Community discussions

Search found 1643 matches

  • 1
  • 2
  • 3
  • 4
  • 5
  • 33
by BartoszP
Sun Mar 17, 2019 9:38 am
Forum: Announcements
Topic: v6.44.1 [stable] is released!
Replies: 63
Views: 8620

Re: v6.44.1 [stable] is released!

After upgrade to 6.44.1 on RB962 GRE+IPSec stopped working when connected to 6.44 on the other side. After downgrade to 6.44 back on-line.
by BartoszP
Sun Mar 17, 2019 12:34 am
Forum: Beginner Basics
Topic: Locked out badly
Replies: 3
Views: 197

Re: Locked out badly

What about logging with WinBox via MACaddress?
by BartoszP
Fri Mar 15, 2019 8:56 pm
Forum: General
Topic: RB4011iGS+ admin password issue
Replies: 3
Views: 186

Re: RB4011iGS+ admin password issue

Resseting configuration should not be allowed without setting password as integral part of this process.
by BartoszP
Fri Mar 15, 2019 3:08 pm
Forum: Announcements
Topic: Statement on Vault 7 document release
Replies: 92
Views: 41175

Re: Statement on Vault 7 document release

You are using the wrong symbol to explain to IT people, should use "!=" instead, then they will better understand :-)
For some "<>" should be used :)
by BartoszP
Tue Mar 12, 2019 4:25 pm
Forum: Announcements
Topic: Winbox vulnerability: please upgrade
Replies: 324
Views: 62633

Re: Winbox vulnerability: please upgrade

It is always safer to netinstall as it formats device.
by BartoszP
Mon Mar 11, 2019 11:02 am
Forum: Announcements
Topic: v6.45beta [testing] is released!
Replies: 60
Views: 9641

Re: v6.45beta [testing] is released!

*) e-mail - fixed missing "from" address for sent e-mails (introduced in v6.44);
Emils

I'm interested how did it happen? What someone had been messing for with e-mail part of ROS?
by BartoszP
Thu Mar 07, 2019 5:06 pm
Forum: General
Topic: RB4011 real world speed tests
Replies: 11
Views: 480

Re: RB4011 real world speed tests

"Expected more" means 23+ Gb sustained transmission with 190$ device?
by BartoszP
Wed Mar 06, 2019 12:49 pm
Forum: General
Topic: Radical change coming for home and small business networking
Replies: 27
Views: 1250

Re: Radical change coming for home and small business networking

No. It's not old thinking.

My net is my castle. Period.
by BartoszP
Wed Mar 06, 2019 8:33 am
Forum: General
Topic: Radical change coming for home and small business networking
Replies: 27
Views: 1250

Re: Radical change coming for home and small business networking

Xymox,

Be responsible ISP/IT company and inform your customers that someone tries to take over their security.

Inform them about pros and cons and explain why you prefer not to jump into that train.

Easy.
by BartoszP
Mon Mar 04, 2019 12:38 am
Forum: General
Topic: Radical change coming for home and small business networking
Replies: 27
Views: 1250

Re: Radical change coming for home and small buisness networking

Hmmm.... I watched this video and what comes to my eyes is "security manager will configure customers' micornets to be safe/secure etc...." or sth like that ...
Who the ..... is Alice ... opssss ... security manager?
by BartoszP
Wed Feb 27, 2019 5:52 pm
Forum: General
Topic: Hardware Selection
Replies: 14
Views: 871

Re: Hardware Selection

Keeping up with the Simpsons ... let me decide :-)
by BartoszP
Wed Feb 27, 2019 4:21 pm
Forum: General
Topic: Hardware Selection
Replies: 14
Views: 871

Re: Hardware Selection

Frankly speaking: Bartosz ... "sz" pronounced as "sh" in "wash" :lol:
by BartoszP
Wed Feb 27, 2019 4:08 pm
Forum: General
Topic: routerOS blocks various surveillance cloud adresses
Replies: 2
Views: 164

Re: routerOS blocks various surveillance cloud adresses

How your PC reaches camera?

