Community discussions

Search found 175 matches

by ivicask
Mon Jun 11, 2018 10:39 am
Forum: General
Topic: MT Router honeypot.
Replies: 20
Views: 962

Re: MT Router honeypot.

I wonder if Mikrotik has honeypot routers, pretty sure they dont or they would already capture all the previous exploits before it would spread like they did.

Any official statement regarding this from mikrotik?
by ivicask
Sun Jun 10, 2018 8:33 pm
Forum: Wireless Networking
Topic: 60Ghz 2.4km - possible?
Replies: 19
Views: 1025

Re: 60Ghz 2.4km - possible?

Hey folks. We need to replace one of our 5Ghz Links due to high noise. We would like to switch to 60 Ghz. The Link is 2.4km and has 600 meters of altitude change. We don’t need a Gigabit. 100 mbits would be plenty. Has anyone any experience if this is even possible? We got about 15% less Air preass...
by ivicask
Thu Jun 07, 2018 9:22 am
Forum: Wireless Networking
Topic: Suggested CAPsMAN Hardware
Replies: 11
Views: 524

Re: Suggested CAPsMAN Hardware

Ok, Thanks for the replies. Local Forwarding isn't an option, so we need some model with higher CPU. Also Fast-Track can't be used, because we need some firewall rules to hide the rest of our network from the CAPs Clients. I think we will go with RB1100x4 or maybe we will try the RB3011. I will rep...
by ivicask
Wed Jun 06, 2018 12:08 am
Forum: Wireless Networking
Topic: Suggested CAPsMAN Hardware
Replies: 11
Views: 524

Re: Suggested CAPsMAN Hardware

What's wrong with RB750Gr3, I use it with 7 Wap Ac, we have 150mbit line, and few queue tree rules, one simple queue for guest network, and up to 70 clients, works fine. Note I use local forwarding, not sure if it would work so good with capsman forwarding, u may need use higher cpu power product th...
by ivicask
Tue Jun 05, 2018 2:03 pm
Forum: Announcements
Topic: MikroTik News June 2018 (Issue #83)
Replies: 39
Views: 4719

Re: MikroTik News June 2018 (Issue #83)

- new, improved SXT LTE kit with two Ethernet ports Same price but ....inferior....:( Yes, hope MT stops recycling those old modems, and give us some LTE product with LTE 6+ category What do you guys mean? It is much better than SXT LTE first generation: "In comparison with our first generation mod...
by ivicask
Tue Jun 05, 2018 9:35 am
Forum: Announcements
Topic: MikroTik News June 2018 (Issue #83)
Replies: 39
Views: 4719

Re: MikroTik News June 2018 (Issue #83)

- new, improved SXT LTE kit with two Ethernet ports

Same price but ....inferior....:(
Yes, hope MT stops recycling those old modems, and give us some LTE product with LTE 6+ category
by ivicask
Mon Jun 04, 2018 3:29 pm
Forum: RouterBOARD hardware
Topic: wAP ac overheating?Crashing
Replies: 1
Views: 229

wAP ac overheating?Crashing

I have one wAP ac whos giving me problems for some time, but unfortunately is also out of warranty so i just wonder what are normal temps for this device?When i copy files over 5ghz interface at around (450mbit/s ) speeds, the router hits 80c and than randomly starts crashing and its not visible on ...
by ivicask
Thu May 24, 2018 1:53 pm
Forum: RouterBOARD hardware
Topic: wAP ac not discoverable over ethernet
Replies: 5
Views: 408

Re: wAP ac not discoverable over ethernet

I have couple of wAP ac devices that for some odd reason doesn't come up in the Winbox discovery. Connecting via MAC address fails too. Connecting over IP is OK. If I'm connected to Wifi, then everything works as expected (discovery + connecting over MAC and IP). Is this expected behavior? Coz for ...
by ivicask
Wed May 16, 2018 9:40 am
Forum: Announcements
Topic: Future of LTE products, user feedback requested
Replies: 46
Views: 6090

