Community discussions

MikroTik App
 
ffries
Member Candidate
Member Candidate
Topic Author
Posts: 177
Joined: Wed Aug 25, 2021 6:07 pm

How to make sure that a Mikrotik machine is not compromised

Fri Jan 27, 2023 12:03 am

Hello,

Here are some questions, for which I searched answers, so it might be better to ask here:

1) There are exploits available to root RouterOS devices and I would like to know what is made at Mikrotik to mitigate those exploits.

2) Also, how to test whether a router was rooted by an exploit. The reason why I am asking this is that I purchased most of my routers second hand.

3) Does installing using Netboot totally wipes a router including factory boot? Can netboot wipe an exploit and restore original software?

4) Why does Netboot does not work under Linux? See my other post.

5) Why is possible replace factory under some devices and not others. For example I tried to upgrade the hap AX3 factory boot to 7.7 without success. Factory boot is still 7.5.

Also, please don't answer me with the usual "why do you ask those questions" blablalbla. I am looking for answers and I see very little answers about Mikrotik hardware security. So I would appreciate some answers, espacially for recent hardware like CCR2004, hap AX3 and rb5009.

Kind regards,
FFries
 
User avatar
chechito
Forum Guru
Forum Guru
Posts: 2990
Joined: Sun Aug 24, 2014 3:14 am
Location: Bogota Colombia
Contact:

Re: How to make sure that a Mikrotik machine is not compromised

Fri Jan 27, 2023 1:39 am

if you are so security concerned the first thing you need to do is to buy equipment directly from official distributors

you are self exposing you to supply chain problems and after that looking for a fix for it, so fix the problem at their origin


the fact of trying to change factory version information makes me to think you are trying to hide the real age of second hand equipment for some reason

hopefully i'm wrong about that
 
User avatar
bpwl
Forum Guru
Forum Guru
Posts: 2984
Joined: Mon Apr 08, 2019 1:16 am

Re: How to make sure that a Mikrotik machine is not compromised

Fri Jan 27, 2023 2:01 am

1. See release notes for security patches.
2. An active rootkit infection is not detectable. Not at the RouterOS level, not even at the underlying (Linux) OS level, where we have no access via RouterOS.
3. Netinstall is the best wipe/rewrite tool we have for the full RouterOS, including the Linux kernel. It does not destroy the license file, so it probably is not 100%.
4. Netinstall is a Windows program AFAIK.
5. Upgrading Routerboot is under system/RouterBOARD. Upgrade Firmware. "Factory Firmware" field gives minimum version needed for this HW. (this does not change with upgrade).
 
holvoetn
Forum Guru
Forum Guru
Posts: 5412
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: How to make sure that a Mikrotik machine is not compromised

Fri Jan 27, 2023 7:46 am

4. Netinstall is a Windows program AFAIK.
Linux as well.
Works (for me) a lot better then Windows (as in: close to 100% success rate whereas with Windows it is over 50% failure. Again, for me).

OP: see my other post is like saying "search the web".
Link please ?
 
ffries
Member Candidate
Member Candidate
Topic Author
Posts: 177
Joined: Wed Aug 25, 2021 6:07 pm

Re: How to make sure that a Mikrotik machine is not compromised

Sun Jan 29, 2023 2:07 pm

Sorry for late reply, here are my problems about Netinstall:
viewtopic.php?p=980360#p980360

For information, the CCR2004, the RB5009 and the hapAX3 were purchased from official resellers.
But I did by two switches on the equivalent of eBay in France (LeBonCoin).

Who is online

Users browsing this forum: 57uov, Ahrefs [Bot], Amazon [Bot], DanMos79, tangent, VinceKalloe and 66 guests