WAN -> LAN? Is it OK?
LAN -> LAN? OK or not? Look for Harpin NAT.
LAN -> WAN? OK?
by BartoszP
Wed Feb 27, 2019 2:38 pm
Forum: General
Topic: Hardware Selection
Replies: 14
Views: 871

Re: Hardware Selection

CRS are switches not routers. Thay can do routing but they are not designed for routing/natting/mangling heavy traffic. You should look for CCR devices if you want to mostly route or start with AH1100x4 ones. I have installation with AH1100x4 for 50+ users, VPN+IPSec used to access main office share...
by BartoszP
Wed Feb 27, 2019 12:44 pm
Forum: Announcements
Topic: v6.44 [stable] is released!
Replies: 219
Views: 25999

Re: v6.44 [stable] is released!

Strange ... IPSec works for me :-) after upgrade 6.43.12 -> 6.44

IPSeced IPIP and GRE tunnels work smooth after upgrade, self-reconnected without problems. Comments still in place.
by BartoszP
Fri Feb 22, 2019 9:48 pm
Forum: General
Topic: Problem on 6.37.5 version
Replies: 5
Views: 617

Re: Problem on 6.37.5 version

Do you really use these public IPs in your configuration?
by BartoszP
Mon Feb 18, 2019 5:48 pm
Forum: Beginner Basics
Topic: How do I get a question moderated??
Replies: 2
Views: 184

Re: How do I get a question moderated??

Be patient. Most of moderators are volunteers so it takes some time to be moderated.
by BartoszP
Fri Feb 15, 2019 3:44 pm
Forum: General
Topic: DHCP Offering Lease Without Success
Replies: 25
Views: 4332

Re: DHCP Offering Lease Without Success

Suspecting that DHCP server mostly warns

A. when device try to renew address when lease is still valid and full DHCP REQUEST-ACK-CONFIRM process is not done
or
B. ROS sees that device is "vanishing" ... I see it in logs when CAPSMAN moves device from one AP or interface to another.
by BartoszP
Fri Feb 15, 2019 12:59 pm
Forum: General
Topic: DHCP Offering Lease Without Success
Replies: 25
Views: 4332

Re: DHCP Offering Lease Without Success

Does not help ... no change .. still receiving warnings
by BartoszP
Thu Feb 14, 2019 2:02 pm
Forum: General
Topic: Guide to (possibly) hack RouterOS ... If yes please protect it
Replies: 10
Views: 709

Re: Guide to (possibly) hack RouterOS ... If yes please protect it

Most users who start threads "Mikrotik hacked...", "My router is unsecured", "Big hole in security of ..." seems to not check forum for security topics Did you try easiest method to look for security problems: https://forum.mikrotik.com/search.php?keywords=vulnerability https://forum.mikrotik.com/se...
by BartoszP
Wed Feb 13, 2019 5:53 pm
Forum: General
Topic: how to see "(2265 messages not shown)"?
Replies: 2
Views: 268

Re: how to see "(2265 messages not shown)"?

If I recall correctly it means that there is NNNN exactly the same consequent messages in the log.
by BartoszP
Wed Feb 13, 2019 5:48 pm
Forum: General
Topic: Config Review - Security Conscience Home User
Replies: 19
Views: 957

Re: Config Review - Security Conscience Home User

It is my way of "drop it ASAP" 0. if attacker scans us again (is already on the list) then drop it right now. A. check if unwanted port is checked. B. if yes, add attacker to the ban list C. drop all packets coming from attacker list /ip firewall raw add action=accept chain=prerouting dst-port=porto...
by BartoszP
Wed Feb 13, 2019 4:43 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: Feature requests
Replies: 1035
Views: 177031

