Community discussions

Search found 150 matches

by tippenring
Thu Oct 18, 2018 5:41 pm
Forum: General
Topic: Unable to login
Replies: 4
Views: 184

Re: Unable to login

I'd suggest posting your firewall config. If you have some kind of blacklisting set of rules, you could very well be hitting them and blocking your own access after a few packets. That's just a thought off the top of my head.
by tippenring
Thu Oct 18, 2018 5:09 pm
Forum: General
Topic: libssh exploit, is Mikrotik affected?
Replies: 5
Views: 362

Re: libssh exploit, is Mikrotik affected?

Is Mikrotik affected by the libssh bug described here? https://arstechnica.com/information-technology/2018/10/bug-in-libssh-makes-it-amazingly-easy-for-hackers-to-gain-root-access/ I am not sure if libssh is used under the hood, it would be great to know one way or the other. Thanks Thanks for aski...
by tippenring
Wed Oct 17, 2018 5:36 pm
Forum: General
Topic: Unable to login
Replies: 4
Views: 184

Re: Unable to login

Good morning, some devices with the 6.43.2 software do not allow me to login. The credentials are correct, in case of error I receive the error "Authentication failed", instead with the right user/pass the process goes into timeout. The problem occurs both with the Winbox, with the telnet and with ...
by tippenring
Thu Oct 11, 2018 4:39 pm
Forum: General
Topic: Can my ISP access my Mikrotik Router and make changes?
Replies: 7
Views: 341

Re: Can my ISP access my Mikrotik Router and make changes?

So you mean they have some exploit in the device that they could gain access anytime?
Depending on your software version, yes, that is correct. See https://blog.mikrotik.com/security/winb ... ility.html

Also, it's a good idea to monitor https://blog.mikrotik.com/security/
by tippenring
Wed Oct 03, 2018 4:07 pm
Forum: General
Topic: Router won't install update
Replies: 6
Views: 220

Re: Router won't install update

As Nescafe mentioned, the log will *probably* tell you why it didn't upgrade. I suspect that's why he asked what other files are on the file system. If you have other packages of a different version, the upgrade may fail.
by tippenring
Mon Oct 01, 2018 9:00 pm
Forum: General
Topic: Winbox Protocol Dissector
Replies: 2
Views: 217

Re: Winbox Protocol Dissector

I loaded up the dissector and captured a small bit of traffic. My understanding from the Cisco article is that it will only work on unencrypted sessions. I believe all newer versions of Winbox use encryption, and my small capture didn't seem to have any readable data. I spent less than 5 minutes try...
by tippenring
Fri Sep 28, 2018 10:38 pm
Forum: Wireless Networking
Topic: Spambots
Replies: 12
Views: 3477

Re: Spambots

by tippenring
Thu Sep 27, 2018 12:45 am
Forum: Beginner Basics
Topic: Router Sending Spam
Replies: 7
Views: 383

Re: Router Sending Spam

In addition to disabling the proxy and socks services, you need to change all passwords (and ideally usernames) for the router as well. Otherwise the attackers will probably log back in and turn on the socks and proxy services again. add action=add-src-to-address-list address-list="port scanners" \ ...
by tippenring
Tue Sep 25, 2018 5:28 pm
Forum: Beginner Basics
Topic: Site to Site IPSec between two Mikrotik Routers
Replies: 7
Views: 431

Re: Site to Site IPSec between two Mikrotik Routers

Glancing over your screenshots, it looks about right for the IPSec. I'd tell you to make sure you exclude the subnets from masquerade or dst-nat, but you aren't getting that far yet.

Can your routers reach each other at all? It looks like they can't.
by tippenring
Tue Sep 25, 2018 5:01 pm
Forum: Beginner Basics
Topic: How to Monitor specific Ip
Replies: 5
Views: 305

Re: How to Monitor specific Ip

Well if this is a site that contains only one host IP it's easy, but if it is something like facebook, with multiple hosts, just mark the connection and then create a log rule on firewall over this connection mark, like so: /ip firewall mangle add chain=forward action=mark-connection new-connection...
by tippenring
Fri Sep 14, 2018 9:47 pm
Forum: Beginner Basics
Topic: How do I connect to IP 0.0.0.0?
Replies: 13
Views: 3044

Re: How do I connect to IP 0.0.0.0?

