Re: [Mikrotik Users] Detecting Virus/Malware
There is generally a script or two, sometimes they're scheduled. The API and API-SSL services might have an IP block set to them. Services you had disabled might be enabled now. There might be a RADIUS server setup and in System-Users, on the AAA button, use RADIUS could be checked for login to authenticate non-local accounts to access the router. There could also be SSH or SSH Private Keys installed. Logging might be changed from the default (specifically, to not show API or login entries). On 6/18/18 2:52 PM, Scott Reed via Mikrotik-users wrote: > While we are getting everything on a network upgraded to avert the > infection threat on RouterOS, is there anything we can see to know that > the device is infected? > ___ Mikrotik-users mailing list Mikrotik-users@wispa.org http://lists.wispa.org/mailman/listinfo/mikrotik-users
Re: [Mikrotik Users] Detecting Virus/Malware
Only if you have MikroTik’s special NPK that allows you to view the file system raw. Otherwise, you should check for additional users, a change in your incoming radius settings, new scripts and schedules, and additional PPTP secrets and interfaces – that’s what showed up on mine when I got hit. The log showed someone logging in via the API and adding a bunch of these items in rapid fire mode, like a script kiddie. They also tried FTP and a couple files from China, but I don’t believe those were successful in doing anything. The company’s party line is that if you load 6.42.1 or better, it will seek out and destroy any unauthorized additions to the file system. > On Jun 18, 2018, at 1:52 PM, Scott Reed via Mikrotik-users > wrote: > > While we are getting everything on a network upgraded to avert the > infection threat on RouterOS, is there anything we can see to know that > the device is infected? > > -- > Scott Reed > SBRConsulting, LLC > Network and Wireless Consulting > WISPA Vendor Member > IN UMC Associate Lay Leader > SLI Coach Trained > > > --- > This email has been checked for viruses by AVG. > https://www.avg.com > > ___ > Mikrotik-users mailing list > Mikrotik-users@wispa.org > http://lists.wispa.org/mailman/listinfo/mikrotik-users ___ Mikrotik-users mailing list Mikrotik-users@wispa.org http://lists.wispa.org/mailman/listinfo/mikrotik-users
[Mikrotik Users] Detecting Virus/Malware
While we are getting everything on a network upgraded to avert the infection threat on RouterOS, is there anything we can see to know that the device is infected? -- Scott Reed SBRConsulting, LLC Network and Wireless Consulting WISPA Vendor Member IN UMC Associate Lay Leader SLI Coach Trained --- This email has been checked for viruses by AVG. https://www.avg.com ___ Mikrotik-users mailing list Mikrotik-users@wispa.org http://lists.wispa.org/mailman/listinfo/mikrotik-users