Community discussions

Search found 695 matches

  • 1
  • 2
  • 3
  • 4
  • 5
  • 14
by NathanA
Mon Apr 23, 2018 2:37 pm
Forum: Announcements
Topic: Advisory: Vulnerability exploiting the Winbox port [SOLVED]
Replies: 204
Views: 64823

Re: Advisory: Vulnerability exploiting the Winbox port

It has loooooong been known that ROS stores passwords using reversible encryption instead of hashes, and I'm surprised it has taken this long for this to get changed: http://manio.skyboo.net/mikrotik/ On the other hand, when you are the one that set the password and you can't log in to your own rout...
by NathanA
Wed Apr 11, 2018 3:53 am
Forum: General
Topic: Any plans to make cross-platform WinBox?
Replies: 32
Views: 1329

Re: Any plans to make cross-platform WinBox?

I find parts of this discussion funny since Webfig is practically a web version of Winbox as it is. You can even call up a windowed terminal in Webfig! The main thing that could not be implemented in a web version is the "MAC-Winbox" protocol, which is a killer feature that I use all the time. For t...
by NathanA
Fri Mar 30, 2018 8:57 am
Forum: Announcements
Topic: Future of LTE products, user feedback requested
Replies: 44
Views: 5602

Re: Future of LTE products, user feedback requested

We operate a band 42/43 (soon be combined into a single band 48, under new CBRS rules) network in the USA, and would love to see cost-competitive CPE options from MikroTik for this band. Not just for the cost reasons, but also for the flexibility that RouterOS would bring (and also because we are fa...
by NathanA
Thu Mar 29, 2018 10:49 pm
Forum: General
Topic: RouterOS making unaccounted outbound winbox connections [SOLVED]
Replies: 57
Views: 7131

Re: RouterOS making unaccounted outbound winbox connections [SOLVED]

So far my testing show that only mipsbe devices are getting exploited. Anyone notice other architectures affected? I haven't, though fully-fleshed example exploits of this vulnerability were released for both mipsbe and x86 earlier this month, and Hajime supports mipsbe, x86, and arm, so it is at l...
by NathanA
Tue Mar 27, 2018 1:42 am
Forum: General
Topic: RouterOS making unaccounted outbound winbox connections [SOLVED]
Replies: 57
Views: 7131

Re: RouterOS making unaccounted outbound winbox connections [SOLVED]

Please make a security release for those old, but perfectly working boards on mipsle! In my experience, the last version of RouterOS to work *well* on RB532 was 5.x. :( When I upgrade a 532 to 6.x it starts acting like a RB100-series board that has just been upgraded from 2.9 to 3.x or anything new...
by NathanA
Mon Mar 26, 2018 12:48 pm
Forum: General
Topic: RouterOS making unaccounted outbound winbox connections [SOLVED]
Replies: 57
Views: 7131

Re: RouterOS making unaccounted outbound winbox connections [SOLVED]

I finally got my hands on an infected device, spent some time with it, and can confirm that this appears to be Hajime, as maznu mentioned earlier. I haven't been able to catch the infection happening live yet, but I am now pretty confident that this is exploiting the old web server vuln that was alr...
by NathanA
Sun Mar 25, 2018 9:38 pm
Forum: General
Topic: RouterOS making unaccounted outbound winbox connections [SOLVED]
Replies: 57
Views: 7131

Re: Aggressive RouterOS worm infecting our network?? [SOLVED]

Normis, I'm in the middle of some other things at the moment but me see what I can do about remote access for you in a bit here. Do you want me to just e-mail support@ or message you some other way? srosen, Interesting. I don't think HTTP is the vector (though I could be wrong), mostly because I don...
by NathanA
Sun Mar 25, 2018 12:39 pm
Forum: General
Topic: RouterOS making unaccounted outbound winbox connections [SOLVED]
Replies: 57
Views: 7131

Re: Aggressive RouterOS worm infecting our network?? [SOLVED]

use netinstall for fresh start and keep update your version. :roll: Thanks. It's not like I don't know how to do a Netinstall. But we are potentially talking about a few hundred devices here. Anyway, the real question is not how to recover from it, but what this worm is precisely, and how to protec...
by NathanA
Sun Mar 25, 2018 10:03 am
Forum: General
Topic: RouterOS making unaccounted outbound winbox connections [SOLVED]
Replies: 57
Views: 7131