Re: Future of LTE products, user feedback requested

I would be happy with product like this

https://mikrotik.com/product/mant_lte_5o

But with integrated modem and 1 lan port, nothing more..
And atleast CAT6 is a MUST so it doesnt work like some 10 year old phone/device with horrific perfomance like current WAP LTE works.
by ivicask
Sat May 12, 2018 10:46 am
Forum: RouterBOARD hardware
Topic: 3x3 MIMO antennas >20dBi
Replies: 19
Views: 827

Re: 3x3 MIMO antennas >20dBi

Just wondering if someone can tell me why there are no 3x3 MIMO antennas on the market much greater than 20dBi ? I have a couple of RB921UAGS-5SHPacD-NM(triple chain capable) doing about 8KM's point to point, but limited to 2x2 due to antenna limitations(cant find a commercial 28 to 30dBi antenna w...
by ivicask
Mon Apr 23, 2018 4:12 pm
Forum: Beginner Basics
Topic: WiFi comparison between hAP ac2 and hAP ac
Replies: 11
Views: 1345

Re: WiFi comparison between hAP ac2 and hAP ac

I'm doing WiFi coverage tests between 2 Models: RBD52G-5HacD2HnD-TC (I will call it hAPac2) RB962UiGS-5HacT2HnT (I will call it hAPac) WiFi comparison between hAP ac2 and hAP ac.png The suggested price of both models results in a price difference of $ 60.00 My question: Where is such a big differen...
by ivicask
Mon Apr 23, 2018 3:17 pm
Forum: Announcements
Topic: Advisory: Vulnerability exploiting the Winbox port [SOLVED]
Replies: 204
Views: 72784

Re: Advisory: Vulnerability exploiting the Winbox port

But that whats the point of this, i ran it 3 times and got all my ports listed 3 times before mikrotik blocked it, "attacker" already have all it needs. Scan this 93.155.148.98 - my IP address and tell me the open ports please! It shows none now, but is this site already on your block list?Try clea...
by ivicask
Mon Apr 23, 2018 3:03 pm
Forum: Announcements
Topic: Advisory: Vulnerability exploiting the Winbox port [SOLVED]
Replies: 204
Views: 72784

Re: Advisory: Vulnerability exploiting the Winbox port

But if i run it from https://mxtoolbox.com/SuperTool.aspx?action=scan, it finishes every time and shows my open ports on router without blocking it.. Try for your self. OK, try this : ip fi fi add action=add-src-to-address-list address-list=Port_Scanner address-list-timeout=1w chain=input comment="...
by ivicask
Mon Apr 23, 2018 2:34 pm
Forum: Announcements
Topic: Advisory: Vulnerability exploiting the Winbox port [SOLVED]
Replies: 204
Views: 72784

Re: Advisory: Vulnerability exploiting the Winbox port

What do do : 1) Firewall the Winbox port from the public interface, and from untrusted networks. It is best, if you only allow known IP addresses to connect to your router to any services, not just Winbox. We suggest this to become common practice. As an alternative, possibly easier, use the "IP ->...
by ivicask
Wed Apr 11, 2018 12:28 pm
Forum: RouterBOARD hardware
Topic: Hardware for Traffic Shaping ~500mbps
Replies: 3
Views: 390

Re: Hardware for Traffic Shaping ~500mbps

Hi Everyone, I am looking for a recommendation for hardware that is capable of doing traffic shaping on a line that is about 500dn/100up without choking. I currently have a 300/20 link and am using other vendor hardware that employs hardware offloading that is reaching it's limit due to QOS turning...
by ivicask
Sun Apr 08, 2018 5:14 pm
Forum: General
Topic: Proxy causes 100% load on only 30mbit bandwidth?
Replies: 0
Views: 101

Proxy causes 100% load on only 30mbit bandwidth?

