why in jesus name would you turn that on? On Mon, Mar 26, 2018 at 8:40 PM, Adam Moffett <dmmoff...@gmail.com> wrote:
> If an outsider can't hit the http service on your router then you should > be ok. You'd also be ok if you're keeping up your ROS version on either > the "current" or "bugfix" track. > > The second vulnerability I mentioned is only relevant if you've turned on > the SMB service which is off by default. > > -Adam > > > ------ Original Message ------ > From: "Steve Jones" <thatoneguyst...@gmail.com> > To: af@afmug.com > Sent: 3/26/2018 9:28:47 PM > Subject: Re: [AFMUG] Mikrotik vulnerabilities > > AFAIK (assuming my firewall mastery isnt as awful as i think it is) I have > a drop all input with an office ACL and allow connected winbox, but i do > use romon with passwords. that should essentially "protect" shouldnt it? > > On Mon, Mar 26, 2018 at 8:24 PM, Adam Moffett <dmmoff...@gmail.com> wrote: > >> I'm sure everyone here has a super duper uber secure network and never >> has to worry about something like this: >> http://seclist.us/chimayred-reverse-engineering-of-mikrotik- >> exploits-from-vault-7-cia-leaks.html >> >> That info is from January. If you have a MIPS BE or x86 mikrotik on ROS >> 6.38.4 or lower and have the http service exposed to the world then you >> could be hit by this. The remotely executable code could be anything, even >> a remote shell which the attacker can use for any kind of additional >> ongoing nonsense. Their CPU usage will show up as "unclassified" in Tool >> -> Profile. I plead the 5th on how I know that last part. >> >> Also on March 12 they announced a remote exploit in the SMB service. I >> don't imagine most of us use the SMB service though. >> > >
