What Type of exploits are you seeing? And are you sure they were 100%
cleaned up. I found some routers that had PPtP Servers enabled, and
scheduled scripts that automatically turned things back on. I even had
one where the script was sitting in netwatch, and was using that to turn
the badness back on.
I ran an export on the compromised routers to make sure that things
weren't hidden in other parts of the config.
On 9/25/2018 2:52 PM, TJ Trout wrote:
I had many mikrotiks exploited, we cleaned them up and disabled all
services except winbox and http, updated to the latest firmware and
changed passwords.
Most have input firewall and are unaffected but the ones sitting on
the internet seem to keep getting compromised
Any idea why this could still be occurring? My ASSumption is that the
latest release cures the exploit from happening again but I'm confused
why this keeps reoccurring?
Thanks
TJ
--
AF mailing list
[email protected]
http://af.afmug.com/mailman/listinfo/af_af.afmug.com
