How to protect CCR router from DNS attacker.

vijaykumaryadav4u · May 24, 2018, 12:58pm

I have CCR routerboard since last 2days attackers were able to change DNS settings on Mikrotik router via api interface, so the clients were directed to attacker’s servers, as you can no doubt of guess SSL secured services immediately warned about certificate issue on clients’ browsers. DNS was the only setting that was changed, so we did not have any other issue, changed to DNS servers.

192.200.110.108 > is set as DNS server by the attacker.

mrz · May 24, 2018, 1:02pm

Upgrade ROS to latest version, do not allow access to the router from public networks.

sch · May 24, 2018, 1:02pm

Read this thread: http://forum.mikrotik.com/t/security-attackers-changed-dns-servers/119776/1

pe1chl · May 24, 2018, 1:03pm

Make sure that external attackers have no access to your router.
Do this by setting up a proper ip->firewall->filter input chain.
Only trusted networks should have access to your router.

anav · May 24, 2018, 8:20pm

Why was api service enabled?