Community discussions

Search found 1398 matches

  • 1
  • 2
  • 3
  • 4
  • 5
  • 28
by BartoszP
Thu Apr 26, 2018 3:51 pm
Forum: Scripting
Topic: Looking For an answer too zero mac addresses...
Replies: 5
Views: 1071

Re: Looking For an answer too zero mac addresses...

10 years old thread reincarnation? ROS 2.xx? Get a life .... :-)
by BartoszP
Thu Apr 26, 2018 9:40 am
Forum: Announcements
Topic: Photos of towers and masts
Replies: 16
Views: 2613

Re: Photos of towers and masts

Calling Rio de Janeiro :-) :-)
by BartoszP
Wed Apr 25, 2018 5:23 pm
Forum: General
Topic: Sizing
Replies: 8
Views: 229

Re: Sizing

Is he asking for subnets masks or for advice if particular model of Mikrotik is sufficient?
by BartoszP
Wed Apr 25, 2018 11:12 am
Forum: General
Topic: Mikrotik keeps requesting for login information from users
Replies: 4
Views: 180

Re: Mikrotik keeps requesting for login information from users

What APs? What Mikrotik? Configured as CAPSMAN and CAPS or simple APs ...

Please share more info.
by BartoszP
Wed Apr 25, 2018 10:59 am
Forum: Announcements
Topic: v6.40.8 [bugfix] is released!
Replies: 10
Views: 2234

Re: v6.40.8 [bugfix] is released!

M33 (mmips) as CAPSMAN, mix of mipsbe devices as CAPS. Upgrade of M33 from 6.40.7 to 6.40.8 with no problems but CAPS have not connected to CAPSMAN. They have not been upgraded automatically to "current" version as CAPSMAN configuration is set to. After manual upgrade and restart they have connected...
by BartoszP
Tue Apr 24, 2018 11:14 pm
Forum: Announcements
Topic: Advisory: Vulnerability exploiting the Winbox port [SOLVED]
Replies: 204
Views: 54343

Re: Advisory: Vulnerability exploiting the Winbox port

I know ... but it input chain is not the same as forward one. You can block access to router but not traffic forwarded to/from users.
by BartoszP
Tue Apr 24, 2018 11:07 pm
Forum: Announcements
Topic: Advisory: Vulnerability exploiting the Winbox port [SOLVED]
Replies: 204
Views: 54343

Re: Advisory: Vulnerability exploiting the Winbox port

Why blocking access to router is bad idea? Should "popular" addresses try to access our router?
by BartoszP
Mon Apr 23, 2018 4:57 pm
Forum: Announcements
Topic: v6.42.1 [current]
Replies: 123
Views: 8880

Re: v6.42.1 [current]

And implement "security fix" in 6.40.7 PLEASE!!!!!
by BartoszP
Mon Apr 23, 2018 10:53 am
Forum: General
Topic: 6.42 attacked??
Replies: 3
Views: 366

Re: 6.42 attacked??

Maybe you are victim of viewtopic.php?f=2&t=133438
by BartoszP
Sun Apr 22, 2018 9:40 am
Forum: Beginner Basics
Topic: Setting up a Metal 5 right out of box by beginner.
Replies: 2
Views: 70

Re: Setting up a Metal 5 right out of box by beginner.

Are you joking? It's not 1st April.
by BartoszP
Sun Apr 22, 2018 7:25 am
Forum: Announcements
Topic: v6.42 [current]
Replies: 146
Views: 13085

Re: v6.42 [current]

Does 5.26 to 6.41 upgrade go without problems? Jumping 43 versions ahead with MAJOR change of bridge and switch implementations? Brave move.
by BartoszP
Sat Apr 21, 2018 10:22 pm
Forum: General
Topic: winbox vulnerable! Unusual login to routers [SOLVED]
Replies: 44
Views: 5019

Re: winbox vulnerable! Unusual login to routers [SOLVED]

@Joe1vm ... only 62 .... "My" past few days: 56k+ tries ...... :-( Winbox section drops specified ports and makes list of IP which try for the 2+ times to access that ports. Same for RAW section which do same for sbl lists. If it is already in RAW list then drop it early to avoid checking 20k+ entri...
by BartoszP
Sat Apr 21, 2018 10:10 pm
Forum: Announcements
Topic: v6.43rc [release candidate] is released!
Replies: 54
Views: 6492

Re: v6.43rc [release candidate] is released!

