I saw some with SNMP write enabled with a funky community. Sent from my iPhone
> On Sep 25, 2018, at 1:00 PM, Nate Burke <[email protected]> wrote: > > What Type of exploits are you seeing? And are you sure they were 100% > cleaned up. I found some routers that had PPtP Servers enabled, and > scheduled scripts that automatically turned things back on. I even had one > where the script was sitting in netwatch, and was using that to turn the > badness back on. > > I ran an export on the compromised routers to make sure that things weren't > hidden in other parts of the config. > >> On 9/25/2018 2:52 PM, TJ Trout wrote: >> I had many mikrotiks exploited, we cleaned them up and disabled all services >> except winbox and http, updated to the latest firmware and changed >> passwords. >> >> Most have input firewall and are unaffected but the ones sitting >> on the internet seem to keep getting compromised >> >> Any idea why this could still be occurring? My ASSumption is that the latest >> release cures the exploit from happening again but I'm confused why this >> keeps reoccurring? >> >> Thanks >> >> TJ >> >> > > -- > AF mailing list > [email protected] > http://af.afmug.com/mailman/listinfo/af_af.afmug.com -- AF mailing list [email protected] http://af.afmug.com/mailman/listinfo/af_af.afmug.com