I have one RB911G connected to another wifi as client, and i just want to use it as proxy server so i can add it to my Dropbox or Mozila settings so i can surf over other net. Moment i run speedtest CPU gets lucked down to 100% and cant pass more than 30mbit, while im having 50mbit speed.The cache i...
by ivicask
Sun Apr 08, 2018 2:30 pm
Forum: General
Topic: Huge outgoing DNS requests (100gb in week)
Replies: 9
Views: 464

Re: Huge outgoing DNS requests (100gb in week)

Well it simple stopped, now it had like 30mb dns traffic in a week, i did nothing, upgraded or even rebooted router.

Will monitor if it happens again.
by ivicask
Fri Apr 06, 2018 5:24 pm
Forum: General
Topic: Huge outgoing DNS requests (100gb in week)
Replies: 9
Views: 464

Re: Huge outgoing DNS requests (100gb in week)

6.41rc52, doubt it's infected, it was installed 2 months ago, had latest version of os since installed, I have very stric firewall rules, I drop dns requests from net etc.. router has complex pass etc.
by ivicask
Fri Apr 06, 2018 3:33 pm
Forum: General
Topic: Huge outgoing DNS requests (100gb in week)
Replies: 9
Views: 464

Re: Huge outgoing DNS requests (100gb in week)

Wireshark shows all standard query packets, and gets responding ip addresses resolved back , but i do see them repeating, even it already got proper ip adresses reported back, and domain and ip exist. Still doesnt make sense, if it does return proper IP why is it repeating requests and not simple c...
by ivicask
Fri Apr 06, 2018 3:27 pm
Forum: General
Topic: Huge outgoing DNS requests (100gb in week)
Replies: 9
Views: 464

Re: Huge outgoing DNS requests (100gb in week)

Check the DNS cache, but this is a likely explanation, depending on the number of clients using your DNS. Even if u unplug entire network, meaning only Mikrotik leaves, this DNS requests still go . And we are talking about like 20 clients max who use internet lightly, its impossible they do 100gb D...
by ivicask
Fri Apr 06, 2018 2:57 pm
Forum: General
Topic: Huge outgoing DNS requests (100gb in week)
Replies: 9
Views: 464

Re: Huge outgoing DNS requests (100gb in week)

Check the DNS cache, but this is a likely explanation, depending on the number of clients using your DNS. Even if u unplug entire network, meaning only Mikrotik leaves, this DNS requests still go . And we are talking about like 20 clients max who use internet lightly, its impossible they do 100gb D...
by ivicask
Fri Apr 06, 2018 11:20 am
Forum: General
Topic: MUM berlin
Replies: 28
Views: 1640

Re: MUM berlin

Ah common Mikrotik, mANT 5o LTE, at first i was YES, finally new LTE device, than realized its just antena. Was it a problem to give us such product with builtin LTE modem of higher category than current ones you have.Thats all pointless what you did.WAP LTE performs so bad, no antena will help it, ...
by ivicask
Fri Apr 06, 2018 9:58 am
Forum: General
Topic: Huge outgoing DNS requests (100gb in week)
Replies: 9
Views: 464

Huge outgoing DNS requests (100gb in week)

I just installed one HAP ac at one customer, they got NEW HP switch with fiber connection to internet from ISP, and its connected to my LAN1 port on Mikrotik which has fixed ip 192.168.1.3, than all is routed out thru LAN port 2 on mikrotik on range 192.168.100.0/24 to customers internal netowrk. No...
by ivicask
Thu Mar 29, 2018 2:48 pm
Forum: General
Topic: Router + switch + ap all in one solution
Replies: 15
Views: 689

Re: Router + switch + ap all in one solution

I don't think so. The RB750Gr3 is a nice router, check in the specs what its achievable performance is, but when you are talking about 1Gbps internet and of course you are going to speedtest that, this class of router is simply not going to cut it (with a manageable configuration w.r.t firewall and...
by ivicask
Sun Mar 25, 2018 4:39 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: Feature requests
Replies: 784
Views: 139079