RouterOS making unaccounted outbound winbox connections [SOLVED]

I haven't seen any chatter about this on these forums or elsewhere... Just tonight we discovered a multitude of RouterOS devices on our network -- mostly customer devices, so far only observed on MIPS architecture -- that appear to be infected with something. The routers themselves are generating hu...
by NathanA
Mon Mar 06, 2017 7:33 am
Forum: Virtualization
Topic: MetaRouter performance/througput another ROS ?
Replies: 1
Views: 440

Re: MetaRouter performance/througput another ROS ?

I have never attempted to measure it in terms of throughput performance, but there is definitely a performance hit with even a single MetaROUTER guest, and even if that guest is doing zero work. And this performance hit significantly affects the host, too, because it turns out that if you are runnin...
by NathanA
Mon Mar 06, 2017 7:02 am
Forum: Virtualization
Topic: openwrt in METAROUTER as DHCP server
Replies: 1
Views: 405

Re: openwrt in METAROUTER as DHCP server

What you did sounds completely reasonable to me, and I would expect that to work. Have you made sure that networking between the guest and host is working at the most basic level? (e.g., set a static IP on the OpenWRT guest, set an IP in the same subnet on the bridge interface of the host, and ping ...
by NathanA
Fri Mar 03, 2017 4:19 pm
Forum: Wireless Networking
Topic: Confused about rts/cts
Replies: 64
Views: 23735

Re: Confused about rts/cts

Sorry to necro this thread, but I have looked everywhere else for an answer, have come up with zip, and given that this thread has the most relevant discussion of this subject vs. any other past thread, it seems appropriate to put it here. The collective wisdom out there seems to agree that RTS thre...
by NathanA
Fri Mar 03, 2017 3:34 pm
Forum: Virtualization
Topic: HOWTO: Dual-booting RouterOS and OpenWRT on RouterBoard
Replies: 18
Views: 8580

Re: HOWTO: Dual-booting RouterOS and OpenWRT on RouterBoard

I'm currently working on a 4.9 kernel for the B2011UiAS and I wonder if " http://www.nconx.com/~nathan/openwrt-rb_mipsbe/kamikaze-rb_mipsbe-2.6.35.txz " might be the latest available patchset? No, not anywhere close to the latest. 2.6.35 was the kernel used by MikroTik in RouterOS 5. RouterOS 6 is ...
by NathanA
Mon Oct 17, 2016 5:39 am
Forum: Forwarding Protocols
Topic: BGP + static candidate routes: ROS picks the wrong one??
Replies: 20
Views: 1406

Re: BGP + static candidate routes: ROS picks the wrong one??

Oh, I'm sorry: I thought we were talking about a *routing* operating system here...y'know, a category of software where it would normally be considered kind of important that core features related to *routing* work properly, hence the name. I speak facetiously. But only somewhat. :? Fortunately, thi...
by NathanA
Fri Oct 14, 2016 12:45 pm
Forum: Forwarding Protocols
Topic: BGP + static candidate routes: ROS picks the wrong one??
Replies: 20
Views: 1406

Re: BGP + static candidate routes: ROS picks the wrong one??

I suspect a reply like "it will all be fixed in version 7".
Boy, I hope not. V7 is clearly a ways off.

-- Nathan
by NathanA
Fri Oct 14, 2016 11:10 am
Forum: Forwarding Protocols
Topic: BGP + static candidate routes: ROS picks the wrong one??
Replies: 20
Views: 1406

Re: BGP + static candidate routes: ROS picks the wrong one??

Well, everyone, the verdict is in: Using a separate subnet for the other peer -- and thus a separate (connected) route for the nexthop -- did not fix it. Setting up the session with the second peer as a separate BGP instance *did* fix it. Once a second BGP instance was set up, at that point I did ha...
by NathanA
Thu Oct 13, 2016 5:14 pm
Forum: Forwarding Protocols
Topic: BGP + static candidate routes: ROS picks the wrong one??
Replies: 20
Views: 1406

Re: BGP + static candidate routes: ROS picks the wrong one??