So why you have not upgraded first to 6.40.7 (bugfix) with old bridge implementation?
Why are you upgraded working hotel infrastructure to RC version? RC is test version so upgrade could fail.
by BartoszP
Sat Apr 21, 2018 9:04 pm
Forum: Announcements
Topic: v6.43rc [release candidate] is released!
Replies: 54
Views: 6492

Re: v6.43rc [release candidate] is released!

Thank you for warning but how many people do batch upgrade from such old version? You have checked procedure with ROS 6.0 and extrapolated that 5.x should work too. You are brave admin. Have you read changelogs? https://mikrotik.com/download/changelogs Important note!!! Backup before upgrade! Router...
by BartoszP
Fri Apr 20, 2018 5:02 pm
Forum: General
Topic: DHCP client on bridge does not work?
Replies: 5
Views: 216

Re: DHCP client on bridge does not work?

DHCP client should be set for bridge1 itself.
When any interface is assigned to bridge then it losts its identity and becomes just pure "electrical socket" of bridge interface. All funcionalty then should be set for bridge.
by BartoszP
Fri Apr 20, 2018 3:41 pm
Forum: Announcements
Topic: v6.43rc [release candidate] is released!
Replies: 54
Views: 6492

Re: v6.43rc [release candidate] is released!

Ready are you? What know you of ready? :lol: :lol: :lol:
by BartoszP
Tue Apr 17, 2018 4:29 pm
Forum: General
Topic: MikroTik 6.41.4 - FTP daemon Denial of Service PoC
Replies: 25
Views: 946

Re: MikroTik 6.41.4 - FTP daemon Denial of Service PoC

Not only Mikrotik has problems ... some homebrown FTP deamons could allow an unauthenticated, remote attacker to log in to the FTP server of the device without a valid password. https://tinyurl.com/y926t3br :) You should cross your fingers and look for valid maintanace contract to resolve problem.
by BartoszP
Tue Apr 17, 2018 2:37 pm
Forum: General
Topic: MikroTik 6.41.4 - FTP daemon Denial of Service PoC
Replies: 25
Views: 946

Re: MikroTik 6.41.4 - FTP daemon Denial of Service PoC

People are using your products without the simple default security.
Could you elaborate more on this? What do you mean "without the simple security"?
by BartoszP
Tue Apr 17, 2018 9:50 am
Forum: General
Topic: Port Forwarding for Security Camera's
Replies: 5
Views: 227

Re: Port Forwarding for Security Camera's

look here https://wiki.mikrotik.com/wiki/Manual:I ... nation_NAT

Ask DVR guy to change ports from 80 to eg. 40080 and follow above examples for port 40080.
You can also redirect external 40080 to port 80 on DVR to have DVR working.
by BartoszP
Sun Apr 15, 2018 1:58 pm
Forum: Beginner Basics
Topic: Port forwarding - please help !
Replies: 28
Views: 805

Re: Port forwarding - please help !

@Discmandj ... it is not problem of ISP's configuration or allow/disalow will. Look at above links.
by BartoszP
Sun Apr 15, 2018 1:17 pm
Forum: Beginner Basics
Topic: Port forwarding - please help !
Replies: 28
Views: 805

Re: Port forwarding - please help !

Port forward: http://bfy.tw/Heg7
Access local server with public IP from LAN: http://bfy.tw/HegK
by BartoszP
Tue Apr 10, 2018 12:14 am
Forum: General
Topic: Sniffer capture split into multiple files
Replies: 7
Views: 225

Re: Sniffer capture split into multiple files

The easiest way is to do port mirroring and send all traffic to be captured to selected port where proper hardware could be used to store incoming data.
by BartoszP
Mon Apr 09, 2018 5:31 pm
Forum: General
Topic: Sniffer capture split into multiple files
Replies: 7
Views: 225

Re: Sniffer capture split into multiple files

AFAIK WireShark does it automatically and you decide what is the size of logged data file.
by BartoszP
Mon Apr 09, 2018 5:27 pm
Forum: General
Topic: WinBox available version??
Replies: 2
Views: 113

Re: WinBox available version??

