Community discussions

 
ahmetaybar
just joined
Topic Author
Posts: 2
Joined: Tue Mar 26, 2019 11:07 am

Cloud IPs need to be blocked

Wed Mar 27, 2019 11:12 am

Hello,

I am using Mikrotik on the vessels behind satellite modem with very limited data usage such as 50Mbyte per month. So each MBbye cost the customers extra US$s. We just allow e-mail IPs on the firewall. I have seen on satellite POP, we have a lot of request from our satellite modem to 81.198.87.240 and 159.148.147.229. I saw that these are Mikrotik Cloud IPs. I have disabled Cloud and DNS service on the unit. But it still send request to those IPs. I have added rules to IP firewall rules but it is still happening.
How can I stop these requests or block these Cloud IPs on the Routerboard?
 
anav
Forum Guru
Forum Guru
Posts: 3129
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada

Re: Cloud IPs need to be blocked

Wed Mar 27, 2019 1:02 pm

Open the door HAL.....
Resistance is futile, join the MT Borg....
Obviously this one has not been cloned yet and is still fighting back..
We are pwned by the Cloud..
Wake up you have simply been dreaming, there is no traffic to the cloud, trust MT!

Suggest sending a supout file to MT support and any other supporting evidence.
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
 
User avatar
vecernik87
Long time Member
Long time Member
Posts: 648
Joined: Fri Nov 10, 2017 8:19 am

Re: Cloud IPs need to be blocked

Wed Mar 27, 2019 1:23 pm

To be honest, before annoying support staff, I would prefer to inspect full config. I have few devices around, where I specifically focused on any unexpected outgoing packets - and it's just not happening. There must be some setting causing this.
/export hide-sensitive file=somename
 
anav
Forum Guru
Forum Guru
Posts: 3129
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada

Re: Cloud IPs need to be blocked

Wed Mar 27, 2019 5:50 pm

Support staff are not so easily annoyed. In fact they expect and like questions which have a quick and easy answer.
Operator error! :-)
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
 
gotsprings
Forum Veteran
Forum Veteran
Posts: 778
Joined: Mon May 14, 2012 9:30 pm

Re: Cloud IPs need to be blocked

Wed Mar 27, 2019 6:28 pm


/ip firewall address-list
add address=81.198.87.240 list=ipCLOUD
add address=159.148.147.229 list=ipCLOUD
/ip firewall filter
add action=drop chain=output dst-address-list=ipCLOUD place-before=1
add action=drop chain=forward dst-address-list=ipCLOUD place-before=1
/ip dns cache flush

That should block devices inside the network for reaching IPCloud
It will also force the router to dump connection attempts to IPCloud
"It ain't what you don't know that gets you into trouble. It's what you know for sure that just ain't so."
Mark Twain
 
Paternot
Long time Member
Long time Member
Posts: 607
Joined: Thu Jun 02, 2016 4:01 am
Location: Niterói / Brazil

Re: Cloud IPs need to be blocked

Wed Mar 27, 2019 8:02 pm

I have disabled Cloud and DNS service on the unit. But it still send request to those IPs. I have added rules to IP firewall rules but it is still happening.
How can I stop these requests or block these Cloud IPs on the Routerboard?
Did You disable "Cloud" AND "Update Time"? AFAIK they run independently - and this "Update Time" talks to the cloud server.
 
Fin32
just joined
Posts: 2
Joined: Thu Mar 28, 2019 3:43 am

Re: Cloud IPs need to be blocked

Thu Mar 28, 2019 4:08 am

Hi!
Could somebody explain what is this?
How I can disable this traffic?
Image

DDNS disabled.
Image

Router (RB3011) updated.
Image
And I don't understand where from this traffic!

I can drop it with firewall rules... but.
Is it bug?

Thank you.
 
nescafe2002
Long time Member
Long time Member
Posts: 624
Joined: Tue Aug 11, 2015 12:46 pm
Location: Netherlands

Re: Cloud IPs need to be blocked

Thu Mar 28, 2019 12:47 pm

It's documented and known behavior.

https://wiki.mikrotik.com/wiki/Manual:S ... figuration
Note: Time-zone-autodetect by default is enabled on new RouterOS installation and after configuration reset. The time zone is detected depending on routers public IP address and our Cloud servers database. Since RouterOS v6.43 your device will use cloud2.mikrotik.com to communicate with the MikroTik's Cloud server. Older versions will use cloud.mikrotik.com to communicate with the MikroTik's Cloud server.

And:
https://wiki.mikrotik.com/wiki/Manual:I ... pdate_time
  • Approximate time (accuracy of several seconds, depends on UDP packet latency)
  • Updates time after a reboot and during every DDNS update (when router's WAN IP address changes or after the force-update command is used)
  • Sends encrypted packets to cloud.mikrotik.com or cloud2.mikrotik.com using UDP/15252 port
  • Detects time-zone depending on the router's public IP address and our commercial database
 
r00t
Member Candidate
Member Candidate
Posts: 218
Joined: Tue Nov 28, 2017 2:14 am

Re: Cloud IPs need to be blocked

Thu Mar 28, 2019 1:59 pm

Disable everything cloud and use NTP Client for clock updating instead.
 
Fin32
just joined
Posts: 2
Joined: Thu Mar 28, 2019 3:43 am

Re: Cloud IPs need to be blocked

Thu Mar 28, 2019 3:16 pm

Disable everything cloud and use NTP Client for clock updating instead.
I did it
Image

And this
Image
(Thanks to nescafe2002)

Now I am waiting for results...
...
After reboot during half an hour no connection to cloud2.microtik.com !
What I did (thanks to everybody for help!)
1. Disable everything in Cloud.
2. Disable Time Zone AutoDetect
3. Install NTP instead SNTP
4. Reboot.
Seems to me that it works. Will see...

Thanks to everybody!
 
anav
Forum Guru
Forum Guru
Posts: 3129
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada

Re: Cloud IPs need to be blocked

Thu Mar 28, 2019 6:22 pm

select gROOTs answer as solved so people know its solved.
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
 
lesnikov
just joined
Posts: 17
Joined: Tue Jul 15, 2014 9:33 pm
Location: Slovenia

Re: Cloud IPs need to be blocked

Sat May 25, 2019 2:35 am

Hi,

We still have mikrotik devices (6.44.3) trying to connect to 159.148.172.251:15252 UDP
we disabled everything in IP/Cloud,
disabled clock time zone autodetect and installed ntp package.

are we missing some option that needs to be disabled?
 
lesnikov
just joined
Posts: 17
Joined: Tue Jul 15, 2014 9:33 pm
Location: Slovenia

Re: Cloud IPs need to be blocked

Mon May 27, 2019 1:31 pm

problem solved after another reboot. only 2 units had this problem the rest worked fine.
 
guipoletto
Frequent Visitor
Frequent Visitor
Posts: 94
Joined: Mon Sep 19, 2011 5:31 am

Re: Cloud IPs need to be blocked

Tue May 28, 2019 8:18 pm

You could also add static DNS entries for cloud.mikrotik.com pointing to 127.0.0.1
/ip dns static add address=127.0.0.1 name=cloud2.mikrotik.com
Ugly but effective.....

Who is online

Users browsing this forum: Google [Bot], MSN [Bot] and 80 guests