Community discussions

 
User avatar
vader7071
newbie
Topic Author
Posts: 32
Joined: Tue Jan 07, 2014 9:44 pm

Issue connecting to RB951 via Winbox - MAC works, IP does not

Tue Nov 05, 2019 2:04 am

I am not sure what information to include in my original post. I have an RB951 that is running OS 6.45.7. I am using Winbox v3.20

I have searched the forum and searched on Google and have not found a solution yet.

I am on the same network as the 951 (my laptop is using the WiFi on the 951). When I try to connect to the 951 using Winbox via the IP address, I get the error message:
ERROR: could not connect to 192.168.15.1
If I try to connect to the 951 using Winbox via the wireless MAC address, I can get in no problem.

I can also connect to the 951 via the https interface (using Chrome and going to address 192.168.15.1). This works.

So I know my IP address is correct (proven by using Chrome and logging in that way), and I know Winbox can connect (using the MAC address and logging in that way). I just do not know why I cannot connect using Winbox and the IP address.

Additional information, I have performed these same tests using the Mikrotik App for Android. Same results.

Thank you in advance for your help.
--
And now I shall close on the subject by quoting Ronald Reagan - who, shortly after taking a bullet, was heard to quip "Ow! Ow! Ow!"
 
mkx
Forum Guru
Forum Guru
Posts: 3177
Joined: Thu Mar 03, 2016 10:23 pm

Re: Issue connecting to RB951 via Winbox - MAC works, IP does not

Tue Nov 05, 2019 9:25 am

What does /ip service print show?
BR,
Metod
 
User avatar
vader7071
newbie
Topic Author
Posts: 32
Joined: Tue Jan 07, 2014 9:44 pm

Re: Issue connecting to RB951 via Winbox - MAC works, IP does not

Thu Nov 07, 2019 2:24 am

I apologize for the delay. I was able to locate the issue.

In trying to work on some firewall rules for my son, I had done an export of the configuration of the router, When I was going through the txt file, I came across this section:
/ip service
set telnet disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
set winbox address=x.x.x.x/y port=8291
set api-ssl disabled=yes
However I found the line "set winbox" read as "set winbox disabled=yes". The more I dug, the more I found, and I think my setting may have been hacked. I re-enabled winbox and went in and undid what I found (socks had been turned on, and I had found a new user added, among other things). Luckily, I keep periodical backups of my router settings, so I was able to quickly fix the openings the hacker has done and worked to attempt to seal the router back. I also went and made sure my OS and firmware were up to date (OS was, but my firmware was a little behind).

Live and learn.
--
And now I shall close on the subject by quoting Ronald Reagan - who, shortly after taking a bullet, was heard to quip "Ow! Ow! Ow!"
 
mkx
Forum Guru
Forum Guru
Posts: 3177
Joined: Thu Mar 03, 2016 10:23 pm

Re: Issue connecting to RB951 via Winbox - MAC works, IP does not

Thu Nov 07, 2019 1:24 pm

There have been reports when ROS devices hacked have had installed some malware not exposed in any configuration (GUI, export, ...). So when it's prooven that device was hacked, the most safe course of action would be:
  • find last known good configuration (mind: not backup). If there isn't one, create export, but sanitize it
  • netinstall router. In the process everything gets deleted and this is the only way to clean all known (and most of unknown :wink:) malware from ROS device
  • import exported configuration

While doing the last step it might be good to actually re-do the config from scratch (and only use exported config as a reminder). People tend to learn some lessons, hence a completely new config might actually be better than the old one. In addition to that, default settings evolve with time and could be that wanted config is only slightly changed contemporary default while it used to be a complete different story a few ROS versions back.
BR,
Metod
 
anav
Forum Guru
Forum Guru
Posts: 3100
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada

Re: Issue connecting to RB951 via Winbox - MAC works, IP does not

Thu Nov 07, 2019 8:47 pm

mkx is bang on. Reinstalling settings is pointless.
Clean install of downloaded software from MT using netinstall is the only safe way to proceed.
By all means then manually copy your known rules into the settings.

While you are at it, suggest changing default winbox port to something else
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)

Who is online

Users browsing this forum: Majestic-12 [Bot] and 35 guests