There have also been multiple vulnerabilities. If they changed stuff, your management wasn't actually secured. If you upgraded and that was it, they probably already stole your passwords and just walked right in.
----- Mike Hammett Intelligent Computing Solutions Midwest Internet Exchange The Brothers WISP ----- Original Message ----- From: "CBB - Jay Fuller" <par...@cyberbroadband.net> To: "AnimalFarm Microwave Users Group" <af@af.afmug.com> Sent: Sunday, August 5, 2018 9:27:06 PM Subject: Re: [AFMUG] mikrotik hacked.....again So yes I have followed this and our network has been secured....or so I thought. I did about 2 weeks ago upgrade to the latest firmware to make sure the windowexploit was patched.... even after upgrading to the latest this weirdness began. I have discussed with our network consultant and think we have a plan... Sent from my smartphone ----- Reply message ----- From: "CBB - Jay Fuller" <par...@cyberbroadband.net> To: "AnimalFarm Microwave Users Group" <af@af.afmug.com> Subject: [AFMUG]mikrotik hacked.....again Date: Sun, Aug 5, 2018 9:23 PM Off and on....with the socks proxy? Sent from my smartphone ----- Reply message ----- From: "Mike Hammett" <af...@ics-il.net> To: "AnimalFarm Microwave Users Group" <af@af.afmug.com> Subject: [AFMUG] mikrotik hacked.....again Date: Sun, Aug 5, 2018 9:01 PM Do you not follow TBW? We post about this almost weekly. ----- Mike Hammett Intelligent Computing Solutions Midwest Internet Exchange The Brothers WISP ----- Original Message ----- From: "CBB - Jay Fuller" <par...@cyberbroadband.net> To: af@af.afmug.com Sent: Sunday, August 5, 2018 1:10:51 PM Subject: [AFMUG] mikrotik hacked.....again Looking through all of our routers, most running the latest firmware, most running non-standard winbox ports, i still see the following today: * accept rule in firewall (for port 10438 i think, same port enabled on ip -> socks) * account added called "service" * socks config changed ; enabled * log entries changed to only show one line anyone else seeing this? What are they doing? -- AF mailing list AF@af.afmug.com http://af.afmug.com/mailman/listinfo/af_af.afmug.com -- AF mailing list AF@af.afmug.com http://af.afmug.com/mailman/listinfo/af_af.afmug.com
-- AF mailing list AF@af.afmug.com http://af.afmug.com/mailman/listinfo/af_af.afmug.com
