routerboard rb211il-rm Potential Security Risk Ahead

RouterOS Beginner Basics
1

routerboard mikrotik rb211il-rm Warning: Potential Security Risk Ahead
totally noob, so dont just kill me
port 1 internet (pppoe)
port 3 lan connected to a switch/hub
port 5 router

everything “work” wifi and lan, but almost every web i get this error ----Warning: Potential Security Risk Ahead----

# jun/07/2022 13:09:22 by RouterOS 6.49.6
# software id = BUR0-LWZW
#
# model = 2011iL
# serial number = 5BEE04C2A83F
/interface bridge
add admin-mac=4C:5E:0C:EC:73:34 auto-mac=no fast-forward=no name=bridge-local
/interface ethernet
set [ find default-name=ether1 ] name=ether1-gateway speed=100Mbps
set [ find default-name=ether2 ] speed=100Mbps
set [ find default-name=ether3 ] speed=100Mbps
set [ find default-name=ether4 ] speed=100Mbps
set [ find default-name=ether5 ] speed=100Mbps
set [ find default-name=ether6 ] advertise=\
    10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full name=\
    ether6-master-local
set [ find default-name=ether7 ] advertise=\
    10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full name=\
    ether7-slave-local
set [ find default-name=ether8 ] advertise=\
    10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full name=\
    ether8-slave-local
set [ find default-name=ether9 ] advertise=\
    10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full name=\
    ether9-slave-local
set [ find default-name=ether10 ] advertise=\
    10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full name=\
    ether10-slave-local
/interface pppoe-client
add add-default-route=yes disabled=no interface=ether1-gateway \
    keepalive-timeout=60 max-mru=1480 max-mtu=1480 name=pppoe-out1 password=\
    deperito use-peer-dns=yes user=ediles
/interface list
add exclude=dynamic name=discover
add name=mactel
add name=mac-winbox
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=aes-128-cbc
/ip pool
add name=dhcp ranges=192.168.88.10-192.168.88.254
/ip dhcp-server
add address-pool=dhcp authoritative=after-2sec-delay disabled=no interface=\
    bridge-local name=default
/ppp profile
set *FFFFFFFE local-address=dhcp remote-address=dhcp
/interface bridge port
add bridge=bridge-local hw=no interface=ether2
add bridge=bridge-local hw=no interface=ether3
add bridge=bridge-local hw=no interface=ether4
add bridge=bridge-local hw=no interface=ether5
add bridge=bridge-local interface=ether6-master-local
add bridge=bridge-local interface=ether7-slave-local
add bridge=bridge-local interface=ether8-slave-local
add bridge=bridge-local interface=ether9-slave-local
add bridge=bridge-local interface=ether10-slave-local
/ip neighbor discovery-settings
set discover-interface-list=discover
/interface list member
add interface=ether2 list=discover
add interface=ether3 list=discover
add interface=ether4 list=discover
add interface=ether5 list=discover
add interface=ether6-master-local list=discover
add interface=ether7-slave-local list=discover
add interface=ether8-slave-local list=discover
add interface=ether9-slave-local list=discover
add interface=ether10-slave-local list=discover
add interface=bridge-local list=discover
add interface=pppoe-out1 list=discover
add interface=ether2 list=mactel
add interface=ether3 list=mactel
add interface=ether2 list=mac-winbox
add interface=ether4 list=mactel
add interface=ether3 list=mac-winbox
add interface=ether5 list=mactel
add interface=ether4 list=mac-winbox
add interface=ether6-master-local list=mactel
add interface=ether5 list=mac-winbox
add interface=ether7-slave-local list=mactel
add interface=ether6-master-local list=mac-winbox
add interface=ether8-slave-local list=mactel
add interface=ether7-slave-local list=mac-winbox
add interface=ether9-slave-local list=mactel
add interface=ether8-slave-local list=mac-winbox
add interface=ether10-slave-local list=mactel
add interface=ether9-slave-local list=mac-winbox
add interface=bridge-local list=mactel
add interface=ether10-slave-local list=mac-winbox
add interface=bridge-local list=mac-winbox
/interface pptp-server server
set enabled=yes
/ip address
add address=192.168.88.1/24 comment="default configuration" interface=ether2 \
    network=192.168.88.0
/ip dhcp-client
add comment="default configuration" interface=ether1-gateway
/ip dhcp-server network
add address=192.168.88.0/24 comment="default configuration" dns-server=\
    192.168.88.1 gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes servers=185.18.55.75
/ip dns static
add address=192.168.88.1 name=router
/ip firewall address-list
add address=0.0.0.0/8 comment="Self-Identification [RFC 3330]" list=Bogons
add address=10.0.0.0/8 comment="Private[RFC 1918] - CLASS A # Check if you nee\
    d this subnet before enable it" list=Bogons
add address=127.0.0.0/8 comment="Loopback [RFC 3330]" list=Bogons
add address=169.254.0.0/16 comment="Link Local [RFC 3330]" list=Bogons
add address=172.16.0.0/12 comment="Private[RFC 1918] - CLASS B # Check if you \
    need this subnet before enable it" list=Bogons
add address=192.0.2.0/24 comment="Reserved - IANA - TestNet1" list=Bogons
add address=192.88.99.0/24 comment="6to4 Relay Anycast [RFC 3068]" list=\
    Bogons
add address=198.18.0.0/15 comment="NIDB Testing" list=Bogons
add address=198.51.100.0/24 comment="Reserved - IANA - TestNet2" list=Bogons
add address=203.0.113.0/24 comment="Reserved - IANA - TestNet3" list=Bogons
add address=224.0.0.0/4 comment=\
    "MC, Class D, IANA # Check if you need this subnet before enable it" \
    list=Bogons
/ip firewall filter
add action=accept chain=input comment="default configuration" protocol=icmp
add action=accept chain=input comment="default configuration" \
    connection-state=established,related
add action=drop chain=input comment="default configuration" in-interface=\
    ether1-gateway
add action=accept chain=forward comment="default configuration" \
    connection-state=established,related
add action=drop chain=forward comment="default configuration" \
    connection-state=invalid
add action=drop chain=forward comment="default configuration" \
    connection-nat-state=!dstnat connection-state=new in-interface=\
    ether1-gateway
add action=accept chain=forward comment="defconf: accept established,related" \
    connection-state=established,related
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=accept chain=input port=69 protocol=udp
add action=accept chain=forward port=69 protocol=udp
add action=drop chain=forward comment="Drop to bogon list" dst-address-list=\
    Bogons
add action=accept chain=input protocol=icmp
add action=accept chain=input connection-state=established
add action=accept chain=input connection-state=related
/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" \
    out-interface=pppoe-out1
/ip firewall service-port
set ftp disabled=yes
/ppp secret
add name=xx password=xx profile=default-encryption service=pptp
/system clock
set time-zone-autodetect=no time-zone-name=America/Argentina/Rio_Gallegos
/system ntp client
set enabled=yes primary-ntp=45.11.105.243 secondary-ntp=162.159.200.1
/system ntp server
set broadcast=yes enabled=yes
/tool mac-server
set allowed-interface-list=mactel
/tool mac-server mac-winbox
set allowed-interface-list=mac-winbox

