Community discussions

MikroTik App
 
cutedrummerboy
Member Candidate
Member Candidate
Topic Author
Posts: 137
Joined: Thu Nov 14, 2013 6:32 pm

is routeros realy secure??

Wed Dec 24, 2014 8:16 pm

i found this on internet random search.

http://mkbrutusproject.github.io/MKBRUTUS/

haven't checked yet. anyone checked this?? i am worried about the winbox section specially.
Device: RB2011UIAS-RM, RB750GL, CISCO SG300-28, UNIFI UAP-LR
 
User avatar
boen_robot
Forum Guru
Forum Guru
Posts: 2411
Joined: Thu Aug 31, 2006 4:43 pm
Location: europe://Bulgaria/Plovdiv

Re: is routeros realy secure??

Wed Dec 24, 2014 8:29 pm

Well, as they say, Winbox uses a proprietary protocol that they don't know, hence why the tool doesn't use it.

If someone is hacker enough to try and figure out the protocol, they will end up building a similar tool to the one for the API. So all in all, Winbox is only a little bit safer than the API protocol.

If they figure it out... Your RouterOS password better not be in their dictionary.

To REALLY keep yourself safe, you can always just add the IPs from which you might want to access the router. This is applicable to all protocols - Winbox, API, and also SSH and everything else, and can even be done on per-user basis (e.g. you may make a read-only user that's accessible from anywhere, plus an admin that's only accessible from certain IPs).
PEAR2_Net_RouterOS(1.0.0b6) - My API client in PHP
(Rate my posts? If you want... no pressure...)
 
jarda
Forum Guru
Forum Guru
Posts: 7603
Joined: Mon Oct 22, 2012 4:46 pm

Re: is routeros realy secure??

Wed Dec 24, 2014 8:43 pm

It's not even interesting as all systems can be attacked by dictionary brute force tryouts. Nothing special to ros. Everyone can and should anticipate that and remove all default users, not to use simple passwords and implement some antibruteforce firewall solution.

On the other side I worry about the closed winbox protocol. I am afraid that someone will be able to perform mitm attack or capture the passwords. What's worse, if secured port connection doesn't happen, the winbox tries unsecured connection... Aren't you afraid also?

Who is online

Users browsing this forum: erlinden, eworm, jorkoto, Lifz, Loskrochn, wispmikrotik and 77 guests