Hello, Mikrotik Team!
Does RouterOs have any backdors for NSA?
Thanks.
Mikrotik is not in USA.
Maybe not NSA but what about FSB 
Maybe the Tilera CPU has some Backdoors? No one knows. Your Bandwith gets also mirrored on the IX Points, dont worry.
Yeah, it probably has integrated 40G wireless connection going directly to the NSA, so it can mirror each and every bit.
A backdoor isn’t of much use if you don’t get close enough to pull the handle.
There’s always packet sniffers like Wireshark one can use to confirm or deny the existence of any traffic sent over any interface for whatever reason.
RouterOS doesn’t have any backdoors that anyone would know of. If there are, they certainly don’t advertise themselves in any way for packet sniffers to detect them*. Thus, even if there are such backdoors, the NSA wouldn’t know in advance** - they’d have to probe the router, at which point, that’s not really a “backdoor” per se - it’s a “hacker attack attempt”, and MikroTik have a good track record of mitigating those.
@soretuor
If you seriously suspect MikroTik having done this… do you honestly believe that they’d also openly admit to it? Or would you take their “No” as even further confirmation?
- Well… except for the MNDP UDP packets, but those merely announce “Hey, I’m a MikroTik router, version X”, not “Hey, read my data over port X with this special sequence the router admin doesn’t know about”.
** Unless MikroTik have explicitly told them something we haven’t been told, and then using the MNDP packets, they end up exploiting THAT. You can always disable MNDP and change all management ports to something non-default if you’re too paranoid. At that point, NSA wouldn’t know it’s dealing with a MikroTik router.
in coming days there is MUM going to happen in USA, you can ask this question there.
Gee… that sounds ominous 
.
Like “You can ask this question there… and then the undercover NSA agents in the room label you ‘traitor’ and put you away for life, or worse…”.
LOL. As End User you cant Trust any Manufactor of Network Stuff or something else, look at the HP Storage “Support” User.
And the next Fact is, if you’re getting a Letter of an Secret Court, you’re not allowed to talk about this. We live in a
good Democracy! Hell Yeah, Thanks Obama. Not.
I understand that if there is some backdoor, the official Mikrotik team will not reveal it to us:) I’m just kidding.
Also keep in mind, that nsa has their people in many IT companies. So..
Ah by the way, “Forum Gurus” are so gurus =)
At the end of the day, if your are not doing anything illegal you have nothing to worry about.
For which intelligence agency are you working for?
Yes, you are right about that. Nothing bad ever happens to good people. By the way, if you lock the doors to your house and your car, you are obviously a criminal and have something to hide.
+1… Also, do you realize how many laws there are in the US… I’m certain you have broken one or two. Watch this video:
I know this is an old thread but I just came across this while searching for security information.
https://www.youtube.com/watch?v=vbdyG0l_b3M&feature=youtu.be&t=2209
So there does appears to be a backdoor in Mikrotik. Unfortunately no details were given other than a confirmation.
It says: That guy used to work for an ISP, so he knew that there was a backdoor in their router. That could mean that he knew about a user account in the router from when he worked there. It doesn’t make sense that he hacked his own ISP (where he used to work) though?
Am I misinterpreting it?
I wasn’t sure by the speaker’s statement where “TheFixer” used to work for the ISP or for Mikrotik. It’s kind of unclear.
Here is the transcript from the Def Con https://media.defcon.org/DEF%20CON%2022/DEF%20CON%2022%20audio/DEF%20CON%2022%20Hacking%20Conference%20Presentation%20By%20Blake%20Self%20&%20Shawn%20(cisc0ninja)%20Burrell%20-%20Don’t%20DDoS%20Me%20Bro%20-%20Practical%20DDoS%20Defense.txt
Here is the relevant passage.
“So I don’t have much time for questions but I want time for questions. So, a little bit of story time. So VB is the first guy to do this took the site down for like 5 minutes. This was before we had anything in place. He actually did it from his IP that his user account was from so we were able to do positive attribution. So this guy hacker on the forum a reformed criminal but the fixer got the IP we posted on the forums and turned out that VB’s ISP was mikrotik routers, that’s who the fixer used to work for, he knew there was a back door in the router so he got into the guy’s ISP, turned on remote pcap and basically lols ensued.”
Backdoor? No. 0-day exploit? maybe…
Just like Cisco’s 0-days that the NSA had, which are now being patched after the leak.
In any case in Europe, EVERY ISP !!! needs to have a “backdoor” (in real life: physical fibre) to the security agencies (whatever country has which one)…
And this not only applies to ISP’s, also to telecom providers (mobile, and fixed).
So why would they bother the Mikrotik router, if the “agency” already can type in the name / address of the person in interest, and monitor everything what goes there (Layer 7)…
I think this kind of arrangement exists also in the USA.
In any case in Europe, EVERY ISP !!! needs to have a “backdoor”
really? 
which european union country are you from?
Maybe not NSA but what about FSB
That’s insulting. FSB is in Russia. MikroTik is from Latvia.
This is obvious internet news paranoia.
There is a requirement for ISPs to keep IP, user and connection associations logs for some time, but it does not include content.
And it has to be made available to law enforcement if requested by court order, if there is a suspicion of criminal activity for that user.
Of course, actual tracking can be requested from the ISP by court order if a specific user is under investigation.
But it is not a “default setup”. Can you imagine the resources and logistics behind such an approach?