There it is again. Mention of IPv6. Often times, when I hear about IPv6, someone is saying something about network problems disappearing. I work for a small company with a network of less then 255 devices. I'm having that 0.0.0.0 problem, myself. Would it be worth it to migrate to IPv6? What are th...
by tippenring
Fri Sep 14, 2018 9:38 pm
Forum: General
Topic: DNS Server TTL problem
Replies: 14
Views: 541

Re: DNS Server TTL problem

@tippenring: I'm not admin of RB trying to outsmart DNS domain admin, @alli is.
Dang it. Sorry about that. I don't know why I didn't notice you were not the OP. I read your reply from the context of the OP. No wonder it didn't make sense to me. :-)
by tippenring
Fri Sep 14, 2018 9:35 pm
Forum: General
Topic: Power outage causes specific sites to be blocked
Replies: 11
Views: 387

Re: Power outage causes specific sites to be blocked

I don't think that is the issue. But it is a great Idea. Our 2 CCR in the area are not parallel. They are actually 150 miles apart. We have a layer 3 switch on the mountaintop separating them with OSPF. We don't use ICMP redirects at all. It looks like this Frontier fiber-----Blanding CCR ------ Ab...
by tippenring
Fri Sep 14, 2018 8:12 pm
Forum: General
Topic: Can't Log in After Upgrade
Replies: 20
Views: 890

Re: Can't Log in After Upgrade

I'm not a mikrotik master, but i have enough brains to change my credentials after hacking.
Have you tried Winbox 3.18? There's a potential fix there. I just realized you aren't the OP. The OP tried 3.18, but you haven't said you tried it.
by tippenring
Fri Sep 14, 2018 5:52 pm
Forum: General
Topic: Can't Log in After Upgrade
Replies: 20
Views: 890

Re: Can't Log in After Upgrade

RB3011 running 6.40.9, 2 days ago recieved "wrong username or password" in winbox. User is not "admin", password is strong enough. LCD touch was disabled. A crack - i think, than netinstall, 6.43, total reconfig (had no backups)... and today i recived the same message "wrong username or password". ...
by tippenring
Fri Sep 14, 2018 5:49 pm
Forum: Beginner Basics
Topic: Can't access webfig on WAN
Replies: 10
Views: 401

Re: Can't access webfig on WAN

When a router is defaulted, it normally has a set default config which includes firewall rules. When you first connect, you have the option to retain the config or start clean. I'd have to think you chose to start clean. If you are running pre-6.40.8 or pre-6.42.1, someone may have already hijacked ...
by tippenring
Fri Sep 14, 2018 5:07 pm
Forum: General
Topic: block multicast traffic
Replies: 2
Views: 292

Re: block multicast traffic

/ip firewall filter
  add action=drop chain=input dst-address-type=multicast
by tippenring
Thu Sep 13, 2018 6:52 pm
Forum: General
Topic: DNS Server TTL problem
Replies: 14
Views: 541

Re: DNS Server TTL problem

It is up to domain administrator to decide how long TTL is the best one for her domain. If she has really good reason for setting short TTL then it's probably counter-productive if caching DNS server administrator (e.g. @alli) tries to out-smart her. Because it's quite probable that caching DNS adm...
by tippenring
Thu Sep 13, 2018 6:27 pm
Forum: General
Topic: Power outage causes specific sites to be blocked
Replies: 11
Views: 387

Re: Power outage causes specific sites to be blocked

Here's a different possible cause to look at. I believe you've described your network as having two parallel border CCR routers. Is that correct? If so, when the power returns, could one router be the default gateway for your network, but actually be routing the traffic to the other border router (a...
by tippenring
Wed Sep 12, 2018 4:46 am
Forum: General
Topic: Power outage causes specific sites to be blocked
Replies: 11
Views: 387

Re: Power outage causes specific sites to be blocked

I'll take a look and post them without sensitive configs. Too bad I can't use the Mikrotik auto remove sensitive on saved backups.
You don't necessarily need to post them. Just load the before and after in notepad++ and do a compare.
by tippenring
Wed Sep 12, 2018 4:25 am
Forum: General
Topic: Power outage causes specific sites to be blocked
Replies: 11
Views: 387