I wonder what would happen if you were to use a filter rule to set the distance of the backup default GW to be 21 (instead of the default 20) That's a great idea! I'll try that really quickly... Sadly, this made no difference. That would have been a nice, easy work-around. I will have to try the ot...
by NathanA
Thu Oct 13, 2016 5:09 pm
Forum: Forwarding Protocols
Topic: BGP + static candidate routes: ROS picks the wrong one??
Replies: 20
Views: 1406

Re: BGP + static candidate routes: ROS picks the wrong one??

One question got missed: Is this one BGP instance or two instances? You must have been typing this response up while other discussion was going on. :) This is answered above (one instance). My thoughts - this sounds like the state machine in BGP is getting something wrong (i.e. it's a bug) I can't ...
by NathanA
Thu Oct 13, 2016 4:57 pm
Forum: Forwarding Protocols
Topic: BGP + static candidate routes: ROS picks the wrong one??
Replies: 20
Views: 1406

Re: BGP + static candidate routes: ROS picks the wrong one??

Stab in the dark here - set one of the filters on one of the peers with a higher local preference - maybe as it is on the same subnet/connected route it is seen as one? Thanks for the suggestion, but sorry, I should have mentioned earlier that we are already setting localpref via filters to differe...
by NathanA
Thu Oct 13, 2016 4:18 pm
Forum: Forwarding Protocols
Topic: BGP + static candidate routes: ROS picks the wrong one??
Replies: 20
Views: 1406

Re: BGP + static candidate routes: ROS picks the wrong one??

But in my router using iBGP the scope and target scope for BGP routes are different, hence the suggestion. This is eBGP (different ASes). Do you need that static default routes? I operate a number of routers where the default route is distributed via BGP, and after some teething problems it works f...
by NathanA
Thu Oct 13, 2016 3:22 pm
Forum: Forwarding Protocols
Topic: BGP + static candidate routes: ROS picks the wrong one??
Replies: 20
Views: 1406

Re: BGP + static candidate routes: ROS picks the wrong one??

It is depending on the scope and target scope of the route, I think. target-scope in all cases is the default of 10. The nexthop route for the 2 BGP gateways is a connected route, which by default has a scope of 10. The nexthop route for the static default route is also a connected route and also h...
by NathanA
Thu Oct 13, 2016 12:53 pm
Forum: Forwarding Protocols
Topic: BGP + static candidate routes: ROS picks the wrong one??
Replies: 20
Views: 1406

BGP + static candidate routes: ROS picks the wrong one??

I have searched these forums high and low, and cannot find anybody discussing the same (or similar) issue. Here is the scenario: Customer has 2 ISPs. One ISP provides 2 gateways -- both exposed to the customer on the same L2 and within the same subnet -- and uses BGP with private ASN for failover (o...
by NathanA
Wed Oct 12, 2016 12:46 pm
Forum: Virtualization
Topic: demo MetaROUTER image to crash RouterOS (with source code)
Replies: 4
Views: 754

Re: demo MetaROUTER image to crash RouterOS (with source code)

Please send e-mail to support@mikrotik.com, either pointing them at this thread or repeating it for them in the form of an e-mail. They might not see this forum post, and I'm sure there are a lot of people who would appreciate seeing this bug fixed. As a MetaROUTER user, thanks again for going to su...
by NathanA
Tue Oct 04, 2016 9:11 am
Forum: Beginner Basics
Topic: Are multiple leases for one IP possible?
Replies: 4
Views: 1836

Re: Are multiple leases for one IP possible?

