Community discussions

MikroTik App
 
User avatar
BartoszP
Forum Guru
Forum Guru
Posts: 2855
Joined: Mon Jun 16, 2014 1:13 pm
Location: Poland

Re: URGENT security reminder

Sun Oct 28, 2018 8:19 pm

Why to waste time? Netinstall and import configuration via script if you have one.
 
gnuttisch
Member
Member
Posts: 308
Joined: Fri Sep 10, 2010 3:49 pm

Re: URGENT security reminder

Sun Oct 28, 2018 8:35 pm

Cause I have routers all over the country, that's why I'am asking and cant be the only one who has that.
 
martinees
just joined
Posts: 2
Joined: Thu Nov 08, 2018 9:49 pm

Re: URGENT security reminder

Thu Nov 08, 2018 10:38 pm

Hello guys, is there any chance to get into hacked device and dump actual configuration?

I regret to tell you that that one of my RB3011 has been hacked this week even though it has ROS 6.43.4 on it and recommended security measures was applied (winbox access is restricted only from LAN).

Unfortunately the thing is that I only performed upgrade each time, because I simply didn't see any evidence of changed configuration in the exported script from older ROS version.
Therefore, it would be pretty interesting for all of us, what is behind the "scenes".
Currently Winbox login does not work, nor ssh.

Any thoughts?
Thank you for your help.
 
User avatar
normis
MikroTik Support
MikroTik Support
Topic Author
Posts: 26291
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: URGENT security reminder

Fri Nov 09, 2018 8:48 am

What makes you so sure it is hacked, if you say only LAN was open and upgrade had been done?
If you don't have ANY access to it, maybe it's just "dead" (broken)?
 
martinees
just joined
Posts: 2
Joined: Thu Nov 08, 2018 9:49 pm

Re: URGENT security reminder

Fri Nov 09, 2018 12:48 pm

Well, this suspected branch office router was still connected via SSTP tunel to the "main" router, therefore I had still full access to the remote site via SSTP tunel. I just couldn't login into the router. Only what I got is typical wrong username/password message. So I had to turn it off and use only backup link.
Moreover, I saw in the statistics provided by my ISP, the outgoing traffic was ranging at 80% of uplink speed constantly in last few days. Which is not typical expected traffic shape from that branch office.
I am still wondering how this could happened.
Thank you for help.
 
User avatar
sebastia
Forum Guru
Forum Guru
Posts: 1782
Joined: Tue Oct 12, 2010 3:23 am
Location: Antwerp, BE

Re: URGENT security reminder

Fri Nov 16, 2018 11:16 pm

Hey martinees, did you had a backup partition on that router? If you do, switch to it and override the primary?
 
eduardo84
just joined
Posts: 2
Joined: Fri Nov 16, 2018 7:45 pm
Location: habana
Contact:

Re: URGENT security reminder

Fri Nov 16, 2018 11:30 pm

Seems that it is no longer functional, as I tried it, and did not see anything similar to a script. I think the domains have expired or have been seized.
Read this article here about more details on all this issue:

https://blog.avast.com/mikrotik-routers ... aign-avast
hello I do not abloi well English, I want to know who can help me connect my sxt lite 5 station mode to an ap that a pirate clone the mac, I had it resolved by connect list, but the pirate cloned the mac and I can not connect ,please help
 
tomasstatkus1
just joined
Posts: 2
Joined: Fri Nov 30, 2018 10:58 am

Re: URGENT security reminder

Fri Nov 30, 2018 11:04 am

Hi, Just want to be sure is that the same case of security issue or this is new?
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 7038
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: URGENT security reminder

Fri Nov 30, 2018 12:30 pm

Same old
 
sindy
Forum Guru
Forum Guru
Posts: 10205
Joined: Mon Dec 04, 2017 9:19 pm

Re: URGENT security reminder

Sun Dec 02, 2018 1:52 pm

I am still wondering how this could happened.
Credentials leaked in the past using some older, now closed, vulnerability could have been used to access the device if remote access to a management service (winbox, ssh, https) was still possible from outside (via the WAN interface).

