They also stole all of your Mikrotik passwords.
----- Mike Hammett Intelligent Computing Solutions Midwest Internet Exchange The Brothers WISP ----- Original Message ----- From: "CBB - Jay Fuller" <par...@cyberbroadband.net> To: "AnimalFarm Microwave Users Group" <af@af.afmug.com> Sent: Sunday, August 5, 2018 7:06:40 PM Subject: Re: [AFMUG] mikrotik hacked.....again Again....anyone know what the hackers are doing? Sent from my smartphone ----- Reply message ----- From: "Josh Baird" <joshba...@gmail.com> To: "AnimalFarm Microwave Users Group" <af@af.afmug.com> Subject: [AFMUG] mikrotik hacked.....again Date: Sun, Aug 5, 2018 6:12 PM This. It really should be a no-brainer to protect your devices by only allowing management from specific management networks. If you don’t, you are asking for trouble. On Aug 5, 2018, at 1:06 PM, Jesse DuPont < jesse.dup...@celeritycorp.net > wrote: Exactly what Lewis said. We take an "allow specific things, block everything else" approach. We only allow a small list of IP addresses to access Winbox or SSH on a router. And aside from a small list of other services the router needs to respond on (rate-limited ICMP, established/related, DHCP on some interfaces, OSPF or LDP on some interfaces, BGP from IP ranges of internal routers), everything else in the INPUT chain is explicitly dropped. On 8/5/18 1:32 PM, Lewis Bergman wrote: <blockquote> It can be inconvenient, but we only allow connections from our ip at work. If you want in, you have to VPN there first. On Sun, Aug 5, 2018, 1:12 PM CBB - Jay Fuller < par...@cyberbroadband.net > wrote: <blockquote> Looking through all of our routers, most running the latest firmware, most running non-standard winbox ports, i still see the following today: * accept rule in firewall (for port 10438 i think, same port enabled on ip -> socks) * account added called "service" * socks config changed ; enabled * log entries changed to only show one line anyone else seeing this? What are they doing? -- AF mailing list AF@af.afmug.com http://af.afmug..com/mailman/listinfo/af_af.afmug.com </blockquote> </blockquote> <blockquote> -- AF mailing list AF@af.afmug.com http://af.afmug.com/mailman/listinfo/af_af.afmug.com </blockquote> -- AF mailing list AF@af.afmug.com http://af.afmug.com/mailman/listinfo/af_af.afmug.com
-- AF mailing list AF@af.afmug.com http://af.afmug.com/mailman/listinfo/af_af.afmug.com