I finally found a nice, workable solution to this problem so thought I would post it for those who stumble across this thread in future with the same issue. I discovered that whilst the RouterOS DHCP server will not allow you to create multiple leases with the same IP address if you use User Manage...
by NathanA
Tue Oct 04, 2016 2:44 am
Forum: General
Topic: The "output" chain and VRFs/routing marks
Replies: 2
Views: 637

Re: The "output" chain and VRFs/routing marks

docmarius, Thanks. I am definitely sure that the first example wouldn't work, because you can't match on out-interface until the out-interface has been determined, and it can only be determined once you have already picked and traversed a specific routing table, so by the time out-interface has been...
by NathanA
Mon Oct 03, 2016 1:30 pm
Forum: RouterBOARD hardware
Topic: HAP AC faulty seriers - very poor LAN performance? (switch problem)
Replies: 77
Views: 18646

Re: HAP AC faulty seriers - very poor LAN performance? (switch problem)

Any update on this? I have 3 units that suffer from this issue ... it also seems that reboot makes them work fine for a while, but shortly after speeds drop terribly. It sounds like this is a limited hardware defect in some of the early shipping units. Others who had this problem apparently managed...
by NathanA
Mon Oct 03, 2016 1:27 pm
Forum: RouterBOARD hardware
Topic: Problem with IPTV on RB850Gx2
Replies: 14
Views: 2862

Re: RE: Re: Problem with IPTV on RB850Gx2

RB450G has only one CPU core, but RB850Gx2 has two CPU cores.
Problem with IPTV is "reordering packets".
Ah! Got it. So the problem might manifest itself on any multicore MikroTik?

-- Nathan
by NathanA
Mon Oct 03, 2016 1:19 pm
Forum: RouterBOARD hardware
Topic: Problem with IPTV on RB850Gx2
Replies: 14
Views: 2862

Re: RE: Re: Problem with IPTV on RB850Gx2

MikroTik support knows about this issue, but they couldn't help us. They says what this issue _may be_ fixed in ROS 7.0.. This sounds very strange to me. If it works on RB450G in 6.x, why would it work any different on an RB850Gx2 if it wasn't a driver bug? Did MT support explain in detail what the...
by NathanA
Mon Oct 03, 2016 1:05 pm
Forum: General
Topic: The "output" chain and VRFs/routing marks
Replies: 2
Views: 637

The "output" chain and VRFs/routing marks

Long time no post! :) I have a feeling that I already know the answer to this, but I'm hoping that I am overlooking some clever option or workaround. Is there any way to influence which routing table packets generated by the router itself get processed by? Here's the situation: postulate 2 VRFs on a...
by NathanA
Thu Jul 28, 2016 6:54 pm
Forum: RouterBOARD hardware
Topic: CCR1072 - M.2 SSD compatibility
Replies: 14
Views: 1978

Re: CCR1072 - M.2 SSD compatibility

You can see in the brochure, that it only supports PCIe modules in this slot:
2x M.2 slots with x4 PCIE 2.0, Key-M, module size support: 2242,2260,2280
Supports PCIe module with AHCI command-set or NVMe (or both)?

-- Nathan
by NathanA
Tue Jul 19, 2016 5:50 pm
Forum: RouterBOARD hardware
Topic: HAP AC faulty seriers - very poor LAN performance? (switch problem)
Replies: 77
Views: 18646

Re: HAP AC faulty seriers - very poor LAN performance? (switch problem)

I have 200 Mbit/s speed over fiber optic.
I don't think anybody -- even those with the problem -- have reported issues with the SFP port.  The problem has only manifested itself between copper WAN and LAN.

-- Nathan
by NathanA
Thu Jul 14, 2016 3:42 am
Forum: RouterBOARD hardware
Topic: HAP AC faulty seriers - very poor LAN performance? (switch problem)
Replies: 77
Views: 18646

Re: HAP AC faulty seriers - very poor LAN performance? (switch problem)

So I commented on this thread earlier before I had tested, and had not taken the time to come back and report on any findings.  I am happy to report that I have been unable to reproduce this problem at all on my unit, for which I am thankful, because given the past (and ongoing) relative scarcity of...
by NathanA
Sat May 28, 2016 5:55 am
Forum: RouterBOARD hardware
Topic: Is my 2011 dead after firmware update and config reset?
Replies: 11
Views: 1082

Re: Is my 2011 dead after firmware update and config reset?

The moment I deleted the bridge, I was kicked off again and could not log back in - even by MAC . I think that this and your comments below and in the other thread betray the fact that you don't understand what a bridge is. :) A bridge is simply a software-based switch of etherlike interfaces. When...
by NathanA
Sat May 28, 2016 4:46 am
Forum: RouterBOARD hardware
Topic: Is my 2011 dead after firmware update and config reset?
Replies: 11
Views: 1082

Re: Is my 2011 dead after firmware update and config reset?

