Good morning
I'm new here and to Mikrotik products
I have a CRS328-24P-4S+ I installed a couple weeks ago to replace my combination Procurve 2900-48G switch and pfSense PC router box.
I use this in my home for both personal and business stuff. I was specifically wanting the 10GB uplinks.
I setup the CRS328 to the best of my ability, got my network going, changed the Admin password and went about my life.
A week later I went back in using winbox to check things. I went to the logs and frankly it scared the hell out of me!!! I saw a constant flow of failed login attempts from IP's all over the world. Every minute there was one. There were so many that the log would not contain them and they rolled off the page. I went into panic mode and set out to try and secure this router. I read a Wiki and turned off all the remote services except ssh and winbox. I created a new admin user and turned off the default admin account. I limited the ssh port to just one. I then only allowed winbox to connect within my private network from a specific static IP on one workstation. I also implemented most of the other suggestions in the Wiki as well.
https://wiki.mikrotik.com/wiki/Manual:S ... our_Router
Now I am still getting about 5-6 failed login attempts every day (denied winbox/dude connect from x.x.x.x) which is certainly better than hundreds per day. Still, is this normal??
I have a friend who is into vulnerability testing and he said there was a current exploit.
This one: https://www.exploit-db.com/exploits/45578
MicroTik RouterOS < 6.43rc3 - Remote Root
Does anyone know if this has been patched yet???
I am running v6.43.8 ROS and a current winbox client.
Is this exploit block-able somehow?
I am not a router OS guy but do service desktop and laptop computers as I have for 25+ years. I will need clear and thorough explanations.
thanks