MikroTik

msatter

This is mainly used for VPN services and if we want to avoid this we could change to OpenVPN or IKE2 but that are not fully or not supported in RouterOS.

So we have to bear with these warnings for some time longer.

msatter

Remember that in MikroTik RouterOS, backup file is for restoring past configuration on the same device, not a safeguard against a lost or damaged device, for restoring on other devices, you should be using "export" config files. Export config files is death for me. Tried everything what is mentione...

msatter

Having problems with DNS resolves with zero or very short TTL then Mikrotik could enforce a minimal TTL applied to the cache in RouterOS. In this way address lists are limited in its frequency sending DNS requests. This can be set to a fixed time by Mikrotik or made user configurable and being disab...

msatter

Mikrotik was beating my DNS server to death with constant requests for local domains which have a TTL of zero. I have now a separate DNS server to force DNS cache by Mikrotik, to comply by setting an longer TTL for those local domains. Why do people always expect MikroTik to fix other people's stup...

msatter

I got me a second RB760iGS and modified it differently. I made a heath conducting bridge between the SFP cage and the metal surrounding the network ports. This was not enough and I put again the heathsink between the power connector and the SFP module. The temperature stays below 50 degrees Celsius ...

msatter

Email list Now we're talking. I was subscribed to it until it stopped sending me emails, without me unsubscribing. Where can I find that list? That solves the complete issue. I just thought they've dropped the list. Is it this one? https://mikrotik.com/client/ecom_notify.php I got that link from my...

msatter

It took me a year to convince Mikrotik that their current implementation of DNS cache is not workable. They have said that they are going to improve it but the is no TTL on that as always with Mikrotik. Mikrotik was beating my DNS server to death with constant requests for local domains which have a...

msatter

@msatter: Is it joke or not?

https://www.rdw.nl/particulier/nieuws/2 ... -rijbewijs

The internet is full of news items about Rutte rijbewijs

msatter

Our Dutch Prime Minister has also a driver license made in Poland on his name.

Darn the advertisement is removed.

msatter

viewtopic.php?f=2&t=137139&hilit=rb760igs

msatter

How to warn user of Mikrotik products to update I made already constructive remarks and when they are up to it or are forced to be up to it it will happen. Let's start small and first get the correct information to the users and seeing today again lacking that in completeness and drive to have all t...

msatter

I deeply disappointed by Heise to not investigated further for them selves and inquire with Mikrotik. I had high regarded for Heise as a reliable and trustworthy news source. That they neglected the bugfix version and declared any version below 6.42.x as unsafe. That Heise made this blunder is shock...

msatter

msatter

Copper perfectly suited to be used in closely build area's and over cable 1Gbit/s is already used and VDSL is also available in higher speeds. Fiber is well suited to cover long distances of 20+ km and here in the Netherlands it is more and more used for people living outside the cities. The people ...

msatter

posting.php?mode=quote&f=21&p=682067

msatter

Request to make the security section accessible from the blog menu. Noticing that did raised my blood pressure significantly. ;-) Pressure has dropped by now to more normal levels. I now see that when you scroll down you will find a mention of software and security so it is there but I would love th...

msatter

Before we did not all times had to update the firmware. If Mikrotikvonly increase the firmware version number if there has been a change to it in real you could spare yourself a load of second reboots.

msatter

osc86 , we are aware of the issue. It will be fixed until 6.43 is released in current release channel. It would be nice if that would also be communicated in the changelog if something gets broken in the process and there is knowledge about that. Preferable also in red to warn. Saves downgrades for...

msatter

A bit more background info:

https://eng.lsm.lv/article/economy/econ ... e.a289388/

msatter

Note: If allow-remote-requests is used make sure that you limit access to your server over TCP and UDP protocol.

To the outside.

msatter

Is Fasttrack enabled?

msatter

That about vlan support in the future for the RB750Gr3/RB760iGS is to be found here:
viewtopic.php?t=113724&start=50#p567533

msatter

In the captcha window, there is a link "Why did this happen?" Check there.

My guess is you have a public IP associated with malicious activity of some type.

So Google make you now also look as criminal...thanks.

msatter

Google is just bugging you because they can.

Google does not like not to be able to know everything about you moving over the internet. This message is shown, when you are doing something right.

Better is to use duckduckgo.com to conduct your searches.

msatter

Don't buy Amazon.