After re-reading your original posts again, I *think* I understand where part of your confusion is coming from with the initial config and the worries of bricking, etc. Like I said before, when you first power up a MikroTik with its factory-default config in place, the very first time that you conne...
by NathanA
Sat May 28, 2016 4:11 am
Forum: RouterBOARD hardware
Topic: Is my 2011 dead after firmware update and config reset?
Replies: 11
Views: 1082

Re: Is my 2011 dead after firmware update and config reset?

[...] but not so absolute of a beginner that I shouldn't be able to understand. This is my first non-consumer router, and I knew I was getting into a learning curve. But one should be able to go from exhausing the feature set of a high-end consumer router to getting the basics running on a low-end ...
by NathanA
Fri May 27, 2016 12:08 pm
Forum: RouterBOARD hardware
Topic: Is my 2011 dead after firmware update and config reset?
Replies: 11
Views: 1082

Re: Is my 2011 dead after firmware update and config reset?

I think based on this post and the other one you made to the Beginner Basics forum that you may be operating under some false assumptions, not just when it comes to MikroTik but also general computer networking, and could benefit from doing some reading through the (e.g.) MikroTik wiki. Of course, i...
by NathanA
Wed May 25, 2016 3:42 pm
Forum: RouterBOARD hardware
Topic: hAP ac (and some other new rotuers) too small flash
Replies: 53
Views: 8274

Re: hAP ac (and some other new rotuers) too small flash

Nathan, MIPSLE works with 6.32.4. We stopped making new versions for MIPSLE boards because new features require a faster CPU. Right, but no new software after 6.32.4 also means no more bug fixes too. So, not supported. :) Also, RB111/112/133C/150 were unsupported after 5.26, for lack of RAM. (And f...
by NathanA
Wed May 25, 2016 1:34 pm
Forum: RouterBOARD hardware
Topic: hAP ac (and some other new rotuers) too small flash
Replies: 53
Views: 8274

Re: hAP ac (and some other new rotuers) too small flash

Is MikroTik really publicly committing to never allowing the combo package to increase in size to the point where it does not fit on a 16MB device? Do you seriously suggest that our own software will one day no longer run on our own devices? Well, it has happened before (RB111, RB112, RB133C, RB150...
by NathanA
Tue May 24, 2016 10:54 pm
Forum: RouterBOARD hardware
Topic: Serial Port (RS232) access on OpenWRT (metaRouter)
Replies: 4
Views: 696

Re: Serial Port (RS232) access on OpenWRT (metaRouter)

So the only way to communication is virtual port? Or can I have access to the same file (routerOS and metarouter) and write script (RouterOS) that will be sending data that I save in this file from my OpenWRT? Everything has to be done over the network, not local files. You need to pretend that the...
by NathanA
Tue May 24, 2016 10:42 pm
Forum: RouterBOARD hardware
Topic: hAP ac (and some other new rotuers) too small flash
Replies: 53
Views: 8274

Re: hAP ac (and some other new rotuers) too small flash

Advanced users can have a cleaner system with no unused menus if they use their own set of packages. If somebody is annoyed with menu clutter, they can disable packages without removing them (whether combo or not combo). Then when they decide later that they want those features back, they can re-en...
by NathanA
Tue May 24, 2016 2:16 pm
Forum: RouterBOARD hardware
Topic: hAP ac (and some other new rotuers) too small flash
Replies: 53
Views: 8274

Re: hAP ac (and some other new rotuers) too small flash

the combo package should not be combined with the use of individual packages in any router, not just small flash devices I have never read such restriction. This is the first time. Precisely. This is the first time that MikroTik has publicly said this. I have, for many many years, and through many ...
by NathanA
Tue May 24, 2016 1:48 pm
Forum: RouterBOARD hardware
Topic: Serial Port (RS232) access on OpenWRT (metaRouter)
Replies: 4
Views: 696

Re: Serial Port (RS232) access on OpenWRT (metaRouter)

MetaROUTER guests have no direct access to any hardware. Even networking is virtualized. There is no "virtual serial port", so there is no way to "bridge" the RS232 port from the host to the guest.

