Community discussions

MUM Europe 2020
 
amojak
just joined
Topic Author
Posts: 16
Joined: Sat Nov 10, 2018 9:10 pm

erm what is FW 6.55.6 , no mention of it here yet routers say it is current stable?

Tue Nov 19, 2019 9:08 pm

hi,,
as per subject, what is 6.55.6 firmware and why is there no announcement of it?

bill
 
Sob
Forum Guru
Forum Guru
Posts: 5171
Joined: Mon Apr 20, 2009 9:11 pm

Re: erm what is FW 6.55.6 , no mention of it here yet routers say it is current stable?

Tue Nov 19, 2019 10:59 pm

There isn't such version, at least not yet, maybe in future. But perhaps it could be this in real life action:

https://medium.com/tenable-techblog/rou ... e0b07c0b21
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply. Not intended as incentive for masochists.
 
amojak
just joined
Topic Author
Posts: 16
Joined: Sat Nov 10, 2018 9:10 pm

Re: erm what is FW 6.55.6 , no mention of it here yet routers say it is current stable?

Wed Nov 20, 2019 1:10 am

well why does our routers report there is?
test.png
You do not have the required permissions to view the files attached to this post.
 
amojak
just joined
Topic Author
Posts: 16
Joined: Sat Nov 10, 2018 9:10 pm

Re: erm what is FW 6.55.6 , no mention of it here yet routers say it is current stable?

Wed Nov 20, 2019 1:27 am

the update server reports as 185.162.131.116 , in the netherlands.

something is broke as only the stable release exists and the version number is not real it seems.

perhaps somebody at MT needs to investigate this as it could be a nasty fake firmware attack

bill
 
amojak
just joined
Topic Author
Posts: 16
Joined: Sat Nov 10, 2018 9:10 pm

Re: erm what is FW 6.55.6 , no mention of it here yet routers say it is current stable?

Wed Nov 20, 2019 1:38 am

i am not installing it but have a copy of what it downloaded, too big to upload here though

routeros-mipsbe-6.55.6.npk
 
Znevna
Frequent Visitor
Frequent Visitor
Posts: 71
Joined: Mon Sep 23, 2019 1:04 pm

Re: erm what is FW 6.55.6 , no mention of it here yet routers say it is current stable?

Wed Nov 20, 2019 10:45 am

You or your ISP is hijacking the DNS for the download server. MikroTik's servers are in Latvia.
Check what DNS server your router is using and check the static DNS entries on it, if you have nothing in static DNS regarding upgrade.mikrotik.com or download.mikrotik.com and you're using the ISP's DNS servers, well, your ISP is hacked. It might even force redirect all your queries. Too many options.
You have to check which one is it, doing local queries using different servers from your PC.
Check the firewall in your router for any suspicios lines too.
That changelog is from 6.45.6 anyway. (the one you have installed) but the actual version might be 6.42.12 or older.
 
msatter
Forum Guru
Forum Guru
Posts: 1395
Joined: Tue Feb 18, 2014 12:56 am
Location: Netherlands / Nīderlande

Re: erm what is FW 6.55.6 , no mention of it here yet routers say it is current stable?

Wed Nov 20, 2019 11:18 am

i am not installing it but have a copy of what it downloaded, too big to upload here though

routeros-mipsbe-6.55.6.npk
Send it support@mikrotik.com so they can have a look at it what supposed to do.

The gives mixed results of being located in Meppel in the Netherlands including street and housenumber. The phonenumber is in the USA most likely in New York.
Two RB760iGS (hEX S) in series. One does PPPoE and both do IKEv2.
Running:
RouterOS 6.47.beta.x / Winbox 3.21 / MikroTik APP 1.3.11
Android device owners, use https://github.com/M66B/NetGuard/releases (no root required)
 
Sob
Forum Guru
Forum Guru
Posts: 5171
Joined: Mon Apr 20, 2009 9:11 pm

Re: erm what is FW 6.55.6 , no mention of it here yet routers say it is current stable?

Wed Nov 20, 2019 11:33 am

It's renamed 6.41.4, exactly as in the article I linked to.
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply. Not intended as incentive for masochists.
 
amojak
just joined
Topic Author
Posts: 16
Joined: Sat Nov 10, 2018 9:10 pm

Re: erm what is FW 6.55.6 , no mention of it here yet routers say it is current stable?

Wed Nov 20, 2019 12:28 pm

i

right so there are no static entries in the dns setup for our core router.

our "ISP" is level 3/centurylink and i find it difficult to consider their DNS servers are hacked

To add to this this is occuring on every other core MT router on other connections with other DNS servers too.