Re: Power outage causes specific sites to be blocked

Right now we are using the CCR that was causing the issue to pass traffic. The only thing that changed to get it to start working was to restore a config file from before the power outage.
What was different between the two configs? That's an easy thing to look at.
by tippenring
Wed Sep 12, 2018 3:57 am
Forum: General
Topic: RouterOS ISP identifier
Replies: 10
Views: 429

Re: RouterOS ISP identifier

I'm pretty rusty on internet records, but I'm thinking what you're looking for might be PTR DNS records, which your ISP has to set up. Either that, or the IP block you have needs updated with your RIR. I believe your upstream should be able to do that also. I'm sure someone will come along shortly t...
by tippenring
Tue Sep 11, 2018 1:12 am
Forum: General
Topic: DMZ like firewalls on Mikrotik [SOLVED]
Replies: 11
Views: 537

Re: DMZ like firewalls on Mikrotik [SOLVED]

Similarly, our standard starting config contains an address list named whitelist.mgmt where we designate any management subnets. The first rule of the firewall permits the management traffic. The second removes all the default firewall rules, then the rest of our standard ruleset is pasted in. /ip f...
by tippenring
Mon Sep 10, 2018 6:36 am
Forum: Beginner Basics
Topic: UDP Broadcast from my Windows Server [SOLVED]
Replies: 6
Views: 322

Re: UDP Broadcast from my Windows Server [SOLVED]

If you use Winbox to connect to the router via MAC address rather than IP, Winbox sends the packets to the IP broadcast address of the subnet on that UDP port.

https://wiki.mikrotik.com/wiki/Manual:I ... _and_ports
by tippenring
Fri Sep 07, 2018 1:14 am
Forum: General
Topic: Windows 2016 DC requesting lots of IPs from DHCP?
Replies: 6
Views: 264

Re: Windows 2016 DC requesting lots of IPs from DHCP?

If an IP in the DHCP range is in-use but the DHCP server has no lease for it, Mikrotik will mark it as in-use and try the next IP. Microsoft will give out the in-use IP. Example: Client buys a payment terminal, printer or whatever. The vendor plugs it in, the device gets a dynamic IP. Vendor goes a...
by tippenring
Thu Sep 06, 2018 10:12 pm
Forum: General
Topic: Windows 2016 DC requesting lots of IPs from DHCP?
Replies: 6
Views: 264

Re: Windows 2016 DC requesting lots of IPs from DHCP?

Why wouldn't you let your DCs be the DHCP server rather than the router? You have redundancy with 2 DCs.
by tippenring
Thu Sep 06, 2018 10:11 pm
Forum: General
Topic: Windows 2016 DC requesting lots of IPs from DHCP?
Replies: 6
Views: 264

Re: Windows 2016 DC requesting lots of IPs from DHCP?

... and for proxy-arps which pass packets from one subnet to another and "eat" DHCP IPs. proxy-arp is my thought as well. Probably at the vmware level. You're Windows server NIC is a virtual NIC. It isn't physically connected to the LAN. However, your physical host is. It's virtual switch is connec...
by tippenring
Thu Sep 06, 2018 4:13 pm
Forum: General
Topic: Mikrotik output traffic to the 25 port
Replies: 6
Views: 222

Re: Mikrotik output traffic to the 25 port

so just disable it and that's all, or smth more needed?) thanks Maybe. If you haven't changed the credentials (all of them) for the router, then an attacker still has your user list. If you disable your firewall rules preventing access from the internet, they'll log in again and set it up again. It...
by tippenring
Thu Aug 30, 2018 4:20 pm
Forum: Beginner Basics
Topic: RB3011UiAS Password was changed?
Replies: 10
Views: 360

Re: RB3011UiAS Password was changed?

Yes :(
No. Or "not necessarily" anyway.
And how do you log in with a lost password??

Sent from Tapatalk
I'll bet he/she was alluding that the OP may have a version susceptible to the credential theft bug, so the OP could simply download their creds from the router in clear text and log in.
by tippenring
Thu Aug 30, 2018 4:11 pm
Forum: Beginner Basics
Topic: RB3011UiAS Password was changed?
Replies: 10
Views: 360

Re: RB3011UiAS Password was changed?

