Community discussions

MUM Europe 2020
 
gcs
Member Candidate
Member Candidate
Topic Author
Posts: 145
Joined: Tue May 18, 2010 10:06 pm
Location: Tyler, Texas USA

Mikrotik cpe is hacked?

Wed Jan 11, 2012 5:21 pm

I have a customer who's cpe is sending out hundred's of port 1080 (socks) to different ip address. I had them unplug or shutdown their computers and it still shows up. It bogs down the link so much it is hard to connect to it. I finaly was able to login and disabled the ethernet interface and the traffic still came.

ANY idea what is going on and how to fix it?
 
User avatar
che
Frequent Visitor
Frequent Visitor
Posts: 94
Joined: Fri Oct 07, 2005 1:04 pm

Re: Mikrotik cpe is hacked?

Thu Jan 12, 2012 4:14 am

You can start by doing port scan targeting customers IP address to see if there are any non standard services up on CPE (unprotected proxy or similar). After that you can check what is going on by starting torch utilitiy at client's CPE (Tools > Torch), select WAN interface and check all boxes. That will give you good idea what is going on customers Mikrotik since it will list you all the connections in real time.

And what to do to prevent flooding - start by blocking connections that cause such traffic so you have easier time accessing CPE. You mentioned port 1080 - then you should combine customers IP address as source or destination IP and port 1080 as src or dst port (depending on direction of the traffic) to create rule in forward chain and block what you need at your equipement.
 
gcs
Member Candidate
Member Candidate
Topic Author
Posts: 145
Joined: Tue May 18, 2010 10:06 pm
Location: Tyler, Texas USA

Re: Mikrotik cpe is hacked?

Sat Jan 14, 2012 1:05 am

I changed the ip address of the wlan interface and all is working fine now.
 
User avatar
sten
Forum Veteran
Forum Veteran
Posts: 920
Joined: Tue Jun 01, 2004 12:10 pm

Re: Mikrotik cpe is hacked?

Tue Jan 31, 2012 12:15 am

socks proxy may be enabled on the cpe.
Move along. Nothing to see here.

Who is online

Users browsing this forum: stephbatpierret and 15 guests