I monitor all my Mikrotik devices and have automated config versioning by using Oxidized (https://github.com/ytti/oxidized).
Those configs are pushed to a git-server, were I get notifications when something has changed. Surprisingly I received one of these notifications, while there wasn't any change last week (no updates, no config changes).
Code: Select all
+ /ip smb shares
+ add comment="default share" directory=/pub name=pub
+ /ip smb users
+ add name=guest
Code: Select all
/ip smb shares
add comment="default share" directory=/pub name=pub
+ add comment="default share" directory=/pub name=pub
/ip smb users
add name=guest
+ add name=guest
Code: Select all
/ip smb shares
add comment="default share" directory=/pub name=pub
add comment="default share" directory=/pub name=pub
+ add comment="default share" directory=/pub name=pub
/ip smb users
add name=guest
add name=guest
+ add name=guest
- I have not changed the config myself
- I have not updated the Mikrotik prior this behaviour
- Removing this part of config, results in "coming back" later
- Updating to the latest RouterOS and Firmware, does not resolve this behaviour (currently 7.1.5)
- I do not use the IP->SMB-service at all
- I do not see any login attempts, nor successful logins prior these changes (remote syslog, etc.)
- Rebooting does not help
I'm unable to remove these "default looking" SMB-shares and SMB-users via the WebGUI, but it's possible to remove them by using WinBox or SSH.
These events started around the same time when some national newspapers where reporting about botnets (used for/against the conflict in RU/UA). With this in mind, this could be a hint of (failed?) attempts, an abused vulnerability or just simply a bug in RouterOS.
Personally, I highly doubt this is a bug, as the software is running longer without showing this behaviour.
I'm wondering; are there other Mikrotik users with spontaneous extra "default looking" SMB-shares and/or SMB-users? (Please check/verify by hand)
With "no config";
Code: Select all
- /ip smb shares
- add comment="default share" directory=/pub name=pub
- add comment="default share" directory=/pub name=pub
- add comment="default share" directory=/pub name=pub
- /ip smb users
- add name=guest
- add name=guest
- add name=guest