You can always check it directly in Winbox with "Check for updates" in "Tool" menu. On the other hand if WinBox does not show info that new version is needed to manage router and you can do all your daily tasks with no problem then IMHO there is no special need to upgrade it.
by BartoszP
Mon Apr 09, 2018 4:06 pm
Forum: Beginner Basics
Topic: I want my Mikrotik to use external DNS but with non-standard Port 53
Replies: 12
Views: 435

Re: I want my Mikrotik to use external DNS but with non-standard Port 53

IMHO they are dummy rules as 1st and 3rd will catch all traffic.
by BartoszP
Mon Apr 09, 2018 3:19 pm
Forum: Beginner Basics
Topic: I want my Mikrotik to use external DNS but with non-standard Port 53
Replies: 12
Views: 435

Re: I want my Mikrotik to use external DNS but with non-standard Port 53

The first one catches all for UDP traffic to port 53 and the third one all for TCP queries to port 53
by BartoszP
Mon Apr 09, 2018 3:09 pm
Forum: Beginner Basics
Topic: I want my Mikrotik to use external DNS but with non-standard Port 53
Replies: 12
Views: 435

Re: I want my Mikrotik to use external DNS but with non-standard Port 53

The first one will cacth all DNS queries but you can add src-address to pass queries to different DNS servers.
E.g. all traffic from LAN devices could be sent to OpenDNS, queries originating from router itself could be send to the second DNS server ... etc.
by BartoszP
Mon Apr 09, 2018 10:46 am
Forum: Beginner Basics
Topic: I want my Mikrotik to use external DNS but with non-standard Port 53
Replies: 12
Views: 435

Re: I want my Mikrotik to use external DNS but with non-standard Port 53

What about DST-NAT rule which changes router's DNS queries from ISP_IP:53 to NEW_IP:OTHERDNSPORT ?
by BartoszP
Sun Apr 08, 2018 6:49 pm
Forum: Forwarding Protocols
Topic: Multiple HTTPS Web Servers
Replies: 6
Views: 244

Re: Multiple HTTPS Web Servers

Or ...

Forward all traffic to one server (site1 url) and then do come http/https rewriting on site1 to forward site2 url to the second server.
by BartoszP
Sun Apr 08, 2018 2:27 pm
Forum: General
Topic: Router Model
Replies: 1
Views: 81

Re: Router Model

Any router from this list: https://mikrotik.com/products/group/ethernet-routers which has at least 2 ethernet interfaces if you need two ethernet WANs.
by BartoszP
Sun Apr 08, 2018 11:55 am
Forum: RouterOS v6 RC and v7 BETA
Topic: Is CCR tile support affected by missing Linux support?
Replies: 8
Views: 613

Re: Is CCR tile support affected by missing Linux support?

No.
Support is not affected.
New products could be affected if only Mikrotik would decide to develop new devices based on Tilera.
by BartoszP
Fri Apr 06, 2018 5:08 pm
Forum: Beginner Basics
Topic: static and automatic Address
Replies: 3
Views: 126

Re: static and automatic Address

None ... DHCP server does not care which interface is the source of DHCP request.
by BartoszP
Fri Apr 06, 2018 4:49 pm
Forum: Beginner Basics
Topic: High CPU usage.
Replies: 10
Views: 422

Re: High CPU usage.

Or disable rule #7 to check if usage will drop? There are lots of packets "firing" this rule.
by BartoszP
Thu Apr 05, 2018 2:49 pm
Forum: RouterBOARD hardware
Topic: Need help to chose hardware
Replies: 2
Views: 170

Re: Need help to chose hardware

What do you mean: "gain" gsm signal? Do you need bigger antenna as you have weak signal level or do you want to amplify gsm signal to have better coverage in your area. If you want second option then it could be a problem as amplifying signal means recreating signal so you are becoming GSM operator ...
by BartoszP
Wed Apr 04, 2018 10:26 am
Forum: General
Topic: Most abusing IPs ... thread more for ISPs than average Users
Replies: 4
Views: 314

Re: Most abusing IPs ... thread more for ISPs than average Users

I've observed raising count of TCP port 7547 scans ... seems to be reincarnation of https://isc.sans.edu/forums/diary/Port+ ... dems/21759
by BartoszP
Sun Apr 01, 2018 9:51 am
Forum: General
Topic: Most abusing IPs ... thread more for ISPs than average Users
Replies: 4
Views: 314

Most abusing IPs ... thread more for ISPs than average Users

It's a liitle bit sibling thread to https://forum.mikrotik.com/viewtopic.php?f=21&t=132499 What are your methods to block abusing IPs which are known to permanently scan hosts? When do you decide that someone should be treated as "hacker"? I see 3 IPs which scan/"check" my routers each second. They ...
by BartoszP
Fri Mar 30, 2018 5:44 pm
Forum: General
Topic: can i use CAPsman in switch to manage my AP ??
Replies: 1
Views: 98

Re: can i use CAPsman in switch to manage my AP ??