-- Nathan
by NathanA
Mon May 23, 2016 10:47 pm
Forum: Announcements
Topic: v6.36rc [release candidate] is released, wireless-fp package is discontinued!
Replies: 295
Views: 51385

Re: v6.36rc [release candidate] is released, wireless-fp package is discontinued!

*) arm - added Dude server support;
Very interesting! Is there a reason that you have not done a PPC build of The Dude? There are PPC RouterBoards that outclass the RB3011.

-- Nathan
by NathanA
Wed May 18, 2016 10:01 am
Forum: Beginner Basics
Topic: amazon fire tv not getting dhcp address after lease expires on mikrotik router
Replies: 39
Views: 5271

Re: amazon fire tv not getting dhcp address after lease expires on mikrotik router

I *just* ran into this problem this past week myself! I don't have a Fire TV, but a friend of mine just got one, and asked me for a router recommendation, so I told him to get a 951Ui-2HnD for his home. :) The default lease time on recent versions of RouterOS is very short: 10 minutes. And his Fire ...
by NathanA
Wed May 18, 2016 9:48 am
Forum: General
Topic: Block non-dhcp static IP on network
Replies: 8
Views: 2164

Re: Block non-dhcp static IP on network

I don't think so. How would the router know which computers had DHCP IP and which computers had statically-assigned IP if some other DHCP server assigned the addresses? If you are using Windows Server to do DHCP because you are using RADIUS, did you know that MikroTik's DHCP server can also be a RAD...
by NathanA
Wed May 18, 2016 7:38 am
Forum: RouterBOARD hardware
Topic: RB1100x2AH NetInstall
Replies: 4
Views: 550

Re: RB1100x2AH NetInstall

What is this "serial cable" of which you speak? :D I haven't used a serial cable in over 10 years. I don't think I have one anymore. Lol. Thanks for the info! RS232 lives on as an out-of-band management solution in the world of networking and embedded systems! If you plan to get into that world in ...
by NathanA
Wed May 18, 2016 3:05 am
Forum: RouterBOARD hardware
Topic: RB1100x2AH NetInstall
Replies: 4
Views: 550

Re: RB1100x2AH NetInstall

Looking at the manual, it shows a button on the board. Does that mean I need to remove the cover of the RB1100AHx2 to access the button?
You can do that, or you can hook a serial cable up to it and instruct the bootloader to boot via network that way.

-- Nathan
by NathanA
Mon May 16, 2016 3:06 pm
Forum: RouterBOARD hardware
Topic: RB1100AHx2 or RB3011UiAS-RM
Replies: 18
Views: 5616

Re: RB1100AHx2 or RB3011UiAS-RM

Plus I bought my 3011 three months ago and saw that the natural free support has expired for making contact with the official support Mikrotik from what I understand means paying a ticket. Now, it seems right that for a function not active of which I realized only now I have to pay to receive an an...
by NathanA
Mon May 16, 2016 12:44 pm
Forum: RouterBOARD hardware
Topic: RB1100AHx2 or RB3011UiAS-RM
Replies: 18
Views: 5616

Re: RB1100AHx2 or RB3011UiAS-RM

Regarding the 3 standalone interfaces of the 1100 vs the two 5-port switched groups of the 3011, would that difference make any of the two easier to configure? To clarify and to respond both to this and a later post of yours, the standalone interfaces vs. the switched groups don't constitute a "WAN...
by NathanA
Mon May 16, 2016 12:12 pm
Forum: RouterBOARD hardware
Topic: RB1100AHx2 or RB3011UiAS-RM
Replies: 18
Views: 5616

Re: RB1100AHx2 or RB3011UiAS-RM

pity that the usb3 of the RB3011 does not work when connected to a hard drive with usb3 door, and I also tried to write this thing in two different posts on this forum, but no one ever bothered to answer me ... explain me what to do to receive an answer from someone here? I repeat: the USB3 of 'RB3...
  • 1
  • 2
  • 3
  • 4
  • 5
  • 14