MikroTik

What do you mean by "manage"?

Yes.
Use any dual band device. Use one WiFi interface as WAN and the second connect to LAN bridge.

lapsio

Look at this: viewtopic.php?f=2&t=102483&p=509070&hilit=port#p508981

Real world without tie-wraps does not exist

What is wrong with Harpin NAT? It is just name of technology which "other" routers do behind the scenes.
One line for NAT. That is all.

Maybe you should just make bridge for ETH1+ETH2 and the second for ETH3+ETH4 and connect it with this UTM?

It is not problem of Mikrotik configuration.

You should configure virtual hosts on your WWW server to manage different domains.
In Mikrotik device you should pass all HTTP trafic to this server.

Davis,
Is ROS affected? IMHO it is stupid question.
If Mikrotik implements and follow WiFi standard then the standard is affected then this "flow in design" is in current ROS implemented.

What, in yor opinion, should be done? Change to WiFi implementation to not follow standard?

What is the conclusion?

What is connection of cracking WiFi credentials and router?

Please rewrite in English please or the post will be deleted.

Mikrotik has room improve also with the blog...

Rhetorical question: Why people needs blogs, tweets or Facebook messages to feel beeing informed well?

msatter:
https://forum.mikrotik.com/
or
viewforum.php?f=21

Honestly I had never read the announcements section of the forum, I do now......

43north ... please do not take it personally

but this is the quotation of the month ... maybe even of the year.

43north ... you are using our forum ... you are posting ... why have you not upgraded your router earlier even you have had (I suppose) knowledge of the problem?

...Have you considered using external to your network honeypots as source of offending IPs? ... I'm not quite sure I follow what you are saying. I'm always open to more sources. The new system is very modular. So importing another source is as simple as coding an import module for it. Could it be p...

Hands up who is daily following CVE news?

Dave, Have you considered using external to your network honeypots as source of offending IPs? I use as the first frontier such RAW drop rules and all the time there are some IPs on the list of attackers. add action=add-src-to-address-list address-list=RAWATTACK2 address-list-timeout=127m chain=prer...

Once again: I'm not "advocatus diaboli" of Mikrotik but you should apply right measure to the problem. OK. There was a problem spotted and repaired ... a lot of programs/devices had, have and will have them ... period. The problem is/was resolved ... time to apply cure. IF YOU WANT. If not ... stop ...

...Yes, from "now on". Figuratively speaking - a few months is almost nothing when you have hundreds of thousands of devices out in the wild. As others already mentioned, do not expect people to promptly install your 0-day fix (as I recon, there were some communication glitches along the way, too)....

As Oude Kirk is about 5 min. walking from Central Station then most people start and end visiting Amsterdam do not crossing Damstraat and they are missing eg. Rembrandt's Museum. Not even trying to visit or just find any windmill Nederlands are famous for

To not be blamed that they do nothing !!!!

Have you read carefully all recent posts on forum about this "problem"?

Mikrotik is almost blamed for not upgraded 70k+ routers in Brazil, that people are not informed and so on ...

PS.

Windmills +1

Normis ...
It seems to be a fight with windmills ... this is era when most people read JUST THE TOPIC and do not read more than one sentence of news and most of them do not even want to think what they are reading about. Topic is all information they want to know.

"Mikrotik call home" :) .... crazy idea. And what about routers which has "unsafe" ROS version but are hidden behind other firewall with good security? Should they magically be banned? What about connections with low bandwith? Should it be "eaten" by regular ROS verion checks? Tha main idea of route...

Try to Netinstall.

On forum posts if the subject line doesn't interest me, I would never read it.

It is like: I do not like this song as I have never listened to it earlier and the title is boring me.

You have to know what you're doing with all this kit really unless you can just plug it in with the default config and not touch it, which goes back to the original issue. Lots of people buy this kit with no real expertise, and lots of people have these routers installed with no ongoing support and...

What we are talking about?
Ask average user what router is .... answers will be like "What?", "YYYYaaaaayyyyaaa? What?", to more sophisticated "Do you mean this white/blue/silver etc. box?" or "I have Internet from WiFi".

@msatter
Do you think that all 70 000 users of hacked devices in Brazil do even know what WinBox is?

@msatter: How do you expect that Mikrotik could MORE persuade people to upgrade if they (users not Mikrotik) do not care? It is not a matter how many infos Mikrotik will publish. If admin/user/owner do not care than it is not a problem of Mikrotik. Do you think that other comapnies call or mail each...

The sad part is that owners/admins DO NOT CARE.

Fixed.

Dave, Thank you for your job. Testing: [admin@RBTEST] > /tool fetch mode=https dst-path=/disk1/filters.rsc url="https://bl.mikrotikfilters.com/fetch.php\?priority=1"; status: failed failure: closing connection: <500 Internal Server Error> 35.236.78.203:443 (4) [admin@RBTEST] > /tool fetch mode=https...

viewtopic.php?f=21&t=137284&sid=87bf816 ... ded96b3b84

OMG ... next topic about winbox problem ...

@Prawira ... have you checked forum for this problem? Have you tried this http://bfy.tw/J9pW before posting?

Why is it so hard to ask "uncle Google" for "mikrotik hacked compromised problem winbox 8291" or any combination of these befor posting "CRACKED"?

Port scanner is a device/person/entity which checks ports in a router so these rules block ports from being discovered and services identified.

add action=dst-nat chain=dstnat dst-port=1812 in-interface=ether1-gateway protocol=udp to-addresses=192.168.1.124 to-ports=1812 add action=dst-nat chain=dstnat dst-port=16384 in-interface=ether1-gateway protocol=udp to-addresses=192.168.1.124 to-ports=16384 I see that you have PPoE interface in use...

Export configuration and import it in the newer device?

I use this as "first line barrier". Proper WAN ports should be added to WAN_LIST and port 65432 in the first rule should be set to port which Winbox access is set to /interface list add name=WAN_LIST /ip firewall raw add action=accept chain=prerouting dst-port=65432 protocol=tcp add action=add-src-t...

More details please. Configuration, log copy etc.

It is always interesting for me that some admins could find some information from the past and fit it to their "issue" but are unable to check manufacturers forums, announcments or other sources for current information on the "issue".

Changing name of logged in user is not good idea. What if you are logged as different user?

So you need in the script check if address-list which you use to block IPs is empty or not and then send an e-mail.

How do you detect that your router is attacked?

More details on DDOS attack please.

Visualise should be "virtualize".

Installing to bare metal has many problems and it seems that Mikrotik is focusing on virtual versions instead on native ones.

mrz ... should we be still shocked with this fenomenal initial start for next few years?

...
I'm still trying to figure out what to do with my life. At 43, I started not liking what I was doing for work. I've tried a few different things, including running a large non-profit for a while. Now I'm closing in on 45 and I still don't know.

You need "grown-up gap year"

Asking Google with "mikrotik forwarding all ports" gives answer

viewtopic.php?t=93228

Search found 1514 matches