A bug in RouterOS is fairly unlikely, but can't be completely ruled out. What version are you running?That is strange to me too. Thanks you very much for info! I'll file a ticket with Support, it could be a firmware issue.
/interface bridge settings
set use-ip-firewall=yes
That's usually a good thing. It means Shodan didn't find any open ports when it scanned the IP(s) that you searched for.Does absolutely nothing. "No results found" in 0.1ms
There are 8 links in the post. Which site do you need help with?Okay so WTF do I do at that site.......... it tells me nothing other than to sign up for an account and then what...............
Do you think the error messages are incorrect? If so, why do you think that?<mt398> Failed to connect to the host via ssh:
<mt417> Failed to connect to the host via ssh:
add chain=input action=drop dst-address-type=broadcast
You should start a new thread. This one is old and the OP posted no useful information.hi,
any ideas on this thread? I'm currently having the same issue
regards,
export hide-sensitive
I'm curious, on your routers experiencing packet loss, do you have a firewall rule that drops invalids in the forward chain? If so, I'd be curious to see what happens if you disable that rule.Another 5 still pending investigation with lots of packet loss and 3 just quit working out of warranty.
/ip address
add address=172.16.85.1/24 interface=bridge-wlan1-home
You didn't even try. It took you longer to post this reply than go check. https://www.mikrotik.com/downloadAny idea when ROS 7 will be available for testing? I'm willing to test RPKI for you (IPv6 and IPv4 routes) if you send me the code as soon as it's available
Depending on your software version, yes, that is correct. See https://blog.mikrotik.com/security/winb ... ility.htmlSo you mean they have some exploit in the device that they could gain access anytime?
Dang it. Sorry about that. I don't know why I didn't notice you were not the OP. I read your reply from the context of the OP. No wonder it didn't make sense to me.@tippenring: I'm not admin of RB trying to outsmart DNS domain admin, @alli is.
Have you tried Winbox 3.18? There's a potential fix there. I just realized you aren't the OP. The OP tried 3.18, but you haven't said you tried it.I'm not a mikrotik master, but i have enough brains to change my credentials after hacking.
/ip firewall filter
add action=drop chain=input dst-address-type=multicast
You don't necessarily need to post them. Just load the before and after in notepad++ and do a compare.I'll take a look and post them without sensitive configs. Too bad I can't use the Mikrotik auto remove sensitive on saved backups.
What was different between the two configs? That's an easy thing to look at.Right now we are using the CCR that was causing the issue to pass traffic. The only thing that changed to get it to start working was to restore a config file from before the power outage.
I'll be waiting to see your findings. Be safe!Waiting for the rain to test the MikroTik LHG 60G over a 1473.16m link... Hurricane LANE will be here in a day or two.
Presumably you or someone else has control of your router and changed the winbox port. Consider changing the credentials. It wouldn't hurt to netinstall and reconfigure, just in case.i noticed that the winbox port has change ...
what can be the reason ?
I expect the rest of the ports getting pinged are dropped further up in the firewall chain, so not being reported.I am not surprised by the number of the attack, but that its >95% on tcp/23.This isn't really a surprise for most people.
I definitely share your frustration with the "Help! Someone please do all my network engineering for free! URGENT!!!"Maybe I have read too many "help! my users are actually making traffic! I want to block block block!" topics...
That seems a bit harsh. This could be an opportunity for the OP to learn about traffic management.Also consider dropping from the business and finding another way to earn money.
I misunderstood your post. My apologies.Tippenring.
I was agreeing with you. The logs were proof that 2 different attackers had the password from before the upgrade
A search of this forum before yet another post about how "I've been pwned" would do you wonders.why do you say that...? and how can i check?RouterBoard OS 6.35.2
I wonder if your device did not maybe get hacked!
I understand netinstall doesn't work if the device is >50 ft off the ground. Does anyone have the support ticket # for that issue?Have you tried netinstall? Or is the affected box also too high and/or far to do that?
It's a router. It always routes by default.What's next thing to do for routing?
Wow. Although relatively low risk, I can't think of a reason for not verifying the cert but laziness. Good thing I don't upgrade from Winbox I guess.Still no signature checking or HTTPS... man in the middle can easily compromise administrator's PC.
https://i.imgur.com/TX7G9pq.gifv
I second this recommendation. I have several in production now. It's a very simple VPN to set up compared to IPSec client-type connections.Look into SSTP VPN, works great for me, very secure and uses certificates
Fully agree with what @CZFan said.@Sob and @sindy, with all due respect, I love watching you guys argue / "interfere" I learn so much from you guys, please continue
Well that totally changes my opinion. I thought you were an ISP.I am not an ISP. I manage a company network with BYOD policy.
I only glanced at the log. I hadn't noticed that. Good catch.According to the log (which for some reason was sorted descending by time), phase 1 has succeeded. That's why I've suggested to remove the lifetime from the ph2 proposal.
/system logging
add disabled=no prefix="IPSEC: " topics=ipsec,!packet