Re: Feature requests

It would be convinient to CAPSAM and DHCP to log to log not only MAC address but also HOSTNAME if it is known.
Process of transforming MAC 2 HOST is tedious and if log changes quickly you have no chance to check who is associating/dhcping
by BartoszP
Mon Feb 11, 2019 5:34 pm
Forum: General
Topic: DHCP Offering Lease Without Success
Replies: 25
Views: 4332

Re: DHCP Offering Lease Without Success

Uncheck ...
"Always send replies as broadcasts even if destination IP is known. Will add additional load on L2 network."
DHCP broadcast an offer even if device is just deassigned.
by BartoszP
Mon Feb 11, 2019 4:31 pm
Forum: General
Topic: DHCP Offering Lease Without Success
Replies: 25
Views: 4332

Re: DHCP Offering Lease Without Success

For me the problem is with static addresses and seems to be connected with this option which sends offer even if there is no demand for it. Converting dynamic address to static makes this option somehow "checked" even DHCP server has it "unchecked" so if you forgot to uncheck then static reservation...
by BartoszP
Thu Jan 31, 2019 2:43 am
Forum: General
Topic: How to migrate RB3011 to CCR1009
Replies: 4
Views: 297

Re: How to migrate RB3011 to CCR1009

Before import rename all interfaces in 1009 to names used in 3011. It will make import much easier.
by BartoszP
Tue Jan 29, 2019 9:30 pm
Forum: Beginner Basics
Topic: DNS server behaviour
Replies: 5
Views: 311

Re: DNS server behaviour

/ip firewall filter
add action=drop chain=input comment=WAN->DNS dst-port=53 in-interface=YOURWAN protocol=udp
by BartoszP
Wed Jan 23, 2019 8:59 pm
Forum: Beginner Basics
Topic: Como usa a RBGrooveA-52HPn simultâneo
Replies: 2
Views: 163

Re: Como usa a RBGrooveA-52HPn simultâneo

Please edit your post and use English
by BartoszP
Tue Jan 22, 2019 5:06 pm
Forum: General
Topic: 6.43.8 vulnerability or hack?
Replies: 31
Views: 2052

Re: 6.43.8 vulnerability or hack?

Anav ... should mrz explain again and again and step by step what to do when you are hacked or could expect that autor is aware of https://blog.mikrotik.com/
by BartoszP
Sun Jan 20, 2019 5:36 pm
Forum: General
Topic: how many users can use different models of routers ?
Replies: 1
Views: 184

Re: how many users can use different models of routers ?

Users of what service?
by BartoszP
Fri Jan 11, 2019 5:17 pm
Forum: General
Topic: Misterious Ethernet problem
Replies: 13
Views: 1057

Re: Misterious Ethernet problem

IMHO it could be problem of STP/RSTP protocol. Switch it off and see what will happen.
by BartoszP
Thu Jan 10, 2019 10:34 am
Forum: General
Topic: Spam filtering - how to improve my antispam system
Replies: 9
Views: 674

Re: Spam filtering - how to improve my antispam system

I use N++ with it's regular expression search+replace/replace all option.
by BartoszP
Wed Jan 09, 2019 8:14 pm
Forum: General
Topic: Spam filtering - how to improve my antispam system
Replies: 9
Views: 674

Re: Spam filtering - how to improve my antispam system

@anav: Barracuda ESG does good job .. it filters most of spam from China ... most means 99% ... but I was tired skipping whole pages of "dropped/blocked" entries and decided to not allow such e-mails to reach ESG @Xtreamer: Please check attachment. It is part of a bigger set of rules so you must to ...
by BartoszP
Mon Jan 07, 2019 11:59 pm
Forum: General
Topic: Interface ether accidently removed and I am disconnected.
Replies: 9
Views: 419

Re: Interface ether accidently removed and I am disconnected.

