Again....anyone know what the hackers are doing?
Sent from my smartphone
----- Reply message -----
From: "Josh Baird" <joshba...@gmail.com>
To: "AnimalFarm Microwave Users Group" <af@af.afmug.com>
Subject: [AFMUG] mikrotik hacked.....again
Date: Sun, Aug 5, 2018 6:12 PM
This. It really should be a no-brainer to protect your devices by only
allowing management from specific management networks. If you don’t, you are
asking for trouble.
On Aug 5, 2018, at 1:06 PM, Jesse DuPont <jesse.dup...@celeritycorp.net> wrote:
Exactly what Lewis said. We take an "allow specific things, block
everything else" approach. We only allow a small list of IP
addresses to access Winbox or SSH on a router. And aside from a
small list of other services the router needs to respond on
(rate-limited ICMP, established/related, DHCP on some interfaces,
OSPF or LDP on some interfaces, BGP from IP ranges of internal
routers), everything else in the INPUT chain is explicitly dropped.
On 8/5/18 1:32 PM, Lewis Bergman wrote:
It can be inconvenient, but we only allow connections from our ip
at work. If you want in, you have to VPN there first.
On Sun, Aug 5, 2018, 1:12 PM CBB - Jay Fuller
<par...@cyberbroadband.net>
wrote:
Looking through all of our routers,
most running the latest firmware, most running
non-standard winbox ports, i still see the following
today:
* accept rule in firewall (for
port 10438 i think, same port enabled on ip ->
socks)
* account added called "service"
* socks config changed ; enabled
* log entries changed to only show
one line
anyone else seeing this? What are
they doing?
--
AF mailing list
AF@af.afmug.com
http://af.afmug..com/mailman/listinfo/af_af.afmug.com
--
AF mailing list
AF@af.afmug.com
http://af.afmug.com/mailman/listinfo/af_af.afmug.com
--
AF mailing list
AF@af.afmug.com
http://af.afmug.com/mailman/listinfo/af_af.afmug.com