I have never seen an RB /sys reset itself, not that I can recall. I agree with Chuck.
Did you see if there was a before-reset.backup ? Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Tue, Jan 10, 2012 at 2:53 PM, Chuck Hogg <ch...@shelbybb.com> wrote: > I'm thinking that if you had that many and all at the same time, you may > have been hacked. I've got over 500 MikroTik clients still, and have never > seen this issue in 6 years. > > Regards, > Chuck > > > On Tue, Jan 10, 2012 at 2:16 PM, Randy Cosby <dco...@infowest.com> wrote: > >> We have a real puzzler on our hands. It's possible it was a hack, but if >> there is another explanation we'd like to avoid that in the future. >> >> We have a Mikrotik 5.8Ghz AP (411AH) serving 48 customers in a remote >> area. At about 11:40pm Friday night, 22 of the 48 dropped offline. We >> went to the site and replaced the AP (routerboard, wireless card) and saw a >> some improvement on signals for the remaining 26 customers, but the 22 >> never came back on. >> >> We were able to map out the locations of the customers who were online vs >> those who were not, and there was no geographical pattern that would >> indicate interference. One guy would be up, his next-door neighbor would >> be down. >> >> At this point we were suspecting a rogue AP was hijacking these customers, >> so we sent a tech out to a customer location to check what was going on. >> The customer Mikrotik (RB411 with RouterOS 4.11) had been reset to >> defaults and the config was gone. The tech had a script to re-apply the >> config, and it came right back online. Next house -- same thing. Every >> house so far (we've done 15 of the 22) was identical. The tech did note >> that on some units, the "files" were still there, on others they were >> missing. >> >> We tried power cycling the customer units to see if a power outage may >> have triggered the config wipe. They all came back up fine, config in-tact. >> >> We're considering a few possibilities: >> >> 1 - Someone on the same management network ( a private 172 net) found the >> admin password was able to get into these units and reset them to defaults. >> He got bored and quit after 22 (or after he accidentally did the same to >> his own radio). >> >> 2 - Something in RouterOS 4.11 was triggered to wipe the config. Perhaps >> the faulty wireless card on the AP had something to do with that? >> >> 3 - A brownout did toast some configs, not others. No customers reported >> any power problems, but it may have been brief enough to not reset clocks? >> >> 4 - Solar flares and / or UFO's. >> >> Any other suggestions, guesses? >> >> >> -- >> Randy Cosby | InfoWest, Inc | www.infowest.com >> Vice President | 435-674-0165 x 2010 | facebook.com/infowest >> >> >> >> ______________________________**_________________ >> Mikrotik mailing list >> Mikrotik@mail.butchevans.com >> http://www.butchevans.com/**mailman/listinfo/mikrotik<http://www.butchevans.com/mailman/listinfo/mikrotik> >> >> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik >> RouterOS >> > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > <http://www.butchevans.com/pipermail/mikrotik/attachments/20120110/e0990bd8/attachment.html> > _______________________________________________ > Mikrotik mailing list > Mikrotik@mail.butchevans.com > http://www.butchevans.com/mailman/listinfo/mikrotik > > Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS _______________________________________________ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS