Community discussions

 
MilanS
just joined
Topic Author
Posts: 14
Joined: Mon Jul 06, 2015 9:58 pm

Is it possible for ISP to access my MikroTik?

Mon Oct 26, 2015 11:47 pm

Hello there,

it will be some way complicated for me to describe my question (partly because it is unknown for me and partly because my english is not good for such a technical description), but I will try it. Feel free to ask me for additional information. Thanks.

So, I have RouterBoard RB951G-2HnD. Yesterday morning I found my 2 cell phones are disconnected from home WiFi provided by MikroTik. I tried to connect and it opened a browser inside the phone and showed web page from my Internet Service Provided (ISP) with description like "There is a problem with internet connection ... bla ... bla.".

I turned on my desktop PC (on LAN cable), ran winbox (where I usually run ping and traceroute to find where is the problem) and it wrote my password is wrong. I tried again, wrong. I have same password for several months, I wrote it really carefully third time, still wrong. I was little upset.

After several minutes I tried winbox again and I logged without any problem (and with my current password). I checked again the web page from my provided and found there hyperlink to some company, which provides tools to manage networks remotely, manage fees for internet connestion, settings and so on. And I found some description on the web page of this company, what there software/tools can do, which I try to translate:
Generation of settings for MikroTik devices
Backups of settings for MikroTik devices
Possibility to load any commands (scripts) into all MikroTik devices
To be honest, this made me scared. Maybe it's because I don't understand it, but how it sounds to me:
  • somebody can change settings of my MikroTik, replace it
  • somebody can backup settings of my MikroTik and access my WiFi passwords, MAC addresses, and so on this way
  • somebody can load any commands into my MikroTik and, because scripting is strong feature in MikroTik, do anything about my network and traffic then
So, is it necessary for me to be scared, because ISP can really manipulate with my MikroTik and eventually access sensitive or private data (there is only 1 user account for my MikroTik and it is my admin access)?

Can I defend myself some way?

Or is it a feature and it is solved in MikroTik, so my settings are fully isolated from ISP interferences into my router?

Or was it everything only coincidence (although the web page of the company providing tools for managing networks says something else)?

I will be really glad for any hint. Thanks.
Milan

RouterBoard RB951G-2HnD
 
lenart
Frequent Visitor
Frequent Visitor
Posts: 58
Joined: Sat Jun 28, 2014 10:56 am

Re: Is it possible for ISP to access my MikroTik?

Tue Oct 27, 2015 12:12 am

Based on the information you provided, it's hard to judge if somebody gained access to your router. The fact that your password did not work for a short time is worrying but it seems that you were eventually able to login using your password. This suggests that whatever was going on has resolved itself.

With regards to your questions:
Your ISP is technically able to detect which router you are using. This does not mean they are able to access your router. To access your router without your authorization, they would have had to hack it, something that is illegal in most countries. I would find it unlikely that your ISP would do that to be honest.

If you want to defend yourself against that, make sure you have the latest software, make sure you have a strong password and make sure you have proper firewall rules (I think the default firewall rules from Mikrotik should be enough).

With regards to the webpage you were directed to, it could be that your ISP has some automated system that was triggered. This could have resulted in you seeing the webpage you saw. It might be that your ISP wanted to be helpful by providing you with links to someone who could help you with any Mikrotik configuration issues. As I have no knowledge of the setup of your ISP, I have no clue as to why this happened.
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 24206
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: Is it possible for ISP to access my MikroTik?

Tue Oct 27, 2015 11:26 am

the default configuration of the RB951 has a firewall on the public (ISP) interface, so nobody can connect to your router from the ISP side, only from your LAN home network
No answer to your question? How to write posts
 
MilanS
just joined
Topic Author
Posts: 14
Joined: Mon Jul 06, 2015 9:58 pm

Re: Is it possible for ISP to access my MikroTik?

Wed Oct 28, 2015 2:07 am

Thank you for your replies. It seems it will be better to reset my settings (I have last version of software) and define everything from zero, right? Is there any possibility there is something loaded in the router by ISP and it will not be erased by the reset?

Now I'm going to find some guide how to make reset well and how to set everything step by step in right order :shock: .
Milan

RouterBoard RB951G-2HnD
 
sam1275
Member Candidate
Member Candidate
Posts: 110
Joined: Thu May 21, 2015 2:46 pm

Re: Is it possible for ISP to access my MikroTik?

Wed Oct 28, 2015 10:05 pm

Hello.

1. You can look at the log to see if there really anyone got into your router.
2. If yes, you can also check history to see what he did to your router, it will be easier than check the log.
---If yes
3. Restore settings if you have backup.
4. Reset to default if you're really hacked, and don't have a backup.---You can export current settings before this, then exam the script yourself, discard all suspicious lines, then import them after reset.
5. Set up firewall to block bad connections---look at wiki.

---If you don't need remote management:
6. Set "allow address" in user manager to "your subnet/24"
7. Disable unused services, I leave only PPTP open or I cannot use VPN passthrough.
8. Disable unused port in firewall settings.

Sam
 
scampbell
Trainer
Trainer
Posts: 457
Joined: Thu Jun 22, 2006 5:20 am
Location: Wellington, NZ
Contact:

Is it possible for ISP to access my MikroTik?

Mon Nov 02, 2015 10:19 am

the default configuration of the RB951 has a firewall on the public (ISP) interface, so nobody can connect to your router from the ISP side, only from your LAN home network
I agree but if you need a pppoe interface the default rules need to be changed to reflect this new wan interface.

We are seeing a lot of customers forgetting to do this and getting DNS attacks and doing GB's of traffic.

I see this has now been added to quickset which is good :-)
 
User avatar
hgonzale
Member Candidate
Member Candidate
Posts: 267
Joined: Thu Nov 06, 2014 1:12 pm
Location: Fuengirola, Spain
Contact:

Re: Is it possible for ISP to access my MikroTik?

Wed Nov 04, 2015 10:34 pm

I am thinking other way....

do you know what is the HACK tech to create an access point with the same SSID and a open network and send some packets your your router to diconnect all devices?, then your cell phone/computer connect automatically to the other network because it has the same SSID and is open....

I used it sometimes with the WIFISLAX, I dont remember the name....

Then, in the fake AP (open with the same name) you create a Web page like your ISP (the CD do it automatically with some ISP) and ask for the password...

When you put your password, the fake AP try to connect to your WORKING fine network, and if it got access, the fake AP is down, the "hacker" know YOUR password now and ifOFF, then, your cell phone/computer reconnect correctly to your real AP and your neighbor has access to your network.
 
jaytcsd
Member Candidate
Member Candidate
Posts: 288
Joined: Wed Dec 29, 2004 9:50 am
Location: Pittsboro IN
Contact:

Re: Is it possible for ISP to access my MikroTik?

Sat Nov 07, 2015 5:22 am

[quote]Your ISP is technically able to detect which router you are using. [/quote]

How?
I turn off all services except winbox and that is not the default port.

I guess someone could use winbox and try every port if they suspect Mikrotik. A routerboard will show up by the MAC address but running Mikrotik on a PC should be stealthy, or am I missing something?
 
jarda
Forum Guru
Forum Guru
Posts: 7602
Joined: Mon Oct 22, 2012 4:46 pm

Sat Nov 07, 2015 10:43 pm

Even mac address can be changed freely on mikrotik devices.

Who is online

Users browsing this forum: MSN [Bot] and 75 guests