help please
thanks

2

The problem is in your PC or your ISP blocked your line because you didn’t pay your bill…
The RouterBOARD has nothing to do with it.

3

if i remove the routerboard works perfectly fine
also before reset was working fine too (i have to reset because i dindt have the password for winbox)

4

Reading the configuration, nothing is formally wrong, except suspicious pptp…
Use netinstall, because the obsolete configuration probably that mean than your routerboard is infected from the past…

5

i forgot to mention that if i wait for like a minute or two the website actually loads

6

Wait a minute … I reread this again:

Removed from where?
Where you put/link the routerboard?
What you use when the routerboard is not present?


But if it is reset, why is there something written in it?

7

Removed from where?
Where you put/link the routerboard?
What you use when the routerboard is not present?

i try with an ordinary tplink and works just fine


But if it is reset, why is there something written in it?

have no idea, i only change the connection type to pppoe so i can have internet i do not change anything else
and i know it reset because i was able to config the pppoe

sorry i am a complete noob at this

8

“Warning: Potential Security Risk Ahead”
This is a message you are seeing in your browser right?

This is normally a certificate error. Something is wrong with your config and it is interfering with the https traffic and causing a certificate error.
https://support.mozilla.org/en-US/kb/what-does-your-connection-is-not-secure-mean

look at the certificate and determine the information like the subject name and the issuer.
It is probably coming from your ISP.

another possible reason…

Do you have your Modem/Router from your ISP in Bridge more?

9

Do you have your Modem/Router from your ISP in Bridge more?

total noob please elaborate where do i check that?
Sin título.jpg

10

@optimus0
The modem behind your MT.
2022-06-08_16-36-17.png

11

update it seem to have been solved by blocking the ports 21.22.23 (didn’t know about that)

12

These ports are access ports FTP, SSH, and TELNET. I can not see how they can cause your issue unless your device has been compromised already. and they could use these ports through remote access.

13

Is still valid, why you do not do that?

14

Ok got it ill try using netinstall

15

welldone

16

yes thanks ill report back after using it