Re: [AFMUG] Unauthorized Mikrotik winbox Login made changes

2018-07-18 Thread Mathew Howard
; >> >> >> *From:* AF [mailto:af-boun...@af.afmug.com] *On Behalf Of *Dave >> *Sent:* Tuesday, July 17, 2018 4:07 PM >> *To:* af@af.afmug.com >> *Subject:* Re: [AFMUG] Unauthorized Mikrotik winbox Login made changes >> >> >> >> My power rout

Re: [AFMUG] Unauthorized Mikrotik winbox Login made changes

2018-07-18 Thread Tim Cailloux
*Dave > *Sent:* Tuesday, July 17, 2018 4:07 PM > *To:* af@af.afmug.com > *Subject:* Re: [AFMUG] Unauthorized Mikrotik winbox Login made changes > > > > My power router v4 is still on 6.27 because of some hardware driver issue > for support of sfp modules. > Last time I

Re: [AFMUG] Unauthorized Mikrotik winbox Login made changes

2018-07-18 Thread Wireless Administrator
PM To: af@af.afmug.com Subject: Re: [AFMUG] Unauthorized Mikrotik winbox Login made changes My power router v4 is still on 6.27 because of some hardware driver issue for support of sfp modules. Last time I made the move to upgrade to 6.40 all of my sfp ports started flapping and would

Re: [AFMUG] Unauthorized Mikrotik winbox Login made changes

2018-07-17 Thread Dave
af@af.afmug.com *Subject:* Re: [AFMUG] Unauthorized Mikrotik winbox Login made changes Based on those versions you listed, it sounds like the Winbox vulnerability described here: https://forum.mikrotik.com/viewtopic.php?t=133533 Password complexity isn't really the issue since they could connec

Re: [AFMUG] Unauthorized Mikrotik winbox Login made changes

2018-07-17 Thread Sam Morris
Abuse email address for that ip glengineer...@wilsonnc.org On 07/17/2018 02:51 PM, Nate Burke wrote: FWIW, 216.152.5.42 has been hammering my network scanning for the winbox port for over 24 hours.  Ok, Hammering as in 10 packets per second. On 7/17/2018 1:24 PM, Philip Rankin wrote: I had

Re: [AFMUG] Unauthorized Mikrotik winbox Login made changes

2018-07-17 Thread Dave
yep its evil.. Like mama says its the devil On 07/17/2018 08:38 AM, Josh Luthman wrote: Definitely need 6.42+ there are two major exploits you're open to. Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Tue, Jul 17, 2018 at 6:44 AM, Nick W

Re: [AFMUG] Unauthorized Mikrotik winbox Login made changes

2018-07-17 Thread Nate Burke
FWIW, 216.152.5.42 has been hammering my network scanning for the winbox port for over 24 hours. Ok, Hammering as in 10 packets per second. On 7/17/2018 1:24 PM, Philip Rankin wrote: I had same thing. Same IP addr On Mon, Jul 16, 2018 at 10:01 PM Nate Burke >

Re: [AFMUG] Unauthorized Mikrotik winbox Login made changes

2018-07-17 Thread Philip Rankin
I had same thing. Same IP addr On Mon, Jul 16, 2018 at 10:01 PM Nate Burke wrote: > I just happened to be looking through the Logs of a couple Mikrotiks > that I didn't have Winbox Firewalled off From the outside world. Someone > from the outside world logged into winbox today. I had what I

Re: [AFMUG] Unauthorized Mikrotik winbox Login made changes

2018-07-17 Thread Dennis Burgess
July 17, 2018 10:47 AM To: AnimalFarm Microwave Users Group mailto:af@af.afmug.com>> Subject: Re: [AFMUG] Unauthorized Mikrotik winbox Login made changes What's new in 6.43rc44 (2018-Jul-11 07:45): MAJOR CHANGES IN v6.43: -- !) api - changed authentication process (ht

