Community discussions

Search found 600 matches

  • 1
  • 2
  • 3
  • 4
  • 5
  • 12
by R1CH
Sat Aug 18, 2018 12:13 am
Forum: Wireless Networking
Topic: Open the regular browser after Captive Portal Popup login window
Replies: 3
Views: 129

Re: Open the regular browser after Captive Portal Popup login window

Sure, but those URLs will still only open in the captive portal window.
by R1CH
Fri Aug 17, 2018 5:17 pm
Forum: Wireless Networking
Topic: Open the regular browser after Captive Portal Popup login window
Replies: 3
Views: 129

Re: Open the regular browser after Captive Portal Popup login window

No, you cannot control how the client's OS behaves. Captive portal windows are usually limited in what they can do for the specific purpose of signing in.
by R1CH
Wed Aug 15, 2018 3:40 pm
Forum: General
Topic: Kernel failure using traffic generator
Replies: 1
Views: 83

Re: Kernel failure using traffic generator

The traffic generator is a kernel module coded by Mikrotik. It likely has some bugs, and bugs in the kernel mean a complete crash. I would advise against using it outside of test environments.
by R1CH
Sun Aug 12, 2018 6:17 pm
Forum: General
Topic: TCP congestion Illinos
Replies: 4
Views: 250

Re: TCP congestion Illinos

True, but using such services goes against the goals of speed anyway. OVPN in TCP mode is especially terrible.
by R1CH
Sat Aug 11, 2018 6:41 pm
Forum: General
Topic: TCP congestion Illinos
Replies: 4
Views: 250

Re: TCP congestion Illinos

Router doesn't care about the congestion algorithm, it simply forwards packets. It needs to be configured on the endpoints of the connection.
by R1CH
Sat Aug 11, 2018 2:09 am
Forum: General
Topic: TCP connections from china
Replies: 8
Views: 3042

Re: TCP connections from china

If someone is able to connect to that port, your router is insecure. Make sure to firewall all ports from WAN.
by R1CH
Thu Aug 09, 2018 1:46 pm
Forum: Wireless Networking
Topic: Open url / link from Hotspot login page in a browser
Replies: 1
Views: 67

Re: Open url / link from Hotspot login page in a browser

This is entirely dependent on the client device and not something you can configure.
by R1CH
Thu Aug 09, 2018 1:39 pm
Forum: General
Topic: Security breached devices - Port TCP 4145
Replies: 9
Views: 594

Re: Security breached devices - Port TCP 4145

I think you misunderstand, this isn't about services listening on high ports. Say for example client on the network want to connect to Google DNS, 8.8.8.8 port 53. Their OS has to pick a port on the system to send the query, and to which replies are sent, for example maybe it picks 192.168.88.10 por...
by R1CH
Thu Aug 09, 2018 12:49 pm
Forum: General
Topic: Security breached devices - Port TCP 4145
Replies: 9
Views: 594

Re: Security breached devices - Port TCP 4145

Traffic above the reserved ports (0-1024) can be attributed to ephemeral port use. While most OSes generally use the higher end of available ports, there's nothing stopping them from using 1025-65535 as ephemeral port numbers.
by R1CH
Thu Aug 09, 2018 12:46 pm
Forum: Announcements
Topic: WPA2 preshared key brute force attack
Replies: 16
Views: 3196

Re: WPA2 preshared key brute force attack

How do you get the PMKID from a Mikrotik AP? I have tried the attack on my wAP AC (WPA2-PSK), but the driver didn't implement the necessary fields.
by R1CH
Wed Aug 08, 2018 6:10 pm
Forum: RouterBOARD hardware
Topic: upgrade from RB951G-2HnD
Replies: 3
Views: 207

Re: upgrade from RB951G-2HnD

The IPQ4018 used in new products is much faster than the CPU in RB951G-2HnD.
by R1CH
Wed Aug 08, 2018 1:18 am
Forum: General
Topic: Winbox Vulnerability Changes
Replies: 1
Views: 178

Re: Winbox Vulnerability Changes

The vulnerability allows someone full admin access to the router, so they could change anything and everything. Mikrotik seem to suggest that winbox can even be elevated to shell access, in which case undetectable backdoors could be installed. The safest way to restore a router is export the config,...
by R1CH
Tue Aug 07, 2018 7:11 pm
Forum: Wireless Networking
Topic: PMKID Attack - clientless WPA2/WPA PSK attack
Replies: 6
Views: 811

