reasons, because on my example you dont need to use netfilter) to add one more option in next release for source routing?
by nuclearcat
Wed Jun 07, 2006 1:41 pm
Forum: General
Topic: source routing
Replies: 13
Views: 4094

In mikrotik i didnt see option, which can classify packet by source interface, means interface from where packet came.
I have readed this manual already.
by nuclearcat
Wed Jun 07, 2006 1:19 pm
Forum: General
Topic: source routing
Replies: 13
Views: 4094

I have looked to manual, and seems i need to describe why i need this kind of command For example we have a box with 2 interfaces, wireless and ethernet (usual PtP setup). Both sides have huge amount of networks, let's say: BOX1 - eth0 - 10.1.0.0/24, 4.5.6.0/30 , ...... and 100 like this BOX2 - eth0...
by nuclearcat
Wed Jun 07, 2006 1:03 pm
Forum: General
Topic: source routing
Replies: 13
Views: 4094

source routing

Is there option, similar to linux:
ip rule add dev eth0 table 201
So i can chose routing table depends on interface where is traffic came.
by nuclearcat
Mon Jun 05, 2006 12:30 am
Forum: General
Topic: Ipv6
Replies: 64
Views: 18123

On my opinion ipv6 kernel/packages must be optional(means if you want - you install it), and separate. Because they will make i think system bigger and slower, which is critical for embedded applications.
by nuclearcat
Sat Jun 03, 2006 11:09 pm
Forum: General
Topic: msn problems over mikrotik
Replies: 16
Views: 4198

New MSN have also stupid features to check connectivity quality (As i know it send packets to echo port, maybe it is the issue). Most of the lebanese ISP's seems dont fit Micro$oft standarts :D Offtopic: Ramona, are you interested to work in Virtual ISP(Lebanon)? Seems you know well networking stuff...
by nuclearcat
Sat Jun 03, 2006 10:50 pm
Forum: General
Topic: BETA Testing and Feature Suggestions for next routeros
Replies: 329
Views: 75300

From 2 sources it is leaked, that Atheros have FEC(forward error correction) capabilities.
It can be useful for long-distance, and VERY useful for NLOS.
Already canadian linux based system and BlueBox have capabilities to turn this bits on. Mikrotik must have too.
by nuclearcat
Fri Jun 02, 2006 6:55 pm
Forum: Wireless Networking
Topic: spectrum "cloaking"
Replies: 7
Views: 1730

spectrum "cloaking"

Is there option in Mikrotik to set 5/10 Mhz spectrum width?
I so it in few messages, but seems there is no information in online manual.
Can anybody give idea?
We are going to buy big amount of boxes, so i want to be sure, all options, what i need - is available.