Community discussions

MikroTik App

Search found 9 matches

by TheLittleDuke
Fri Feb 06, 2015 12:30 am
Forum: Scripting
Topic: Connection Logging vs Snort
Replies: 0
Views: 500

Connection Logging vs Snort

What's the most straight forward way of getting all connection log information out?

Other than polling the router every N seconds -- is there a way to have it log or send the connection list info out via syslog or snmp ?
by TheLittleDuke
Sat Jan 24, 2015 2:53 am
Forum: General
Topic: [FEATURE REQUEST] Two Factor Authentication
Replies: 24
Views: 16437

Re: [FEATURE REQUEST] Two Factor Authentication

Like has been mentioned earlier any site with large deployments is likely using RADIUS for central administration authentication anyway. Adding on Google Auth to FreeRADIUS is pretty simple way to get this done today. Defense in Depth. I'm not going to add in a Radius server to manage my home route...
by TheLittleDuke
Wed Jan 21, 2015 1:55 am
Forum: General
Topic: [FEATURE REQUEST] Two Factor Authentication
Replies: 24
Views: 16437

Re: [FEATURE REQUEST] Two Factor Authentication / Google Aut

What would it take to get this on "sooner than later" roadmap?

In particular I'd like to see Google Auth support for the WebFig Login interface.

Is there a "bounty" that could be raised?

Let me know, I'm willing to chip in to see this implemented asap.

-dvd
by TheLittleDuke
Wed Jan 07, 2015 3:57 am
Forum: Beginner Basics
Topic: Deny outside DNS on port 53 / Permit Inside DNS?
Replies: 17
Views: 22875

!

Why you have the rule nr. 3? It opens also access to dns service. THAT is an excellent question -- I took some of this initial config from another site that looked to have a fairly decent initial config... https://aacable.wordpress.com/2011/08/15/mikrotik-howto-prevent-mt-host-from-invalid-login-at...
by TheLittleDuke
Tue Jan 06, 2015 11:26 pm
Forum: Beginner Basics
Topic: Deny outside DNS on port 53 / Permit Inside DNS?
Replies: 17
Views: 22875

Re: Deny outside DNS on port 53 / Permit Inside DNS?

Here's what I have at the moment: /ip firewall filter print Flags: X - disabled, I - invalid, D - dynamic 0 ;;; Accept established connections chain=input action=accept connection-state=established log=no log-prefix="" 1 ;;; Accept related connections chain=input action=accept connection-state=relat...
by TheLittleDuke
Tue Jan 06, 2015 8:30 pm
Forum: Beginner Basics
Topic: Deny outside DNS on port 53 / Permit Inside DNS?
Replies: 17
Views: 22875

Re: Deny outside DNS on port 53 / Permit Inside DNS?

If you leave your dns open then it doesn't take long for hackers to find it and use it for dns amplification attacks Obviously we don't want that -- hell I don't even want them using it to bypass whatever DNS servers they are using -- or using it to fill up the cache in my system. Fundamentally the...
by TheLittleDuke
Tue Jan 06, 2015 7:43 pm
Forum: Beginner Basics
Topic: Deny outside DNS on port 53 / Permit Inside DNS?
Replies: 17
Views: 22875

Re: Deny outside DNS on port 53 / Permit Inside DNS?

I've done the above...however DNS relay itself is not available on the inside of the network. "drop tcp/udp port 53 ether1-gateway on both the input & forward chains" If I check the "allow remote requests" box under IP / DNS -- it allows foreign access to the public IP side for queries, ignoring the...
by TheLittleDuke
Tue Jan 06, 2015 6:08 pm
Forum: Beginner Basics
Topic: Deny outside DNS on port 53 / Permit Inside DNS?
Replies: 17
Views: 22875

Deny outside DNS on port 53 / Permit Inside DNS?

Just noticed a very high count of open connections from outside IP's pounding on my public IP port 53 -- a quick test showed that it was acting as an open DNS server. I shut it down and changed DHCP so that internal clients will just get 8.8.8.8 for their DNS server. What is the best practice for al...
by TheLittleDuke
Mon Jan 05, 2015 7:29 pm
Forum: Beginner Basics
Topic: LOG file showing "got CRL with bad signature" ?
Replies: 3
Views: 4697

LOG file showing "got CRL with bad signature" ?

My log file seems to have a high number of these entries:
got CRL with bad signature, issued by StartCom Certification Authority::IL:StartCom Ltd.:Secure Digital Certificate Signing::
I sent the message to the SSL provider startssl.com and they have asked if I can pull more details?

Any ideas?