Re: PMKID Attack - clientless WPA2/WPA PSK attack

I've attempted this attack against a wAP AC and it was unsuccessful. I don't think Mikrotik's wireless driver implements the features that this attack exploits.
by R1CH
Tue Aug 07, 2018 2:24 pm
Forum: General
Topic: Block devices with cloned MAC addresses
Replies: 2
Views: 137

Re: Block devices with cloned MAC addresses

The only decent way is to use EAP / 802.1x for authentication so there are per-client encryption keys.
by R1CH
Tue Aug 07, 2018 2:12 pm
Forum: General
Topic: Warning BotNet Attacks! Noticing These IP's! Suggest blocking them!
Replies: 2
Views: 257

Re: Warning BotNet Attacks! Noticing These IP's! Suggest blocking them!

If the bots are even able to try to log in, this means you are exposing winbox / SSH to the internet, and your router will be compromised when the next exploit is found. Any router that has open ports to the internet is not secure according to Mikrotik.
by R1CH
Tue Aug 07, 2018 2:11 pm
Forum: General
Topic: 100% CPU CCR1072 due DDoS - How to improve?
Replies: 16
Views: 576

Re: 100% CPU CCR1072 due DDoS - How to improve?

close port 80 from outside use. This is not a solution to CPU consumption. Also, if it's a web server you can't do this, it's a useless solution because the attacker can choose any port. It is a solution if you have a listening service on port 80. This is a SYN flood, if you actually have an applic...
by R1CH
Mon Aug 06, 2018 5:48 pm
Forum: General
Topic: HTTPS & Force to login from devices
Replies: 2
Views: 96

Re: HTTPS & Force to login from devices

Allowing *google* and gstatic.com will likely break captive portal detection on client devices.
by R1CH
Mon Aug 06, 2018 5:44 pm
Forum: General
Topic: [Feature request] Wireguard
Replies: 18
Views: 2048

Re: [Feature request] Wireguard

I've been playing around with Wireguard recently and it's so refreshingly simple and fast, it makes setup of a new VPN link so easy. And the fact it uses modern, fast crypto is great - I would love to see this in RouterOS so I can finally ditch ipsec with its huge complexity and outdated crypto. And...
by R1CH
Sun Aug 05, 2018 6:42 pm
Forum: General
Topic: Problem with purchased certificate from Comodo
Replies: 3
Views: 157

Re: Problem with purchased certificate from Comodo

This is indeed a mixed content warning. The connection to the page is secure, but the page requests insecure elements such as scripts which means the integrity of the page cannot be trusted as the insecure scripts could modify it.
by R1CH
Sun Aug 05, 2018 5:08 pm
Forum: Wireless Networking
Topic: PMKID Attack - clientless WPA2/WPA PSK attack
Replies: 6
Views: 811

Re: PMKID Attack - clientless WPA2/WPA PSK attack

This seems like it would only affect 802.1x / EAP setups.
by R1CH
Sun Aug 05, 2018 5:02 pm
Forum: General
Topic: cutting off internet
Replies: 6
Views: 265

Re: cutting off internet

Use firewall time matcher or scheduler.
by R1CH
Sun Aug 05, 2018 2:59 am
Forum: General
Topic: Problems with SSL Godaddy Hotspot
Replies: 7
Views: 456

Re: Problems with SSL Godaddy Hotspot

Everything is working fine. There is nothing more to do.

Phones open the webpage automatically as a convenience, in desktop Chrome you have to click "Connect". You cannot alter how the phones or browsers behave.
by R1CH
Sat Aug 04, 2018 3:27 pm
Forum: Announcements
Topic: Winbox vulnerability: please upgrade
Replies: 108
Views: 11755

Re: Winbox vulnerability: please upgrade

It's disappointing that both the httpd vulnerability and now the winbox vulnerability required mass exploitation before Mikrotik sent an email. Why not send these emails on day 1?
by R1CH
Thu Aug 02, 2018 12:56 pm
Forum: Announcements
Topic: Security announcement blog
Replies: 60
Views: 6558

Re: Security announcement blog

...ignored upgrading because they thought their router wasn't classified as "unsecured"... Any port open to public networks is unsecure! The point is if port is closed by firewall or by disabling service then it is considered secure. So services like OpenVPN and IPsec in Mikrotik are "unsecure" as ...
by R1CH
Wed Aug 01, 2018 8:11 pm
Forum: General
Topic: Unexpected start message
Replies: 6
Views: 250