How did you remove ethernet interface from router? Physically? Then I doubt if you can connect to your router :-)
Do you have more eth interfaces? What router it is? Configuration?
by BartoszP
Mon Jan 07, 2019 10:35 am
Forum: General
Topic: Spam filtering - how to improve my antispam system
Replies: 9
Views: 674

Re: Spam filtering - how to improve my antispam system

Almost 24 hours later

Edit ... blocked at RAW firewall level
Chiny4.PNG
by BartoszP
Sun Jan 06, 2019 10:40 pm
Forum: General
Topic: Spam filtering - how to improve my antispam system
Replies: 9
Views: 674

Spam filtering - how to improve my antispam system

Hi, I use Barracuda Spam Filter (Barracude ESG) as my spam-firewall for one of my customers. It does good job but one of their e-mail's was used for communication with China based client. Since then we receive hundreds spam e-mails per day only for this used e-mail. We do not receive e-mails to admi...
by BartoszP
Wed Jan 02, 2019 7:16 pm
Forum: General
Topic: Hacked Board
Replies: 15
Views: 1040

Re: Hacked Board

Do you use same "paranoic" :D rules for LAN as for WAN side?
by BartoszP
Tue Jan 01, 2019 3:45 pm
Forum: Wireless Networking
Topic: Radar detected on XXX
Replies: 31
Views: 1792

Re: Radar detected on XXX

@n21roadie ... could you please stop full quoting all posts you are commenting. Use "Post replay" instead of "quoting" post.
by BartoszP
Mon Dec 31, 2018 3:42 pm
Forum: General
Topic: under attack in port 32231? - help
Replies: 25
Views: 1283

Re: under attack in port 32231? - help

Yes.
You don't need
...dst-port=!8291,22 ...
You accept it earlier so packets to 8291 and 22 do not even reach this drop rule.
I suggest to change 8291 port to other port in you configuration for winbox access.
by BartoszP
Mon Dec 31, 2018 1:37 pm
Forum: General
Topic: under attack in port 32231? - help
Replies: 25
Views: 1283

Re: under attack in port 32231? - help

Yes.

If you want to protect your castle then you build THE WALL which stops all at the gate and then allow to go inside only allowed persons/goods/packets. It is far far easier then allow all to enter and spy them for "bad guys". :D :D :D
by BartoszP
Fri Dec 28, 2018 11:11 am
Forum: The User Manager
Topic: user manager database is corrupted everyday
Replies: 4
Views: 385

Re: user manager database is corrupted everyday

More details please.
by BartoszP
Fri Dec 28, 2018 8:47 am
Forum: General
Topic: Post Very good ... Thank you for that.
Replies: 3
Views: 319

Re: Post Very good ... Thank you for that.

Done ... just warned as previous posts were quite "normal"
by BartoszP
Thu Dec 27, 2018 11:13 am
Forum: General
Topic: After updating RouterOS to version 6.43.7, part of computers in the LAN can't ping each other.Is there the problem with
Replies: 3
Views: 251

Re: After updating RouterOS to version 6.43.7, part of computers in the LAN can't ping each other.Is there the problem w

General answer is: No.

More details please. Configuration, topology, version upgraded from ... we aren't wizards guessing from tea leaves
by BartoszP
Thu Dec 27, 2018 11:09 am
Forum: General
Topic: RB2011 dont upgrade
Replies: 1
Views: 134

Re: RB2011 dont upgrade

Maybe you are victim of viewtopic.php?f=21&t=140165
by BartoszP
Sun Dec 23, 2018 3:15 pm
Forum: General
Topic: PPPoE client help needed
Replies: 3
Views: 151

Re: PPPoE client help needed

L'italiano è una bella lingua but please use English :D
by BartoszP
Fri Dec 21, 2018 2:23 pm
Forum: General
Topic: securize network
Replies: 1
Views: 125

Re: securize network

Yes.
  • 1
  • 2
  • 3
  • 4
  • 5
  • 33