If no management access was permitted from outside but it was from inside, a malware running on one of the LAN devices may have used the previously leaked credentials to connect from there, or may have made use of some vulnerability not publicly known yet.

If the bad guys have found a way to let their software survive an upgrade, they may have used that instead of just preventing the upgrade from happening as was reported several times recently (in these cases, when you've uploaded the .npk file, it disappeared so it wasn't used after reboot).

So the only solution is netinstall, but even then, leaving management access open for anything in the LAN may not be safe.
 
User avatar
vecernik87
Forum Veteran
Forum Veteran
Posts: 882
Joined: Fri Nov 10, 2017 8:19 am

Re: URGENT security reminder

Tue Dec 04, 2018 3:18 am

... noobs won't and will be secured.
Noobs will scream when their router randomly restart (because it was just applying updates during their gameplay)
Noobs will sue mikrotik when the router breaks some config during update as they will wake up one day and device won't work...

Right now, people are responsible for setting and updating their routers. If router gets hacked, it is usually user's fault as some management interface was accessible from internet. Even vulnerable version wouldn't be hacked, if routers were properly set up.
Therefore, Automatic updates will not really help because properly setup router is not vulnerable. In addition, automatic updates will put responsibility on Mikrotik's shoulders. Any issue with upgrade will hit many people who will have no idea how to fix it.

Personally, I don't think it is worth it. (it might be, if all updates were without single issue, but it is getting more common lately, that upgrade brings some issues which needs to be addressed by person)
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8709
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: URGENT security reminder

Tue Dec 04, 2018 5:59 pm

Noobs will scream when their router randomly restart (because it was just applying updates during their gameplay)
Tools -> Traffic Monitor :) "If there's no traffic for the last 5 minutes - it's okay to upgrade" xD
 
User avatar
normis
MikroTik Support
MikroTik Support
Topic Author
Posts: 26291
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: URGENT security reminder

Wed Dec 05, 2018 1:26 pm

= never :D
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8709
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: URGENT security reminder

Wed Dec 05, 2018 4:47 pm

= never :D
But they will stop complaining about the feature missing! xD
 
User avatar
Deantwo
Member
Member
Posts: 331
Joined: Tue Sep 30, 2014 4:07 pm

Re: URGENT security reminder

Thu Dec 06, 2018 12:59 pm

Noobs will scream when their router randomly restart (because it was just applying updates during their gameplay)
Tools -> Traffic Monitor :) "If there's no traffic for the last 5 minutes - it's okay to upgrade" xD
= never :D
But they will stop complaining about the feature missing! xD
How cute. We all know that there is only one way for this to be done correctly.

Implement telepathic sensing software in all routers. When there is a new upgrade available, check if all residents are asleep. If all residents are asleep, check if any of them are dreaming of possible ongoing downloads or important services that need to stay online.
If telepathic sensing detect nothing of concern, initiate internal reality simulation to predict the future. What would the future be like if the router upgraded right now? If customer would complain about the interruption, don't upgrade. What would the future be like if the router DID NOT upgrade right now? If customer would complain about the lack of auto-upgrade, upgrade the router. If the customer would complain either way, then toture the simulated customer for a billion years and brick the router.
Last edited by Deantwo on Thu Dec 06, 2018 1:02 pm, edited 2 times in total.
 
User avatar
normis
MikroTik Support
MikroTik Support
Topic Author
Posts: 26291
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: URGENT security reminder

Thu Dec 06, 2018 1:00 pm

We are working on that for v7
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11381
Joined: Thu Mar 03, 2016 10:23 pm

Re: URGENT security reminder

Thu Dec 06, 2018 1:03 pm

We are working on that for v7
I'd say that this is already done in v7 alpha as it's the easy part. I bet that showstopper is implementation of letsencrypt certificate autoupdate.
 