I never understand the big deal of these "lost access" posts. Why not wipe, reinstall, and restore your backup? It takes just a few minutes.
by tippenring
Tue Aug 28, 2018 6:37 am
Forum: Scripting
Topic: Blacklist Filter (Development Topic)
Replies: 110
Views: 6719

Re: Blacklist Filter (Development Topic)

Dave, Still very interested in learning how to setup a honeypot to collect addresses. Even if you are not to the point to accept other people's honeypot lists, could you do a brief write up to teach us the best way to setup a honeypot? Thanks! Here are a couple of Honeypot projects from my notes. I...
by tippenring
Tue Aug 28, 2018 6:34 am
Forum: Scripting
Topic: Blacklist Filter (Development Topic)
Replies: 110
Views: 6719

Re: Blacklist Filter (Development Topic)

Unfortunately, I don't have IPv6 yet. The system is designed for it, but I have no routers in IPv6 networks that I can test with. My home internet supports it, but it's so unstable, I don't bother with it. Have you seen HE's free IPv6 tunnel https://tunnelbroker.net/? I've had one up for nearly a y...
by tippenring
Sun Aug 26, 2018 6:13 am
Forum: Scripting
Topic: Blacklist Filter (Development Topic)
Replies: 110
Views: 6719

Re: Blacklist Filter (Development Topic)

Please keep up the great work. I've been running the BL on my home router as an experiment for a few weeks now. No trouble so far here. I would be interested in assisting with dev if I can. I'm not sure what I could do to help though. I'm not a good coder (unless my years-ago basic and quickbasic co...
by tippenring
Thu Aug 23, 2018 10:53 pm
Forum: General
Topic: Sofware VLAN/Bridge on RuterOS explained.
Replies: 29
Views: 1791

Re: Sofware VLAN/Bridge on RuterOS explained.

I just want to comment to thank you both. I'm thoroughly enjoying this discussion.

I too have been plagued by the variables of interface, bridge, vlan, and switch configurations when implementing VLANs. This discussion is definitely helping me understand it better.
by tippenring
Thu Aug 23, 2018 5:03 pm
Forum: General
Topic: LHG 60 project in Hawaii
Replies: 97
Views: 15160

Re: LHG 60 project in Hawaii

Waiting for the rain to test the MikroTik LHG 60G over a 1473.16m link... Hurricane LANE will be here in a day or two.
I'll be waiting to see your findings. Be safe!
by tippenring
Thu Aug 23, 2018 4:44 pm
Forum: Beginner Basics
Topic: Error:could not connect to 192.168.15.1
Replies: 4
Views: 1121

Re: Error:could not connect to 192.168.15.1

i noticed that the winbox port has change ...
what can be the reason ?
Presumably you or someone else has control of your router and changed the winbox port. Consider changing the credentials. It wouldn't hurt to netinstall and reconfigure, just in case.
by tippenring
Tue Aug 14, 2018 1:26 am
Forum: General
Topic: Forced routing with UTM connected both ends to Mikrotik
Replies: 7
Views: 396

Re: Forced routing with UTM connected both ends to Mikrotik

Thanks, the traffic inside the wire that would be connected to the UTM is tagged VLANs and from what I know it doesn't support VLANs (Sophos). And in real config there will be two UTMs daisy chained (client request), and I don't even know what the second one is. So I assume it will not work. Or am ...
by tippenring
Mon Aug 13, 2018 4:52 pm
Forum: Beginner Basics
Topic: google captcha after installing mikrotik
Replies: 4
Views: 425

Re: google captcha after installing mikrotik

Hi all I just finished installing a rb750GR-3, running a CAPsMAN with 2 AP's. Default firewal rules. I now get a captcha popup when ever I search on google. It reads: Our systems have detected unusual traffic from your computer network. i've attacehd a screenshot of the popup. any help would be gre...
by tippenring
Mon Aug 13, 2018 8:14 am
Forum: General
Topic: Forced routing with UTM connected both ends to Mikrotik
Replies: 7
Views: 396

Re: Forced routing with UTM connected both ends to Mikrotik

If the UTM is in bridge mode, why not simply connect it in-line with one of the ethernet ports?
by tippenring
Fri Aug 10, 2018 5:02 pm
Forum: Beginner Basics
Topic: Open Ports
Replies: 7
Views: 357