Re: Unexpected start message

How would malware get access to run arbitrary cp commands? This looks more like a bug in RouterOS, unless there is a new exploit available to elevate winbox to shell access (which is rumored to be possible).
by R1CH
Wed Aug 01, 2018 5:03 pm
Forum: Announcements
Topic: Security announcement blog
Replies: 60
Views: 6558

Re: Security announcement blog

!) winbox - fixed vulnerability that allowed to gain access to an unsecured router; ... Another example that shows how important is to read changelog. That is why we have tried to upgrade it a little bit after few last releases in order to highlight major fixes and improvements. I would actually us...
by R1CH
Wed Aug 01, 2018 2:54 pm
Forum: Announcements
Topic: Security announcement blog
Replies: 60
Views: 6558

Re: Security announcement blog

I also never received an email about the winbox exploit. Mikrotik claims to have sent it, does anyone actually have a copy of it?
by R1CH
Mon Jul 30, 2018 1:59 pm
Forum: General
Topic: SSL Certificate Issue
Replies: 1
Views: 113

Re: SSL Certificate Issue

Do you have hotspot enabled on any of the routers? Looks like something is intercepting your connections, or your routers are compromised and your DNS has been modified.
by R1CH
Mon Jul 30, 2018 1:57 pm
Forum: General
Topic: Mikrotik + Squid Proxy server to log HTTPS traffic
Replies: 2
Views: 163

Re: Mikrotik + Squid Proxy server to log HTTPS traffic

You cannot log HTTPS traffic. Only CONNECT is a supported Squid proxy method, meaning Squid operates in a simple TCP passthrough mode. The most you can get is the hostname that clients are connecting to, and they must be explicitly configured to use the proxy - transparent proxying does not work for...
by R1CH
Fri Jul 27, 2018 6:33 pm
Forum: General
Topic: 185.153.198.228 Has been BUSY
Replies: 9
Views: 578

Re: 185.153.198.228 Has been BUSY

Exposing your winbox port is asking to be compromised when the next exploit is found. Best to firewall it.
by R1CH
Fri Jul 27, 2018 6:32 pm
Forum: General
Topic: chr support fast path?
Replies: 6
Views: 277

Re: chr support fast path?

The presentation says the VMXNET3 NIC supports fastpath. Are you using that?
by R1CH
Fri Jul 27, 2018 6:29 pm
Forum: General
Topic: How to optimize VPN tunnel over high latency link?
Replies: 3
Views: 144

Re: How to optimize VPN tunnel over high latency link?

If using TCP you probably need to tune the send / receive windows. A single TCP connection has a hard time reaching maximum bandwidth over high speed links. You can experiment with these settings: https://fasterdata.es.net/host-tuning/ms-windows/ RouterOS also has a single TCP connection bandwidth l...
by R1CH
Fri Jul 27, 2018 4:56 pm
Forum: Wireless Networking
Topic: Removing Mikrotik elements from beacons
Replies: 5
Views: 411

Re: Removing Mikrotik elements from beacons

Bump.. still annoyed by the fact that anyone can see the version numbers.
by R1CH
Fri Jul 27, 2018 4:54 pm
Forum: Wireless Networking
Topic: What are the different flags when doing a scanner
Replies: 1
Views: 130

Re: What are the different flags when doing a scanner

A = active, recently appeared in a scan. If this is missing, means AP is no longer in range or has weak signal P = privacy, network is secured by some method R = RouterOS network B = bridged RouterOS network Unfortunately there's no way to stop advertising as a RouterOS network, this also gives away...
by R1CH
Fri Jul 27, 2018 3:00 pm
Forum: General
Topic: How to optimize VPN tunnel over high latency link?
Replies: 3
Views: 144

Re: How to optimize VPN tunnel over high latency link?