Re: Feature requests

Hello to disable DNS attacking please add listen address on better from use ip firewall filters /ip dns allow-remote-requist=yes /ip dns listen-src-address=192.168.88.0/24,x.xx,y.y.y Regards Cant you already do that via firewall, dont understand what more you need, if you want to block DNS requests...
by ivicask
Tue Mar 06, 2018 12:14 pm
Forum: General
Topic: Cant ping by hostname outside mikrotik via IPIP tunnel
Replies: 0
Views: 103

Cant ping by hostname outside mikrotik via IPIP tunnel

So i created an IPIP tunel between 2 locations, NAT and routes are properly added and i can ping without issue networks form both sides, enter network shares, RDC etc. Problem is i cant access any of them by hostname of server/computer. Mikrotik from its console can ping by name without issues, but ...
by ivicask
Mon Feb 12, 2018 4:38 pm
Forum: RouterBOARD hardware
Topic: CAP ac bad Antenna design?
Replies: 91
Views: 10762

Re: CAP ac bad Antenna design?

The new hAPac^2 and cAPac have two chains, since most devices only have 2 chains and the third chain is rarely used. What about load balancing between chains?What if i have 20 + various devices which have mix of 1 or 2 chains, arent all 3 chains on Mikrotik device used and give better overall throu...
by ivicask
Mon Feb 05, 2018 2:45 pm
Forum: General
Topic: Shorten URL via Mikrotik, possible?
Replies: 1
Views: 197

Shorten URL via Mikrotik, possible?

I wonder if its posibble to shroten URL somehow from mine mikrotik router for one TV in network.I tried using online URL shortners but they are not realible or have link expiration or max opening.And its too complicated for me to enter this long URL who sometimes changes into TV. For xample link loo...
by ivicask
Tue Jan 30, 2018 11:18 am
Forum: Wireless Networking
Topic: Tired of disconnection problem
Replies: 4
Views: 267

Re: Tired of disconnection problem

I have same issue on several locations with different aps.. For example this is my HOME, and the client that says extnesive data loos is a TV who doesnt move inch, and as u can see signal is more than powerful(-48-62), still i get random disconnects for all devices at home, Philips TV, HTC phone, AS...
by ivicask
Tue Jan 16, 2018 3:07 pm
Forum: General
Topic: Block many websites
Replies: 17
Views: 1315

Re: Block many websites

New and exciting way to block things introduced in latest 6.41, block by SSL certificate name with TLS-HOST: /ip firewall filter add action=drop chain=forward protocol=tcp tls-host=*facebook.com What about sites who dont use SSL?Or does sites SSL certificate needs to be named same name as site?How ...
by ivicask
Tue Jan 16, 2018 2:58 pm
Forum: General
Topic: Block many websites
Replies: 17
Views: 1315

Re: Block many websites

That is indeed very simple, but unfortunately it will not work correctly! One IP address can handle multiple websites, so when you block this way you will block other sites as well. Well than in that case you can do DNS block /ip dns static add address=127.0.0.1 regexp=facebook.com etc And in order...
by ivicask
Tue Jan 16, 2018 2:49 pm
Forum: General
Topic: Block many websites
Replies: 17
Views: 1315

Re: Block many websites

Thanks Normis, By ip you mean to block the ip addresses of websites in Firewall->Filter Rules right? I ll try that /ip firewall address-list add address=facebook.com list=blocked_web add address=youtube.com list=blocked_web add address=whatever.com list=blocked_web etc continue the list from your e...
by ivicask
Sat Dec 30, 2017 8:01 pm
Forum: Wireless Networking
Topic: SXTsq 5 ac. WTF? It doesn't work.
Replies: 74
Views: 6334

Re: SXTsq 5 ac. WTF? It doesn't work.

