Community discussions

Search found 15 matches

by lamclennan
Mon Apr 23, 2018 1:25 pm
Forum: Announcements
Topic: Advisory: Vulnerability exploiting the Winbox port [SOLVED]
Replies: 204
Views: 78903

Re: Advisory: Vulnerability exploiting the Winbox port

I use firewall rules which will kick an IP address if login fails after three attempts. Will this method be sufficient to be protected from this vulnerability?
Does not appear so looking at the other posts. One failed attempt was in the logs...
by lamclennan
Sun Apr 09, 2017 8:26 pm
Forum: General
Topic: RB1100AUx2 Bridging Issue
Replies: 0
Views: 172

RB1100AUx2 Bridging Issue

I'm trying to bridge a QinQ vlan to another VLAN on a different port. It looks to work and the likes of dhcp traffic passes. However, that is all that seems to make it across. It feels like a MTU issue bit if I give the QinQ VLAN and IP locally it can take a ping of size=1500 and do-not-fragment set...
by lamclennan
Wed Sep 28, 2016 6:18 am
Forum: RouterOS v6 RC and v7 BETA
Topic: Ability to set ND and DHCP options with IPv6
Replies: 2
Views: 638

Ability to set ND and DHCP options with IPv6

Ideally, it would be nice to be able to specify the DNS servers in DHCPv6 options as Windows does not support ND RDNSS. Also with IPv6 ND, I would like to be able to manually configure the DNS servers to advertise. For example as it stands it will not use the RouterOS cache only the servers it cache...
by lamclennan
Mon Sep 26, 2016 7:10 am
Forum: RouterBOARD hardware
Topic: SXT SA5 ac as client access point?
Replies: 4
Views: 1787

Re: SXT SA5 ac as client access point?

Just to revive this for anyone else who comes across it. I've set-up a SXT SA5 as a client AP and it is working well. 5Ghz n and ac clients are working fine. Currently the furthermost line of sight is about 120m. However, it's penetrating 10 meters into apartments 50m away. Maybe another 20m as you ...
by lamclennan
Fri Sep 23, 2016 9:00 am
Forum: Beginner Basics
Topic: L7 Rule For DNS
Replies: 11
Views: 1693

Re: L7 Rule For DNS

It's all good. I've just reverted to native IPv6 only.

IPv6 there is a fair amount missing around IPv6. However, some stuff only I would want. Other environments would have other dedicated hardware for such things.
by lamclennan
Thu Sep 22, 2016 2:55 pm
Forum: Beginner Basics
Topic: L7 Rule For DNS
Replies: 11
Views: 1693

Re: L7 Rule For DNS

There is no L7 matcher for IPv6.
by lamclennan
Thu Sep 22, 2016 2:49 pm
Forum: RouterBOARD hardware
Topic: Confirm this is a spelling mistake please
Replies: 1
Views: 407

Confirm this is a spelling mistake please

http://i.mt.lv/routerboard/files/SXT-G-5HPnD-SA-qg.pdf

It says 16dBi but the spec sheet says 13dBi.

Currently I have regulatory-domain setup for 16 as I just read it straight from the quick guide in the box. However, if it's definitely 13 I'll change it.

Thanks.
by lamclennan
Wed Sep 14, 2016 9:14 am
Forum: Beginner Basics
Topic: L7 Rule For DNS
Replies: 11
Views: 1693

Re: L7 Rule For DNS

Taking on your approach. /ip dns set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4 /ip firewall layer7-protocol add name="no AAAA answer" regexp="^.\?.\?\\x81\\x80\\x01\\x01.\?.\?([\\x01-\\\?][a-z0-9\\-_]+)+\\x1c\\x01\\xc0.\\x06" /ip firewall filter add action=add-dst-to-address-list address-lis...
by lamclennan
Wed Sep 14, 2016 1:40 am
Forum: Beginner Basics
Topic: L7 Rule For DNS
Replies: 11
Views: 1693

Re: L7 Rule For DNS

Thanks. I've just been testing and that regexp works well. Unfortunately the DNS server just moves to the next one and never returns. My current thinking on how to overcome this is add an address-list every time there is dns traffic from the secondary server and then trigger a script to set the dns ...
by lamclennan
Tue Sep 13, 2016 8:43 am
Forum: Beginner Basics
Topic: L7 Rule For DNS
Replies: 11
Views: 1693

Re: L7 Rule For DNS

Waiting on my device to show up. Ordered online from a store that said in stock but it wasn't. Been waiting for weeks. Very annoying. I think this regexp will catch it. It's a bit hard given the NULLs are stripped. Maybe someone can cast their eye over it. add comment="DNS No AAAA Records" name=dnsa...
by lamclennan
Tue Sep 13, 2016 3:48 am
Forum: Beginner Basics
Topic: L7 Rule For DNS
Replies: 11
Views: 1693

Re: L7 Rule For DNS

You're right. It occurred to me while trying to sleep last night that I couldn't simply retry or forward the request again. Would it be possible to drop replies for the resolver where there are no AAAA entries so it will try the next resolver configured? I'm not familiar with what that might do othe...
by lamclennan
Mon Sep 12, 2016 8:24 am
Forum: Beginner Basics
Topic: L7 Rule For DNS
Replies: 11
Views: 1693

L7 Rule For DNS

Can someone help me with how I might do this. I have access to a DNS64 server (and gateway but the setup is out of my control). However, it is far from local (opposite side of the world). So ideally in my IPv6 only set-up I'd like normal AAAA DNS requests to land on the local DNS server so IPv6 enab...
by lamclennan
Fri Aug 19, 2016 9:13 am
Forum: RouterOS v6 RC and v7 BETA
Topic: IPv6 and NAT - how I changed my mind
Replies: 18
Views: 5420

Re: IPv6 and NAT - how I changed my mind

The sad thing is (from IPv6 fan's perspective), they're right, there isn't an answer that would convince them. Because there is that market who cannot afford the IPv4 space and as others adopt IPv6 the opportunity of an interconnected world creates new opportunity that may well force them to change...
by lamclennan
Wed Aug 17, 2016 9:14 am
Forum: RouterOS v6 RC and v7 BETA
Topic: IPv6 and NAT - how I changed my mind
Replies: 18
Views: 5420

Re: IPv6 and NAT - how I changed my mind

I'm running my mobile single stack IPv6 and it is using 464XLAT and it's fine. I feel that NAT64 (and DNS64) are almost must haves in 2016. I don't quite understand how CLAT in a gateway is any better than NAT behind a CGNAT. The clients are both still behind double NAT, however, I would want this f...