So we have around 1000 routers in our network and we were hacked around a week ago due to the winbox password flaw
We found the source addresses of some of the attackers and bot nets so we blocked those
A few customers were off line for the last ROS upgrade and unfortunately they got hacked
I have here on the bench a hacked rb951 which I have been trying to access all weekend
Winbox, telnet and ssh blocked
So I decided to spoof the attackers IP's and use the same exploit they did to get the password, no luck so far so I must have missed their address and just got the bots
My concern is this
A few days ago after the attack we went to activate our new BGP only to realise the port was sending out STP, even though the port is not in a bridge it is totally isolated.
Here I have the hacked rb951 and it too is sending out lots of STP from its WAN
I just checked my own router with similar config which I netinstalled just yesterday and there is no STP on the WAN only the bridge as you would expect.
Anybody else witnessed this?