So it's official that
SXT SQ AC cannot function properly under NV2 protocol?
Could You paste what support replyed to You?
IM using them with nv2 and they work fine.
by ivicask
Fri Dec 29, 2017 11:31 am
Forum: Wireless Networking
Topic: SXTsq 5 ac. WTF? It doesn't work.
Replies: 74
Views: 6334

Re: SXTsq 5 ac. WTF? It doesn't work.

Maybe he created loop on network, happend to me once while doing initial configuration of new APs, i connected 2 of APs on same switch and after connecting them together via their wireless which is bridged to lan ports your basically creating loop on switch same as you connected LAN cable bewtween p...
by ivicask
Fri Dec 29, 2017 10:38 am
Forum: Wireless Networking
Topic: SXTsq 5 ac. WTF? It doesn't work.
Replies: 74
Views: 6334

Re: SXTsq 5 ac. WTF? It doesn't work.

-28dB signal is much too much. Get it down to -55 or something. -28dB signal is much too much. Get it down to -55 or something. I've given an example of test in office. Problem doesn't depend of signal strength. Iv read your entire posts and i cant even understand whats your problem. I have just fr...
by ivicask
Mon Oct 23, 2017 5:26 pm
Forum: Wireless Networking
Topic: wAP LTE Kit EU - Slow LTE speed
Replies: 47
Views: 2648

Re: wAP LTE Kit EU - Slow LTE speed

Can you do one test for me?Meassure the speed as normal, than try disabling onboard WIFI and repeat the test again over lan. Do you see any noticeable difference? Dont have unit anymore to test for my self Yes, i would do. But it needs to connect again. Sadly if i do changes on LTE interface (like ...
by ivicask
Mon Oct 23, 2017 3:37 pm
Forum: Wireless Networking
Topic: wAP LTE Kit EU - Slow LTE speed
Replies: 47
Views: 2648

Re: wAP LTE Kit EU - Slow LTE speed

I've compared SXT-LTE and wAP LTE, and seems to me, the SXT-LTE is much faster (if supported band is available). At home, SXT-LTE could do ~80/35mbps almost any time, but wAP LTE only the half (~35/18mbps) on band3, 20MHz. Also, it would be really helpful, if scan would display not only one provide...
by ivicask
Mon Oct 23, 2017 1:43 pm
Forum: Wireless Networking
Topic: wAP LTE Kit EU - Slow LTE speed
Replies: 47
Views: 2648

Re: wAP LTE Kit EU - Slow LTE speed

In future we plan to introduce CAT6 or faster LTE category products but I can't provide any ETA on such products.
Hope it will be soon because i prefer to use Mikrotik always :)

Thanks.
by ivicask
Mon Oct 23, 2017 1:34 pm
Forum: Wireless Networking
Topic: wAP LTE Kit EU - Slow LTE speed
Replies: 47
Views: 2648

Re: wAP LTE Kit EU - Slow LTE speed

what speed you are getting from the wap lte and from the usb modem? What LTE category your USB modem supports? Try to compare which band each unit uses as maybe the wap lte connected to different bands or cell tower. Got similar question here, with ZTE MF286 modem that provider gives on same spot i...
by ivicask
Mon Oct 23, 2017 12:18 pm
Forum: Wireless Networking
Topic: wAP LTE Kit EU - Slow LTE speed
Replies: 47
Views: 2648

Re: wAP LTE Kit EU - Slow LTE speed

what speed you are getting from the wap lte and from the usb modem? What LTE category your USB modem supports? Try to compare which band each unit uses as maybe the wap lte connected to different bands or cell tower. Got similar question here, with ZTE MF286 modem that provider gives on same spot i...
by ivicask
Mon Oct 09, 2017 10:18 am
Forum: Announcements
Topic: v6.41rc [release candidate] is released! New bridge implementation!
Replies: 561
Views: 98896

Re: v6.41rc [release candidate] is released! New bridge implementation!