Yes. CAPSman is not responsible of DHCP ... it manages interfaces in CAPs.
by BartoszP
Fri Mar 30, 2018 2:16 pm
Forum: Beginner Basics
Topic: Team Speak 3 Port Opening [SOLVED]
Replies: 13
Views: 439

Re: Team Speak 3 Port Opening [SOLVED]

What is this fixation with Hairpin NAT LOL, okay I see where it may be applicable...... Nothing more then accessing internal server via external address from LAN. Mikrotiks devices do not have such option set as default and there are no magic wizzards which open LAN-WAN-LAN communication channels a...
by BartoszP
Fri Mar 30, 2018 12:15 pm
Forum: Announcements
Topic: Urgent security advisory
Replies: 110
Views: 40991

Re: Urgent security advisory

Each "pros" has it's "cons" ... making such information visible makes cracking easier.
by BartoszP
Fri Mar 30, 2018 10:05 am
Forum: General
Topic: Winbox Not Detecting RouterBoard
Replies: 31
Views: 807

Re: Winbox Not Detecting RouterBoard

Network set to "private", "firewall switched-off ... but ... have you any third-party antivirus installed which "spies" network traffic? Any Internet-Security package which "messes" with firewall settings or takes over Windows' firewall?
by BartoszP
Fri Mar 30, 2018 9:27 am
Forum: General
Topic: Winbox Not Detecting RouterBoard
Replies: 31
Views: 807

Re: Winbox Not Detecting RouterBoard

Please read this viewtopic.php?f=1&t=93307&p=490402&hilit=Winbox#p490402
Maybe it put some light on your problems.
by BartoszP
Fri Mar 30, 2018 9:16 am
Forum: Announcements
Topic: Urgent security advisory
Replies: 110
Views: 40991

Re: Urgent security advisory

Seems that you are trying to tell me that if shell access is unofficial - then it leads to "all doors open" issue? Kind of .. if you have enabled filesystem for r/w operations, if any (if there are some) preventive locks are released with enabling "internals", if worm has access to bigger part of s...
by BartoszP
Thu Mar 29, 2018 5:41 pm
Forum: Announcements
Topic: Urgent security advisory
Replies: 110
Views: 40991

Re: Urgent security advisory

@random12 Not judging anyone ... but how do you have access to internals of Mikrotik? Is it official way or not? If not, then I should agrre with Normis that you device is not the representative example for the problem. I could agree that maybe you have example of other malicious activity but are yo...
by BartoszP
Thu Mar 29, 2018 1:58 pm
Forum: Announcements
Topic: Urgent security advisory
Replies: 110
Views: 40991

Re: Urgent security advisory

... There exists a special NPK package that you can install and gain access to shell. This is not public. This user must have gotten it from MikroTik support. Sometimes this package is installed by MikroTik support when debuging a live installation, but is usually removed. Don't ask, we will not sh...
by BartoszP
Thu Mar 29, 2018 1:36 pm
Forum: Announcements
Topic: Urgent security advisory
Replies: 110
Views: 40991

Re: Urgent security advisory

@Normis
How "random12" user could show us results of "ps", "ls" etc ... Is he cracking his own router or uses some Mikrotik's debug/special module?

Simple question: How?
by BartoszP
Wed Mar 28, 2018 11:42 am
Forum: Beginner Basics
Topic: DSTNATing
Replies: 4
Views: 148

Re: DSTNATing

by BartoszP
Tue Mar 27, 2018 5:13 pm
Forum: Scripting
Topic: Send message to Winbox user on login
Replies: 2
Views: 182

Re: Send message to Winbox user on login

....The simple solution is to create users for everyone, but some of the people that use this MK aren't exactly "reachable", in a way that most of the time they stay away from any communication source. ... Hmmmm ... what is the problem? If "these" persons are online, they even have to be online, to...
  • 1
  • 2
  • 3
  • 4
  • 5
  • 28