So in summary it looks to be an invisible exploit installed on our MT edge routers running 6.45.6/7. We will try and block that IP and set the dns manually but the fact seems to be our MT routers are compromised so they may of also let all manner of unseen changes happen too.

What are Mikrotik doing about this please?
mtik.png
You do not have the required permissions to view the files attached to this post.
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 24433
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: erm what is FW 6.55.6 , no mention of it here yet routers say it is current stable?

Wed Nov 20, 2019 12:53 pm

Until you have contacted support and nobody else has, probably nothing yet. Please email support and if possible, provide full access to such a device.

As previously advised, it is always possible this exploit was installed in 6.3x versions when a known Winbox problem allowed full access to your device if Winbox port was open.
No answer to your question? How to write posts
 
Znevna
Frequent Visitor
Frequent Visitor
Posts: 71
Joined: Mon Sep 23, 2019 1:04 pm

Re: erm what is FW 6.55.6 , no mention of it here yet routers say it is current stable?

Wed Nov 20, 2019 12:56 pm

*ahem* my bad. It looks like it's exactly what Sob mentioned earlier.
There isn't such version, at least not yet, maybe in future. But perhaps it could be this in real life action:
https://medium.com/tenable-techblog/rou ... e0b07c0b21
Long story short, you have winbox open to the world and your DNS Cache is poisoned. Read the full page above.
 
msatter
Forum Guru
Forum Guru
Posts: 1395
Joined: Tue Feb 18, 2014 12:56 am
Location: Netherlands / Nīderlande

Re: erm what is FW 6.55.6 , no mention of it here yet routers say it is current stable?

Wed Nov 20, 2019 12:57 pm

No DNSSEC active on the Mikrotik domain so you are only protected by the measurement of Mikrotik to not install a invalid version.

If automatic updates is active then the router is made vulnerable by installing this OLD version if that is possible without pressing the Downgrade button.
Two RB760iGS (hEX S) in series. One does PPPoE and both do IKEv2.
Running:
RouterOS 6.47.beta.x / Winbox 3.21 / MikroTik APP 1.3.11
Android device owners, use https://github.com/M66B/NetGuard/releases (no root required)
 
Sob
Forum Guru
Forum Guru
Posts: 5171
Joined: Mon Apr 20, 2009 9:11 pm

Re: erm what is FW 6.55.6 , no mention of it here yet routers say it is current stable?

Wed Nov 20, 2019 1:15 pm

Long story short, you have winbox open to the world and your DNS Cache is poisoned.
Not necessarily, those records could simply come from upstream resolver, i.e. from whatever is in "/ip dns".
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply. Not intended as incentive for masochists.
 
amojak
just joined
Topic Author
Posts: 16
Joined: Sat Nov 10, 2018 9:10 pm

Re: erm what is FW 6.55.6 , no mention of it here yet routers say it is current stable?

Wed Nov 20, 2019 1:26 pm

hi,

always your helpful self normis.

i noticed this last night, all previous emails to support hit a wall, primarly as mikrotik decided to block me from their forum , support and even at one point blocked our IP ranges remember? Just after giving me a l6 licence as reward for being a top contributor to the forum. All because i dared point out a fault with your hardware apparently. you neatly erased all history of my posts too.

So your sarcasm as usual is unwarranted and unhelpful. Some things never change over the years.

It is clear form other posts on here that this vulnerability IS known to Mikrotik and is also public knowledge.

Why mikrotik thought it a smart move to fix another vulnerability recently by making a downgrade wipe out any access security is beyond me without first taking action to make such downgrades difficult or at least 2 step, then of course widely publicising this exploit.

Now i need answers and a solution to this issue, i am less than comfortable knowing that all our edge routers have effectively been rooted with seemingly zero care for it from you.

Perhaps it is time to change the supplier of them too as we did with our wireless side after the last fiasco. Mikrotik lost ~£1M of trade from us for that decision alone.

bill
bROADNAD
Until you have contacted support and nobody else has, probably nothing yet. Please email support and if possible, provide full access to such a device.

As previously advised, it is always possible this exploit was installed in 6.3x versions when a known Winbox problem allowed full access to your device if Winbox port was open.
 
msatter
Forum Guru
Forum Guru
Posts: 1395
Joined: Tue Feb 18, 2014 12:56 am
Location: Netherlands / Nīderlande

Re: erm what is FW 6.55.6 , no mention of it here yet routers say it is current stable?