Re: [AFMUG] Unauthorized Mikrotik winbox Login made changes

2018-07-17 Thread Mathew Howard
& WISP Support Services > Office: 314-735-0270 Website: http://www.linktechs.net > Create Wireless Coverage's with www.towercoverage.com > > > -Original Message- > From: AF On Behalf Of Justin Wilson > Sent: Tuesday, July 17, 2018 10:47 AM > To: AnimalFarm Microwave U

Re: [AFMUG] Unauthorized Mikrotik winbox Login made changes

2018-07-17 Thread Dennis Burgess
Sent: Tuesday, July 17, 2018 10:47 AM To: AnimalFarm Microwave Users Group Subject: Re: [AFMUG] Unauthorized Mikrotik winbox Login made changes What's new in 6.43rc44 (2018-Jul-11 07:45): MAJOR CHANGES IN v6.43: -- !) api - changed authentication process (https://wiki.mik

Re: [AFMUG] Unauthorized Mikrotik winbox Login made changes

2018-07-17 Thread Justin Wilson
What's new in 6.43rc44 (2018-Jul-11 07:45): MAJOR CHANGES IN v6.43: -- !) api - changed authentication process (https://wiki.mikrotik.com/wiki/Manual:API#Initial_login); Justin Wilson j...@mtin.net www.mtin.net www.midwest-ix.com > On Jul 16, 2018, at 10:57 PM, Nate

Re: [AFMUG] Unauthorized Mikrotik winbox Login made changes

2018-07-17 Thread Mike Hammett
quot; Sent: Monday, July 16, 2018 9:57:25 PM Subject: [AFMUG] Unauthorized Mikrotik winbox Login made changes I just happened to be looking through the Logs of a couple Mikrotiks that I didn't have Winbox Firewalled off From the outside world. Someone from the outside world logged into winbox

Re: [AFMUG] Unauthorized Mikrotik winbox Login made changes

2018-07-17 Thread Dennis Burgess
less Coverage’s with www.towercoverage.com From: AF On Behalf Of Nick W Sent: Tuesday, July 17, 2018 5:45 AM To: af@af.afmug.com Subject: Re: [AFMUG] Unauthorized Mikrotik winbox Login made changes Based on those versions you listed, it sounds like the Winbox vulnerability descri

Re: [AFMUG] Unauthorized Mikrotik winbox Login made changes

2018-07-17 Thread Josh Luthman
Definitely need 6.42+ there are two major exploits you're open to. Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Tue, Jul 17, 2018 at 6:44 AM, Nick W wrote: > Based on those versions you listed, it sounds like the Winbox > vulnerability

Re: [AFMUG] Unauthorized Mikrotik winbox Login made changes

2018-07-17 Thread Nick W
Based on those versions you listed, it sounds like the Winbox vulnerability described here: https://forum.mikrotik.com/viewtopic.php?t=133533 Password complexity isn't really the issue since they could connect and download the unencrypted user database file. Firewall off Winbox and/or upgrade.

Re: [AFMUG] Unauthorized Mikrotik winbox Login made changes

2018-07-17 Thread CBB - Jay Fuller
unfortunately, i am seeing this too. - Original Message - From: Adam Moffett To: af@af.afmug.com Sent: Tuesday, July 17, 2018 12:11 AM Subject: Re: [AFMUG] Unauthorized Mikrotik winbox Login made changes Ex employee? Password compromised by phishing? I'd hope

Re: [AFMUG] Unauthorized Mikrotik winbox Login made changes

2018-07-16 Thread Adam Moffett
Ex employee?  Password compromised by phishing? I'd hope there isn't another vulnerability. On 7/16/2018 10:57 PM, Nate Burke wrote: I just happened to be looking through the Logs of a couple Mikrotiks that I didn't have Winbox Firewalled off From the outside world. Someone from the outside

[AFMUG] Unauthorized Mikrotik winbox Login made changes

2018-07-16 Thread Nate Burke
I just happened to be looking through the Logs of a couple Mikrotiks that I didn't have Winbox Firewalled off From the outside world. Someone from the outside world logged into winbox today. I had what I 'thought' were strong passwords on them. The only active service on the router is the