What kind of file copy? If you're trying to do Windows file sharing, it has terrible performance at higher latencies. There's no real workaround, the protocol is just not meant for WAN use. Make sure both sides are set up for SMB3 if possible as this does provide some small improvement.
by R1CH
Thu Jul 26, 2018 1:21 pm
Forum: Announcements
Topic: Security announcement blog
Replies: 60
Views: 6558

Re: Security announcement blog

Is there a way to sign up for email announcements of new articles too?
by R1CH
Wed Jul 25, 2018 7:26 pm
Forum: General
Topic: Mikrotik Routers Compromised......please READ [SOLVED]
Replies: 8
Views: 527

Re: Mikrotik Routers Compromised......please READ [SOLVED]

If you weren't running latest RouterOS you will have been compromised by various exploits, safest way forward is netinstall (and change all passwords).
by R1CH
Wed Jul 25, 2018 7:25 pm
Forum: General
Topic: Blocking facebook
Replies: 10
Views: 6000

Re: Blocking facebook

That doesn't really work when browsers like Firefox will soon be defaulting to DNS over HTTPS.
by R1CH
Mon Jul 23, 2018 4:31 pm
Forum: General
Topic: Block extensions downloads on HTTPS sites
Replies: 10
Views: 307

Re: Block extensions downloads on HTTPS sites

Not possible unless you own all the client devices and install MITM root certs.
by R1CH
Tue Jul 17, 2018 4:18 pm
Forum: RouterBOARD hardware
Topic: RB850Gx2 vs RB450Gx4
Replies: 49
Views: 4064

Re: RB850Gx2 vs RB450Gx4

Anyone tried getting OpenWRT running on one of these yet? Looks like a great board for non-ROS systems.
by R1CH
Mon Jul 16, 2018 2:26 pm
Forum: General
Topic: Problems with SSL Godaddy Hotspot
Replies: 7
Views: 456

Re: Problems with SSL Godaddy Hotspot

Your screenshot is showing everything working perfectly - the browser has detected the hotspot and all you have to do is click "Connect".
by R1CH
Fri Jul 13, 2018 7:37 pm
Forum: General
Topic: Router wireless speed deteriirated
Replies: 1
Views: 102

Re: Router wireless speed deteriirated

Are you sure your router isn't hacked and all the bandwidth being used by attackers? 6.39 is vulnerable to many exploits, if you have any ports exposed it's likely hacked. You should netinstall to 6.42.6 to remove any malware. If you're sure it isn't compromised, try changing channels on the wifi. M...
by R1CH
Fri Jul 13, 2018 2:38 pm
Forum: RouterBOARD hardware
Topic: CRS317 keeps calling "home" (MikroTik cloud) [SOLVED]
Replies: 1
Views: 252

Re: CRS317 keeps calling "home" (MikroTik cloud) [SOLVED]

You also need to disable timezone auto detection.
by R1CH
Fri Jul 13, 2018 2:37 pm
Forum: General
Topic: .npk files auto deleted
Replies: 14
Views: 682

Re: .npk files auto deleted

This definitely sounds like malware that is preventing you from patching the router to a secure version. Safest way forward is to fornat / netinstall.
by R1CH
Mon Jul 09, 2018 7:56 pm
Forum: Announcements
Topic: Winbox v3.16 released!
Replies: 63
Views: 7079

Re: Winbox v3.16 released!

Winbox self-update is still vulnerable to MITM to execute arbitrary code. (ref: ticket 2018052822004611)
by R1CH
Mon Jul 09, 2018 7:34 pm
Forum: RouterBOARD hardware
Topic: CAP ac bad Antenna design?
Replies: 95
Views: 13003

Re: CAP ac bad Antenna design?

There is no Wave2 support in RouterOS. Maybe in RouterOS v7 when the drivers / kernel are updated.
by R1CH
Sun Jul 08, 2018 1:23 am
Forum: Wireless Networking
Topic: Backup 5GHz link for LHG 60
Replies: 1
Views: 215

Backup 5GHz link for LHG 60

Since rain or other obstacles can cause the 60 GHz link to drop completely, I'm investigating whether to run a 5 GHz link also for redundancy. Failure should be ideally detected within a second and traffic transparently routed to the 5 GHz link until the 60 GHz link is back online. Both sides of the...
by R1CH
Sat Jul 07, 2018 2:42 pm
Forum: General
Topic: DNSSEC
Replies: 26
Views: 6488

Re: DNSSEC

Using an external resolver also fixes latency issues caused by high CPU, routed packets through the kernel still proceed but user mode DNS server is starved, leading to slow DNS response. I also couldn't find a way to do DNS rebinding protection with Mikrotik which was the main reason I switched away.
  • 1
  • 2
  • 3
  • 4
  • 5
  • 12