Hello,
I think I’ve been attacked, and have changed the password of a SXT. How can I access without reset it? I need the logs to the police.
Jtag ?
How ?
You can not. Full reset or reinstall is the only way.
If you really have been hacked (not very likely), make sure in future you do these things:
- make new user with group “full”
- log in with new user.
- delete “admin” user
- make sure public interface has no access (firewall!)
The attack was almost certainly made by one of my former employee. I absolutely have to avoid reset it!
RouterOS is very secure. There is ZERO possibility to avoid reset.
Too late now, but for other routers, send your logs to a syslog server. That way, you can give them to the police even if an employee changes the admin password (provided he doesn’t change anything else, of course). Good luck!!
Send from my mobile via Tapatalk. Sorry for the errors and briefness.
Can i use sms via usb to create backup before reset ?
Even if you do a backup, you still dont have the password. What good would it do? Maybe ask the former employee for help??? Bad for ego, but better for business.
Send from my mobile via Tapatalk. Sorry for the errors and briefness.
Thanks to everyone for the tips that I will follow the next time but now to me would need a solution to what I wrote.
hi guys,
i have a similar situation. we have physical access to the router, but no admin pass. it is very important to keep the logs. would reset delete the logs? is there any way to get them before reset?
As was already written above, it is not possible to do that.
Also note there probably are no logs. Default configuration does not store the logs, only keeps the last 100 log items in memory.
They are lost when 100 more events have occurred or when the unit has been powercycled or otherwise rebooted.
Reset it to defaults, and for the next time configure an external log server.