Re: [AFMUG] mikrotik hacked.....again

Jesse DuPont Sun, 05 Aug 2018 13:08:49 -0700

Exactly what Lewis said. We take an "allow specific things, block everything else" approach. We only allow a small list of IP addresses to access Winbox or SSH on a router. And aside from a small list of other services the router needs to respond on (rate-limited ICMP, established/related, DHCP on some interfaces, OSPF or LDP on some interfaces, BGP from IP ranges of internal routers), everything else in the INPUT chain is explicitly dropped.

On 8/5/18 1:32 PM, Lewis Bergman wrote:

It can be inconvenient, but we only allow connections from our ip at work. If you want in, you have to VPN there first.

On Sun, Aug 5, 2018, 1:12 PM CBB - Jay Fuller <par...@cyberbroadband.net> wrote:

Looking through all of our routers, most running the latest firmware, most running non-standard winbox ports, i still see the following today:

* accept rule in firewall (for port 10438 i think, same port enabled on ip -> socks)

* account added called "service"

* socks config changed ; enabled

* log entries changed to only show one line

anyone else seeing this? What are they doing?

--
AF mailing list
AF@af.afmug.com
http://af.afmug.com/mailman/listinfo/af_af.afmug.com

-- 
AF mailing list
AF@af.afmug.com
http://af.afmug.com/mailman/listinfo/af_af.afmug.com

Re: [AFMUG] mikrotik hacked.....again

Reply via email to