Re: Open Ports

i used to scan the network from lan and in results had open just 2 ports (dns for example and mikrotik winbox) now when i scan the network from inside (im scaning WAN interface btw not LAN) i have tons of open ports....dont have avast installed anywhere tho Yes, you have Avast installed somewhere. ...
by tippenring
Wed Aug 08, 2018 9:35 pm
Forum: General
Topic: Do not open port tcp/23 to your device from internet you will be hacked
Replies: 6
Views: 477

Re: Do not open port tcp/23 to your device from internet you will be hacked

This isn't really a surprise for most people.
I am not surprised by the number of the attack, but that its >95% on tcp/23.
I expect the rest of the ports getting pinged are dropped further up in the firewall chain, so not being reported.
by tippenring
Wed Aug 08, 2018 9:28 pm
Forum: General
Topic: Line by line config restore from 6.34 to 6.42 firmware
Replies: 16
Views: 626

Re: Line by line config restore from 6.34 to 6.42 firmware

there are not any MAC Addresses in my export rsc file so not really sure what you're talking about... sorry If there are no MAC addresses, then restore the whole config to your backup router and test. I personally prefer to either SSH or open a terminal in Winbox and paste a config by hand. That wa...
by tippenring
Wed Aug 08, 2018 9:24 pm
Forum: Beginner Basics
Topic: Please help me get my network in order
Replies: 7
Views: 512

Re: Please help me get my network in order

I can only give you advice on the MikroTik-part of your network. What you should do: Reset the MikroTik-devices, with no default configuration Access the MikroTik using Winbox and Mac-address Create a new bridge, containing all interfaces (ethernet and wireless) Depending on your need, either confi...
by tippenring
Wed Aug 08, 2018 7:12 pm
Forum: General
Topic: Line by line config restore from 6.34 to 6.42 firmware
Replies: 16
Views: 626

Re: Line by line config restore from 6.34 to 6.42 firmware

I think you're working way to hard at this. /interface ethernet set [ find default-name=ether1 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full arp=enabled arp-timeout=auto auto-negotiation=yes bandwidth=unlimited/unlimited disabled=no full-duplex=yes l2mtu=4074 loop-protect=o...
by tippenring
Wed Aug 08, 2018 1:19 am
Forum: General
Topic: Backround upload traffic from google ips 172.217.x.x is saturating my upload speed
Replies: 7
Views: 327

Re: Backround upload traffic from google ips 172.217.x.x is saturating my upload speed

Maybe I have read too many "help! my users are actually making traffic! I want to block block block!" topics...
I definitely share your frustration with the "Help! Someone please do all my network engineering for free! URGENT!!!" :-)
by tippenring
Tue Aug 07, 2018 9:10 pm
Forum: General
Topic: Backround upload traffic from google ips 172.217.x.x is saturating my upload speed
Replies: 7
Views: 327

Re: Backround upload traffic from google ips 172.217.x.x is saturating my upload speed

Also consider dropping from the business and finding another way to earn money.
That seems a bit harsh. This could be an opportunity for the OP to learn about traffic management.
by tippenring
Tue Aug 07, 2018 5:04 pm
Forum: Scripting
Topic: Blacklist Filter (Development Topic)
Replies: 110
Views: 6719

Re: Blacklist Filter (Development Topic)

If anyone wants to help out more, I need more routers to report some stats to the server. This is part of the health monitoring and alerting system. If you paste the code into a terminal window, it will setup the script and start reporting. Running on my home router. Do you really want it reporting...
by tippenring
Tue Aug 07, 2018 7:12 am
Forum: Announcements
Topic: Winbox vulnerability: please upgrade
Replies: 244
Views: 30916

Re: Winbox vulnerability: please upgrade

Tippenring.

I was agreeing with you. The logs were proof that 2 different attackers had the password from before the upgrade
I misunderstood your post. My apologies.
by tippenring
Tue Aug 07, 2018 1:12 am
Forum: Announcements
Topic: Winbox vulnerability: please upgrade
Replies: 244
Views: 30916

Re: Winbox vulnerability: please upgrade

When they updated they didn't change the password. No, the attacker didn't change the password. If he did, that would give away that the router had been compromised. The attacker didn't want you to know he had the admin password for the router. So, you upgraded software, but did not change the pass...