Have a look who the reseller is and where he is situated. Could Eastern Europe so shipping costs.

msatter

I made a filter that act as a honeypot for port 8291 and I caught some fish and added that to my drop line in RAW and log when there is a revisit in that CIDR. I have the 146.185.222.0/24 (Barbarich Viacheslav Yuryevich) CDIR trying every 30 seconds to approach a port. It is still going it tried por...

msatter

Found the problem and it was that I changed to an other DNS server that did not Round Robin by default.

msatter

If 6.40.8 is safe in respect to latest rumors on miners https://www.bleepingcomputer.com/news/security/massive-coinhive-cryptojacking-campaign-touches-over-200-000-mikrotik-routers/ ? I keep hear that bugfix is not safe, but I'm not ready to mass-upgrade and reconfigure my park of routers to curren...

msatter

It looks that an CVE has been created and I don't know enough about if it is done by the one who discovered this vulnerability of by Mikrotik self. The CVE number is: CVE-2018-14847

msatter

We have added more details, so that it is more clear: https://blog.mikrotik.com/security/winbox-vulnerability.html thanks, it is much more clear now. Except that the 6.28 version is vulnerable too . I am able to read usernames/passwords from boards with this version using winbox vulnerability explo...

msatter

is it possible to downgrade 6.43rc45 (Release candidate) to a lower version?
why?

Why not?

It is possible but please the backup files you have to make, separate.

Restore the matching versions of RouterOS and backup file .

msatter

Well, the linked blog does include this information Versions that include a fix: 6.40.8 [bugfix] or 6.42.1 [current] released on 25-mar-2018 We have added more details, so that it is more clear: https://blog.mikrotik.com/security/winbox-vulnerability.html I did write that the blog did contain that ...

msatter

According to changelog it is fixed What's new in 6.40.8 (2018-Apr-23 11:34): !) winbox - fixed vulnerability that allowed to gain access to an unsecured router; So why would they post this again if it was fixed in April? do you can read ? THEN, IS THIS CLEAR INFORMATION? All versions from 6.29 (rel...

msatter

It's disappointing that both the httpd vulnerability
We did fix and send on day one.

This is referring to this post: viewtopic.php?f=21&t=137572#p678156

msatter

Thanks Bram for explaining this and the access data was indeed stored in the device and so not with Mikrotik. Was stored, this because the password is not stored in router anymore, if I remember that well?

msatter

I think you have to request support by mailing to support@mikrotik.com

msatter

Mikrotik has room improve also with the blog... Rhetorical question: Why people needs blogs, tweets or Facebook messages to feel beeing informed well? Because Twitter and Facebook are not wideley accepted ways to communicate. Facebook is evil and Twitter 'rate limits' me so of the visits I make onl...

msatter

A RB750Gr3 and RB760iGS you can activate HW acceleration but still get local yo local traffic going through the processor. To partly avoid this, I notrack them in RAW. Despite I enable switch in the config it won't stick and only HW acceleration is steering is doing it the background but does not mi...

msatter

Since a few months we have now GDPR laws which regulated protection of private information.

I think that I can state that password falls also under the GDPR and that would have the impact that Mikrotik did not do enough, to protect their customers under the GPDR.

msatter

Course I know where announcements a located, I am not stupid. I am calling for doing that bit extra to inform all and keep an important notice im the picture.Creating the notice in announcements hope al is going being right from there is not working as is proven now. Mikrotik has room improve also w...

msatter

43north ... you are using our forum ... you are posting ... why have you not upgraded your router earlier even you have had (I suppose) knowledge of the problem? Honestly I had never read the announcements section of the forum, I do now...... and will from here on out. My ignorance cost me, I know....

msatter

Hands up who is daily following CVE news? I have bookmarked for Mikrotik and AVM now. AVM had a good run after the last containment of the VOIP vulnerability. ISP often offer also VOIP and the had to compensate customers for the expenseive calls made due to this vulnerability. Version 7 by AVM is r...

msatter

The warning e-mails by Mirkotik are sent out a day after news. I hope next week we will be informed why informing resellers and users that were on the mailing list were not informed earlier about the risk. If creating a CVE would have reduced the number of routers being infected to spread bad softwa...

msatter

Hi guys need some help. I have fibre connection to Ethernet over power net next device plugged into Mikrotik on ETH1 for PPPOE getting connection from other Ethernet over power thats connected to ISP. Works great no issue. But now I have other ETH over power device in other room but it does not get...

msatter

OK I was thinking of the communication between routers and the Master Password is about saving the configs in a file on your computer so you can transfer to an other instance of Winbox. I was wrong! So looking at what it is and how it works and the options. Looking at the password interface I can on...

msatter

That conversion is mandatory from 6.41 and Master port is replaced by bridge.

viewtopic.php?f=21&t=128915

msatter

The MAC addressing is used inside the network (L2) and sometimes on the first hop to your ISP router/switch. MAC can't be blocked as discussed in other threads.

viewtopic.php?f=21&t=133533&p=656925&hi ... 51#p656925

msatter

I have Mikrotik in the utility close to the outside wall so it gets warm and toasty especially these sunny days. The heat generated the optical devices seems more moderate than purely electrical SFP modules. And those sqaure copper heatsinks looks to me to be very efficient but I don't enough extrud...

msatter

The addresses depends on which ISP you use.

If you want it from Google self then ask their DNS at IP 8.8.8.8 and IP 8.8.4.4

msatter

A start can be found here: viewtopic.php?f=2&t=137375

Also check the blog for more information.

Search found 875 matches