MikroTik

Hello, Mikrotik Team!
Does RouterOs have any backdors for NSA?

Thanks.

Hello, Mikrotik Team!
Does RouterOs have any backdors for NSA?

Thanks.

Mikrotik is not in USA.

Maybe not NSA but what about FSB

Maybe the Tilera CPU has some Backdoors? No one knows. Your Bandwith gets also mirrored on the IX Points, dont worry.

Maybe the Tilera CPU has some Backdoors?

Yeah, it probably has integrated 40G wireless connection going directly to the NSA, so it can mirror each and every bit.

A backdoor isn't of much use if you don't get close enough to pull the handle.

There's always packet sniffers like Wireshark one can use to confirm or deny the existence of any traffic sent over any interface for whatever reason.

RouterOS doesn't have any backdoors that anyone would know of. If there are, they certainly don't advertise themselves in any way for packet sniffers to detect them*. Thus, even if there are such backdoors, the NSA wouldn't know in advance** - they'd have to probe the router, at which point, that's not really a "backdoor" per se - it's a "hacker attack attempt", and MikroTik have a good track record of mitigating those.

@soretuor
If you seriously suspect MikroTik having done this... do you honestly believe that they'd also openly admit to it? Or would you take their "No" as even further confirmation?

* Well... except for the MNDP UDP packets, but those merely announce "Hey, I'm a MikroTik router, version X", not "Hey, read my data over port X with this special sequence the router admin doesn't know about".
** Unless MikroTik have explicitly told them something we haven't been told, and then using the MNDP packets, they end up exploiting THAT. You can always disable MNDP and change all management ports to something non-default if you're too paranoid. At that point, NSA wouldn't know it's dealing with a MikroTik router.

in coming days there is MUM going to happen in USA, you can ask this question there.

in coming days there is MUM going to happen in USA, you can ask this question there.

Gee... that sounds ominous .

Like "You can ask this question there... and then the undercover NSA agents in the room label you 'traitor' and put you away for life, or worse...".

in coming days there is MUM going to happen in USA, you can ask this question there.

LOL. As End User you cant Trust any Manufactor of Network Stuff or something else, look at the HP Storage "Support" User.
And the next Fact is, if you're getting a Letter of an Secret Court, you're not allowed to talk about this. We live in a
good Democracy! Hell Yeah, Thanks Obama. Not.

I understand that if there is some backdoor, the official Mikrotik team will not reveal it to us:) I'm just kidding.
Also keep in mind, that nsa has their people in many IT companies. So..

Ah by the way, "Forum Gurus" are so gurus =)

At the end of the day, if your are not doing anything illegal you have nothing to worry about.

At the end of the day, if your are not doing anything illegal you have nothing to worry about.

For which intelligence agency are you working for?

At the end of the day, if your are not doing anything illegal you have nothing to worry about.

Yes, you are right about that. Nothing bad ever happens to good people. By the way, if you lock the doors to your house and your car, you are obviously a criminal and have something to hide.

At the end of the day, if your are not doing anything illegal you have nothing to worry about.

Yes, you are right about that. Nothing bad ever happens to good people. By the way, if you lock the doors to your house and your car, you are obviously a criminal and have something to hide.

+1.... Also, do you realize how many laws there are in the US... I'm certain you have broken one or two. Watch this video:

http://www.youtube.com/watch?v=6wXkI4t7nuc

I know this is an old thread but I just came across this while searching for security information.

https://www.youtube.com/watch?v=vbdyG0l ... .be&t=2209

So there does appears to be a backdoor in Mikrotik. Unfortunately no details were given other than a confirmation.

I know this is an old thread but I just came across this while searching for security information.

https://www.youtube.com/watch?v=vbdyG0l ... .be&t=2209

So there does appears to be a backdoor in Mikrotik. Unfortunately no details were given other than a confirmation.

It says: That guy used to work for an ISP, so he knew that there was a backdoor in their router. That could mean that he knew about a user account in the router from when he worked there. It doesn't make sense that he hacked his own ISP (where he used to work) though?

Am I misinterpreting it?

I know this is an old thread but I just came across this while searching for security information.

https://www.youtube.com/watch?v=vbdyG0l ... .be&t=2209

So there does appears to be a backdoor in Mikrotik. Unfortunately no details were given other than a confirmation.

It says: That guy used to work for an ISP, so he knew that there was a backdoor in their router. That could mean that he knew about a user account in the router from when he worked there. It doesn't make sense that he hacked his own ISP (where he used to work) though?

Am I misinterpreting it?

I wasn't sure by the speaker's statement where "TheFixer" used to work for the ISP or for Mikrotik. It's kind of unclear.

Here is the transcript from the Def Con https://media.defcon.org/DEF%20CON%2022 ... efense.txt

Here is the relevant passage.
"So I don’t have much time for questions but I want time for questions. So, a little bit of story time. So VB is the first guy to do this took the site down for like 5 minutes. This was before we had anything in place. He actually did it from his IP that his user account was from so we were able to do positive attribution. So this guy hacker on the forum a reformed criminal but the fixer got the IP we posted on the forums and turned out that VB's ISP was mikrotik routers, that’s who the fixer used to work for, he knew there was a back door in the router so he got into the guy's ISP, turned on remote pcap and basically lols ensued."