Hello, after upgrading RBwAPR-2nD & R11e-LTE to version 6.41rc38 , I received a critical error after which the router has been permanently rebooting . if you want a relative version older than that, you need to log in with a static IP address, quickly roll over the main package, and quickly downgra...
by ivicask
Fri Oct 06, 2017 10:41 pm
Forum: General
Topic: WAP LTE Sim not working
Replies: 1
Views: 471

WAP LTE Sim not working

New AP, fresh setup no other settings(Tried factory reset).I cant get SIM to work, i input proper APN and pin but nothing is working, if i press scan under LTE interface i get Modem not configured, what possible im doing wrong?The sim it self its form TELE 2 provider in Croatia and works in another ...
by ivicask
Mon Sep 25, 2017 2:56 pm
Forum: Wireless Networking
Topic: Caps selecting same channel
Replies: 25
Views: 2170

Re: Caps selecting same channel

Now I've replicated this issue at home. Took a brand new hAPac and a new wAPac, ros 6.40.3, copied system identity, capsman, caps, bridge, vlan, switch and IP settings from the customer. They are connected to each other with a 30cm cable, and they select same channel for both radios. I live at at p...
by ivicask
Mon Sep 25, 2017 9:24 am
Forum: General
Topic: Avg rate exceeds Max Limit
Replies: 0
Views: 210

Avg rate exceeds Max Limit

I noticed often internet starts lag badly, even netwatch script i made to ping google servers and play a tone on net down activates as net was down just because of this. Upload is getting choked on DSL modem but i set rate below our maximum DSL upload speed (around 10% less) But see screenshot/s, up...
by ivicask
Fri Sep 22, 2017 9:20 am
Forum: Announcements
Topic: Newsletter 78 with 1GBPS WIRELESS PRODUCT ANNOUNCEMENT!
Replies: 109
Views: 23203

Re: Newsletter 78 with 1GBPS WIRELESS PRODUCT ANNOUNCEMENT!

@normis can RBwAPG-60ad be used in multipoint connections?Or its limited to single AP?
by ivicask
Tue Aug 29, 2017 1:28 pm
Forum: Announcements
Topic: v6.41rc [release candidate] is released! New bridge implementation!
Replies: 561
Views: 98896

Re: v6.41rc [release candidate] is released! New bridge implementation!

So how is this new bridge HW offload supposed to work?I upgraded my WAP AC and than I printed my bridges after upgrade and they all say hw=no, tried creating new bridge, still says no. Also I see there is new option Bridge Fast forward, what does it do?I tried ticking it again i see no differences a...
by ivicask
Sun Aug 13, 2017 12:25 pm
Forum: General
Topic: Cant get 3389 port forward only on single PC
Replies: 11
Views: 873

Re: Cant get 3389 port forward only on single PC

@k6ccc just to report back, all working fine now, it was never problem in Mikrotik, that user had some 3d party terminal server on Windows 7, and that software was in some weird state and only connections from local lan worked.They reinstalled that software and now all works fine. Thanks for help ag...
by ivicask
Mon Aug 07, 2017 1:26 pm
Forum: General
Topic: Cant get 3389 port forward only on single PC
Replies: 11
Views: 873

Re: Cant get 3389 port forward only on single PC

if 2 pc works but only one is not with same settings... 1. anycase try to make src-nat add action=dst-nat chain=dstnat dst-port=4001 in-interface=WAN protocol=tcp to-addresses=192.168.2.205 to-ports=3389 add action=src-nat chain=srcnat dst-address=192.168.2.205 dst-port=3389 protocol=tcp to-address...
by ivicask
Fri Aug 04, 2017 7:12 pm
Forum: General
Topic: Cant get 3389 port forward only on single PC
Replies: 11
Views: 873

Re: Cant get 3389 port forward only on single PC

It goes establishing connection for 1-2 sec, than it pops "internal error" That does not sound like a firewall error to me. A firewall issue would just fail to connect. Stupid question. You are trying to connect to your external address and port 4001 (since that's the port you are forwarding)? You ...