User avatar
normis
MikroTik Support
MikroTik Support
Topic Author
Posts: 26291
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: URGENT security reminder

Thu Dec 06, 2018 1:06 pm

I was talking about mind reading and future prediction, but ok
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11381
Joined: Thu Mar 03, 2016 10:23 pm

Re: URGENT security reminder

Thu Dec 06, 2018 1:12 pm

Me too.
 
User avatar
mozerd
Forum Veteran
Forum Veteran
Posts: 871
Joined: Thu Oct 05, 2017 3:39 pm
Location: Canada
Contact:

Re: URGENT security reminder

Thu Dec 06, 2018 3:17 pm

We are working on that for v7
This appeared on my radar screen THIS AM with the moniker of UFO ... NORAD sent 3 F18 jets to try and intercept but failed to catch the phantom OS.
 
User avatar
normis
MikroTik Support
MikroTik Support
Topic Author
Posts: 26291
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: URGENT security reminder

Thu Dec 06, 2018 3:23 pm

blip
Screenshot 2018-12-06 at 15.22.50.png
You do not have the required permissions to view the files attached to this post.
 
cdemers
Member Candidate
Member Candidate
Posts: 224
Joined: Sun Feb 26, 2006 3:32 pm
Location: Canada
Contact:

Re: URGENT security reminder

Thu Dec 06, 2018 3:37 pm

Teasing us :) wish we could have an alpha/beta for Christmas to play with

Sent from my SM-A520W using Tapatalk

 
Kindis
Member
Member
Posts: 434
Joined: Tue Nov 01, 2011 6:54 pm
Location: Sweden

Re: URGENT security reminder

Thu Dec 06, 2018 3:40 pm

This sums up how I think ROS 7 is communicated! :-)
Image
Last edited by Kindis on Thu Dec 06, 2018 3:42 pm, edited 1 time in total.
 
User avatar
normis
MikroTik Support
MikroTik Support
Topic Author
Posts: 26291
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: URGENT security reminder

Thu Dec 06, 2018 3:42 pm

No, major misunderstanding :D

Not "it will be fixed in v7", but "It can only be fixed in v7".
 
Kindis
Member
Member
Posts: 434
Joined: Tue Nov 01, 2011 6:54 pm
Location: Sweden

Re: URGENT security reminder

Thu Dec 06, 2018 3:45 pm

No, major misunderstanding :D

Not "it will be fixed in v7", but "It can only be fixed in v7".
So sorry but I could not just contain myself ;-) Not that I'm missing V7 I just follow the forum :-)
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3279
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: URGENT security reminder

Thu Dec 06, 2018 4:44 pm

This was posted february 2015 by normis
We will release a beta, when it will exist. Currently v7 is in alpha stage, many functions are not completed and non functional. Beta needs at least all functions to be somewhat operational.
viewtopic.php?t=93106#p467540

V7 are not at alpha167

So V7beta1 should be the next after alpha 999
An v7 Release-candidate men be out after beta 999
:mrgreen:


Looking for the beta to be announced:
Alpha means "internal testing".
When we will have "public testing" (meaning Beta), we will announce it here.
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8709
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: URGENT security reminder

Thu Dec 06, 2018 5:32 pm

Normis, is it public FTP? Is it in ipv4 address space? xD
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11381
Joined: Thu Mar 03, 2016 10:23 pm

Re: URGENT security reminder

Thu Dec 06, 2018 6:13 pm

Is it in ipv4 address space?
Sure it is: 127.0.0.1 :-P
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3279
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: URGENT security reminder

Thu Dec 06, 2018 8:03 pm

I like this site better
ftp://[::1]
 
mistry7
Forum Guru
Forum Guru
Posts: 1480
Joined: Tue Oct 13, 2009 11:57 am
Location: Germany

Re: URGENT security reminder

Thu Dec 06, 2018 11:08 pm

 
digitec
just joined
Posts: 18
Joined: Wed Jan 31, 2018 3:13 pm

Re: URGENT security reminder

Mon Dec 17, 2018 5:55 pm

Not highly likely, but technically possible, although have not seen an example "in the wild". There are published methods how to do that, but from what you posted, those are the "regular" hacks.