Backdoor? No. 0-day exploit? maybe...
Just like Cisco's 0-days that the NSA had, which are now being patched after the leak.

In any case in Europe, EVERY ISP !!! needs to have a "backdoor" (in real life: physical fibre) to the security agencies (whatever country has which one)...

And this not only applies to ISP's, also to telecom providers (mobile, and fixed).


So why would they bother the Mikrotik router, if the "agency" already can type in the name / address of the person in interest, and monitor everything what goes there (Layer 7).....


I think this kind of arrangement exists also in the USA.

In any case in Europe, EVERY ISP !!! needs to have a "backdoor"

really? which european union country are you from?

Maybe not NSA but what about FSB

That's insulting. FSB is in Russia. MikroTik is from Latvia.

In any case in Europe, EVERY ISP !!! needs to have a "backdoor" (in real life: physical fibre) to the security agencies (whatever country has which one)...

This is obvious internet news paranoia.
There is a requirement for ISPs to keep IP, user and connection associations logs for some time, but it does not include content.
And it has to be made available to law enforcement if requested by court order, if there is a suspicion of criminal activity for that user.

Of course, actual tracking can be requested from the ISP by court order if a specific user is under investigation.
But it is not a "default setup". Can you imagine the resources and logistics behind such an approach?

In any case in Europe, EVERY ISP !!! needs to have a "backdoor"

really? which european union country are you from?

Netherlands.

European regulation 2006/24/EG.

https://en.wikipedia.org/wiki/Data_Retention_Directive

Every country can deviate from it, but Netherlands made it even worse. In stead of 6 months, they made it 12 months or longer.

For example what the ISP's need to log:

Telephone:

Time of begin call
Time of end call
Dialed phone numbers
Name and address of the dialed person
Location of the user (if it is a mobile phone) up to mast location (Cell ID) at the beginning and during the call
IMEI of originating and terminating device
IMSI of the user

SMS and MMS to which person are sent + all data like for a fixed line (see above)
Type of used phone call (VoIP, POTS, analogue, ISDN etc...)


E-mail

same as above, except phone numbers, e-mail addresses are recorded.
IP address where where user is connecting from to the mail server

Internet session

Date / time and time zone of login and logoff
Originating IP if any
issued and used IP addresses during that session
Phone number if dialed in by modem
MAC address if a DSL or cable modem is used
Type of service you are using (chat, voip etc...)



This is Europe....

In the Netherlands the ISP's have to buy the equiment and maintain all this data. And pay themselves. In other countries the government pays for it.

Your own link says this directive was proposed, never implemented and is now considered invalid.
I have never heard of anyone storing such info in EU.

You are correct Normis. But before 2014 a lot of countries (most in Europe I think) had this implemented, even if it was an "advise".

In any case the Netherlands had this.

For that reason I am behind a VPN, since VPN providers are not considered ISP's, and the directive does not apply to them (so they do not need to log all this).

By the way, are you coming to the MuM in Amsterdam in November?

I think in reality, they do not have enough storage to keep all of this. It is unrealistic.
Yes, I will be in the Amsterdam MUM. Make sure to spread the word, we need more presenters from the community: http://mum.mikrotik.com/2016/NL/agenda

In any case in Europe, EVERY ISP !!! needs to have a "backdoor"

really? which european union country are you from?

Netherlands.

European regulation 2006/24/EG.

https://en.wikipedia.org/wiki/Data_Retention_Directive

But is that a backdoor?

To me a backdoor is a way to access a router/system system without the owner knowing about it.

Im from Denmark and we followed the session logging directive too, but afaik it is now scrapped by the EU... also the Danish police found out that they couldent read the data anyways and had only tried to use it about 2 times in all the years it was active.

I think in reality, they do not have enough storage to keep all of this. It is unrealistic.

The storage is not a problem. Since it is all text based information in a database it can be compacted to the maximum (I have see Oracle databases of 450 Mb been reduced to 14 kB files....).

And what LaRP says: Yes, it is a backdoor. Not on Mikrotik or any router, but it is in essence a "door" which is not visible by the user.

The storage is not a problem. Since it is all text based information in a database it can be compacted to the maximum (I have see Oracle databases of 450 Mb been reduced to 14 kB files....).

And what LaRP says: Yes, it is a backdoor. Not on Mikrotik or any router, but it is in essence a "door" which is not visible by the user.

Apparently you have no idea what a backdoor actually is. What they are collecting (or not) is called metadata. It is information about the communications, but does not contain the content of the communications. This is not a backdoor. A backdoor is a method of access that is coded into the system, whether intentional or unintentional, that provides unauthorized or undesirable access to the system. Backdoors typically provide full control of the target system. A backdoor would allow someone direct access to the RouterOS system, enabling them to sniff the traffic processed by the system (though if that traffic is encrypted, they still won't be able to read the data unless they have access to or reverse engineer the encryption keys).

My suggestion to you is that when you're using industry standard terminology, you accept the industry's definition of that term instead of making your own up. Metadata collection is not a backdoor, and there are no known backdoors in RouterOS. As to the original question from this OLD thread, RouterOS is not developed by anyone subject to US laws and regulations, so the NSA has no authority to request or require a backdoor.

Just for completeness, I think the 'calea' package is the implementation of the tracking system for law enforcement agencies in the US, and is available in ROS.
But you have to install that package first in order to be active.