Wed Nov 20, 2019 1:43 pm

Ouch. However it is not the time to settle old pains and Mikrotik is now interested in solving this and it in their hands that poisoning gets more difficult if not impossible.
Two RB760iGS (hEX S) in series. One does PPPoE and both do IKEv2.
Running:
RouterOS 6.47.beta.x / Winbox 3.21 / MikroTik APP 1.3.11
Android device owners, use https://github.com/M66B/NetGuard/releases (no root required)
 
anav
Forum Guru
Forum Guru
Posts: 3267
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada

Re: erm what is FW 6.55.6 , no mention of it here yet routers say it is current stable?

Wed Nov 20, 2019 3:11 pm

That article was very illuminating. I suppose one could conclude some shortcuts or loopholes have to be closed when updating Winbox files and Im assuming that work has been done for 6.45???
However as Sob notes DNS poisoning is still possible IF ONE allows remote users (External) access to the DNS system of MK or at least thats what I interpreted.

Finally, it seems best practices still prevent problems, common sense!!
a. Use netinstall to latest firmware if sense one is hacked
Prevent a. by NOT opening winbox to the WAN side, use only VPN to access router externally
Prevent a. by NOT allowing external access to DNS cache (by explicit drop WAN access to port 53 for input chain rules, or by drop all else rule at end of input chain).

Probably way more complicated just trying to understand.
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
 
msatter
Forum Guru
Forum Guru
Posts: 1395
Joined: Tue Feb 18, 2014 12:56 am
Location: Netherlands / Nīderlande

Re: erm what is FW 6.55.6 , no mention of it here yet routers say it is current stable?

Wed Nov 20, 2019 6:52 pm

Has anyone checked if the Level3 DNS server is returning the correct IP and TTL? The shown TTL is longer than 6 days and that is very long.

If the dns entry is coming from the outside and the DNSEC is available then the routers should be able to check it. This is way why I requested to be able to disable RouterOS to use dynamic obtained DNS servers (IKEv2).

I use my own DNS resolver that is better equiped and secured than the resolver in RouterOS. Not thwt cache can be poisoned but it much more difficult.
Two RB760iGS (hEX S) in series. One does PPPoE and both do IKEv2.
Running:
RouterOS 6.47.beta.x / Winbox 3.21 / MikroTik APP 1.3.11
Android device owners, use https://github.com/M66B/NetGuard/releases (no root required)
 
whatever
Member Candidate
Member Candidate
Posts: 117
Joined: Thu Jun 21, 2018 9:29 pm

Re: erm what is FW 6.55.6 , no mention of it here yet routers say it is current stable?

Fri Nov 22, 2019 11:40 pm

Why do you have your management ports exposed to the internet? Stop doing that.
 
el berto
Member Candidate
Member Candidate
Posts: 204
Joined: Wed Sep 26, 2007 10:53 am

Re: erm what is FW 6.55.6 , no mention of it here yet routers say it is current stable?

Mon Dec 09, 2019 1:15 pm


a. Use netinstall to latest firmware if sense one is hacked
So if RouterBoard has been hacked just rewriting firmware using netinstall will solve issue to have clean (not corrupted) firmware, right?

I was using RB750 with an old release 6.22 or 6.30, or something else.
I can't download firmware from RB (I won't explain why..), so provider alerted me RB was hacked and someone is trying to login on provider router from my RB.
It said it was a bug on that ROs release and he had many customers with same issue.
I would like to recover RouterBoard (if possible, if you say is not safe I'll throw it on garbage) with 6.44.6... is it enough safe for now?
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 24433
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: erm what is FW 6.55.6 , no mention of it here yet routers say it is current stable?

Mon Dec 09, 2019 2:23 pm

Yes, Netinstall from mikrotik.com (make sure you download the correct files, we have MD5 and SHA sum available) is enough to recover. Also, apply config by hand, don't import unknown config files from internet sources and blogs.
No answer to your question? How to write posts
 
User avatar
eworm
Member
Member
Posts: 474
Joined: Wed Oct 22, 2014 9:23 am
Location: Oberhausen, Germany
Contact:

Re: erm what is FW 6.55.6 , no mention of it here yet routers say it is current stable?

Mon Dec 09, 2019 3:00 pm

make sure you download the correct files, we have MD5 and SHA sum available
Checksums do help against corruption at transfer time, but that's it. If an attacker manages to replace the package files he/she will also place matching checksums.
Having gpg signatures would be much better...
Manage RouterOS scripts and extend your devices' functionality: RouterOS Scripts

Who is online

Users browsing this forum: GuntherDW, MSN [Bot], Sob and 104 guests