Netinstall is always the safest choice, but 90% chance that deleting all this stuff + upgrade + new password will resolve your current issue.
Hi, I have regular unwanted visitors on my IP and it come so far that now I can not use Netinstall , Routerboards RB962 and many others saying after "visit" factory boot loader 3.41, current boot loader 3.41 , upgrade boot loader 3.41. If Netinsatll can not be used than how to format NAND disk?
 
User avatar
normis
MikroTik Support
MikroTik Support
Topic Author
Posts: 26291
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: URGENT security reminder

Tue Dec 18, 2018 9:12 am

Not highly likely, but technically possible, although have not seen an example "in the wild". There are published methods how to do that, but from what you posted, those are the "regular" hacks.

Netinstall is always the safest choice, but 90% chance that deleting all this stuff + upgrade + new password will resolve your current issue.
Hi, I have regular unwanted visitors on my IP and it come so far that now I can not use Netinstall , Routerboards RB962 and many others saying after "visit" factory boot loader 3.41, current boot loader 3.41 , upgrade boot loader 3.41. If Netinsatll can not be used than how to format NAND disk?
RouterBOOT has nothing to do with the issue.
Check "Sytem -> Packages" menu, there is a button, check for updates.
 
highdraw
just joined
Posts: 3
Joined: Fri Nov 16, 2007 2:02 pm
Location: Hungary
Contact:

Re: URGENT security reminder

Wed Nov 04, 2020 9:57 pm

Not highly likely, but technically possible, although have not seen an example "in the wild". There are published methods how to do that, but from what you posted, those are the "regular" hacks.

Netinstall is always the safest choice, but 90% chance that deleting all this stuff + upgrade + new password will resolve your current issue.
Hi, I have regular unwanted visitors on my IP and it come so far that now I can not use Netinstall , Routerboards RB962 and many others saying after "visit" factory boot loader 3.41, current boot loader 3.41 , upgrade boot loader 3.41. If Netinsatll can not be used than how to format NAND disk?
RouterBOOT has nothing to do with the issue.
Check "Sytem -> Packages" menu, there is a button, check for updates.
I faced also with this hijacking problem (u113.rsc, and so on), and it seems, that the router's firmware overwritten with an old one... Router model: 2011UiAS, current RouterOS: 6.39.2. In the System --> Routerboard menu I see: factory firmware 3.41 and upgrade firmware 3.33. I made a factory default reset, uploaded the newest package for upgrade the router OS (routeros-mipsbe-6.47.7.npk), but after restart nothing happens. The version remains on 6.39.2, no failure message in log. If I try to update the firmware in CL, the following failure message coming: ERROR: can not change firmware to this version, please try newer one. How can I made an update? The router working in a 0-24 patrol station, so it's difficult to stop and made with Netinstall :(
 
digitec
just joined
Posts: 18
Joined: Wed Jan 31, 2018 3:13 pm

Re: URGENT security reminder

Wed Dec 30, 2020 3:26 am

I had to switch from Mikrotik to another solution, security and ongoing hacking of ANY Mikrotik software / Stable / Testing / actually after hack I tried aways to use Netinstall / all seemed OK but after brand new firmware landed on board, it has never booted again. It has happened several times in the roll. I gave up Mikrotik for security reasons/ any Mikrotik on public IP is a kind of security hazard now, after hack it sends necessary sniffed info to desired IP. I'm really sorry, Mikrotik has been nice and easy to work with but thanks to world wide spread earned unwanted attention of certain people if I can ever call them people.

Who is online

Users browsing this forum: blejzu, eworm, txfz and 25 guests