in reference to this article https://uk.pcmag.com/security/154613/cloudflare-fights-off-record-breaking-38tbps-ddos-attack is there any way to check if your mikrotik router has been hacked? i know its possible for asus as ssh access is very useful but i never use asus as my main router only wifi.
I know people use mikrotiks a lot in datacenters and small exchanges that are exposed to the internet and with ipv6 its the same deal as well. I’ve not had the time to revise the default firewall either as im trying to figure out more secure ways to firewall as well and test ipv6 routing security too.
So how would one go about to check if their mikrotik device has been hijacked or hacked? Even with ssh access mikrotiks dont come with regular linux utilities to check running processes and various system files.
The article does not go into much detail, but they are referring to the same devices that were compromised up until the year 2018, and have not been patched. If you are running RouterOS v7, your device should be safe, but to be 100% sure, you can inspect your configuration for any unknown rules or scripts you don’t recognize.
The company’s investigation traced the campaign to a hacker-controlled botnet made up of hijacked internet devices, including Asus and MikroTik routers, DVRs, and web servers.
It doesn’t say Mikrotik (nor Asus) is one of the MAIN culprits. It doesn’t say either what ROS version those devices are running (could be the issue is already rectified).
EDIT: I see Normis already answered to the vulnerability part.
it was a hot discussion in my country as the networking community here likes mikrotik. It may not have been the main culprit but since it is mentioned it means it has a significant contribution. Thats why my main worry is how to figure out if your device is compromised other than checking visible configs and logs. most of the mikrotik devices i know are barely checked for this. Is there any sort of scan that can be run? in comparison with asus you can run scripts and check.
The only guarantee is that you are the one responsible for the admin of the router and thus do things properly.
If not the admin, there is no way of knowing. I hope that makes you feel better.
Its the same with any router.