Your MikroTik router may be compromised

I had a few phone calls from my friends during the past few days related to the new hacker attack on the Mikrotik routers. The unknown file named mikrotik.php appears between the files and you have a new script named script3_. Even more, your firewall is disabled.

This attack exploits vulnerabilities in the Web service. Although this blog claims that this vulnerability is fixed in the RouterOS version 6.38.5, I found that many routers that are not updated to the latest version are infected. A few of mine routers with the RouterOS versions 6.38.5, 6.39.x, 6.40.x or even 6.42.3 were attacked. Continue reading

Advertisements

Duplicate V3 extension in a X.509 certificate

Recently, I got a report that one application can’t connect to the Exchange server. The error message was:

Exchange server error: The request failed. javax.net.ssl.SSLProtocolException: java.io.IOException: Duplicate extensions not allowed.

The first Google search revealed to me that this error message is related to the error inside the SSL certificate and the java based library can’t override such situation. Continue reading

Trojan on my Android tablet after the factory data reset

At the end of 2017 I decided to reset my Android tablet. I used it as an auxiliary on-field device. There was no important data on it, but it could do with a clear down, a fresh start. The factory reset is a very easy task on Android devices.

I ran the reset task, it restored my device to a clean state and everything looked fine. I spotted McAfee anti-virus on it and ran it just for fun. It updated itself, started the scanning process and alerted me of the threat. I had a Trojan virus on the factory reset device.

Continue reading

Connecting three sites using IPSec tunnels

So far, we have discussed how to connect the two sites through an IPSec tunnel. Most readers will be satisfied with that, as these scenarios cover most real-life situations. However, we may have a need to interconnect three or more sites using the IPSec tunnels,

Although rare, these scenarios are possible. However, we need to plan everything carefully, as we will need more IPSec policies between routers. Therefore, I will describe here how to connect the “road warrior” users with distant site.

Continue reading

Custom chains in the Mikrotik Firewall

Every network packet that firewall handles can be input, output or forwarded. In relation to this, we have the three predefined chains that handle the entire network traffic. We make a list of rules that allow or block specific traffic.

Over time, our list can grow. At one point, we may have a list with several hundred rules. Mikrotik routers can have a long list, still to operate without problems. However, each netwrok packet must be respectively compared with each rule in the list until it finds appropriate.

Continue reading

Mikrotik device as a L2TP/IPSec client

In the previous post we have shown a Mikrotik router as a L2TP/IPSec server. In this scenario, we are using either Windows clients or mobile devices based on Android or Apple iOS operating systems. Here is a new scenario – we may have a need to use another Mikrotik device as the VPN client.

The most common scenario is that you want to connect a remote network with a main network. Using the L2TP/IPSec VPN connection, you will have in the same time the routable tunnel and the full power of IPSec encryption.

Continue reading