I'm thinking that if you had that many and all at the same time, you may have been hacked. I've got over 500 MikroTik clients still, and have never seen this issue in 6 years.
Regards, Chuck On Tue, Jan 10, 2012 at 2:16 PM, Randy Cosby <dco...@infowest.com> wrote: > We have a real puzzler on our hands. It's possible it was a hack, but if > there is another explanation we'd like to avoid that in the future. > > We have a Mikrotik 5.8Ghz AP (411AH) serving 48 customers in a remote > area. At about 11:40pm Friday night, 22 of the 48 dropped offline. We > went to the site and replaced the AP (routerboard, wireless card) and saw a > some improvement on signals for the remaining 26 customers, but the 22 > never came back on. > > We were able to map out the locations of the customers who were online vs > those who were not, and there was no geographical pattern that would > indicate interference. One guy would be up, his next-door neighbor would > be down. > > At this point we were suspecting a rogue AP was hijacking these customers, > so we sent a tech out to a customer location to check what was going on. > The customer Mikrotik (RB411 with RouterOS 4.11) had been reset to > defaults and the config was gone. The tech had a script to re-apply the > config, and it came right back online. Next house -- same thing. Every > house so far (we've done 15 of the 22) was identical. The tech did note > that on some units, the "files" were still there, on others they were > missing. > > We tried power cycling the customer units to see if a power outage may > have triggered the config wipe. They all came back up fine, config in-tact. > > We're considering a few possibilities: > > 1 - Someone on the same management network ( a private 172 net) found the > admin password was able to get into these units and reset them to defaults. > He got bored and quit after 22 (or after he accidentally did the same to > his own radio). > > 2 - Something in RouterOS 4.11 was triggered to wipe the config. Perhaps > the faulty wireless card on the AP had something to do with that? > > 3 - A brownout did toast some configs, not others. No customers reported > any power problems, but it may have been brief enough to not reset clocks? > > 4 - Solar flares and / or UFO's. > > Any other suggestions, guesses? > > > -- > Randy Cosby | InfoWest, Inc | www.infowest.com > Vice President | 435-674-0165 x 2010 | facebook.com/infowest > > > > ______________________________**_________________ > Mikrotik mailing list > Mikrotik@mail.butchevans.com > http://www.butchevans.com/**mailman/listinfo/mikrotik<http://www.butchevans.com/mailman/listinfo/mikrotik> > > Visit http://blog.butchevans.com/ for tutorials related to Mikrotik > RouterOS > -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://www.butchevans.com/pipermail/mikrotik/attachments/20120110/e0990bd8/attachment.html> _______________________________________________ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
