It was enough to go to the moon, it's enough for you. In all seriousness though - yeah, update update update. One day, a firewall rule / whitelist will be missed in a copy/paste, and it'll be game over for that box. I haven't dug too deep into the exploit - but an un-managed (by me / $work) device had been exploited recently - what was originally doing ~10G / traffic a month started doing ~10TB traffic a month till it was caught and dealt with. Ala, botnet code exists for these devices and they used the winbox gimme all password CVE to deploy. Kind Regards, *Nick Pratley* P: 0448 379 418 E: nick@npratley.net On Mon, Sep 10, 2018 at 2:45 PM, Philip Loenneker < Philip.Loenneker@tasmanet.com.au> wrote:
The devices will never need any more than 640kb of RAM, either ;)
-----Original Message----- From: Public <public-bounces@talk.mikrotik.com.au> On Behalf Of Jason Ross Sent: Monday, 10 September 2018 2:32 PM To: MikroTik Australia Public List <public@talk.mikrotik.com.au> Subject: Re: [MT-AU Public] MT Uptime
If it has a public interface it’s potentially exploitable from the Internet, even if a firewall is employed.
Today it’s good practice to keep your boxes up to date, particularly if there is a known vulnerability for a particular version of the running OS.
Plus, a large percentage of malicious actors originate from the inside of you network, you just never know who you can trust these days.
Jason
Jason Ross, CISSP, PCNSE8, PCNSI
Principal Consultant/Managing Director EthiSEC Pty Ltd
Cyber Security Consultants
Level 9, Avaya House 123 Epping Rd, North Ryde 2113
O: 1300 67 22 75 D: 02 8209 6488 M: 0401 988 248
On 10 Sep 2018, at 12:49 pm, Paul Julian <paul@buildingconnect.com.au> wrote:
Only privately accessible though, all good ! None of our gear is accessible to the public.
You would think they would redo the SNMP to be 64 bit, but nah....
Paul
-----Original Message----- From: Public <public-bounces@talk.mikrotik.com.au> On Behalf Of Philip Loenneker Sent: Monday, 10 September 2018 12:44 PM To: MikroTik Australia Public List <public@talk.mikrotik.com.au> Subject: Re: [MT-AU Public] MT Uptime
Yay for 32 bit numbers! I ended up writing a script a while back that used plink to scrape the uptime of devices (not just MT) because of this "feature".
And as per Nick's comment, there are various exploits that weren't publicly known, let alone patched, 497 days ago :)
-----Original Message----- From: Public <public-bounces@talk.mikrotik.com.au> On Behalf Of Nick Pratley Sent: Monday, 10 September 2018 12:36 PM To: MikroTik Australia Public List <public@talk.mikrotik.com.au> Subject: Re: [MT-AU Public] MT Uptime
Sounds exploitable :-)
On Mon, 10 Sep 2018 at 11:55 am, Paul Julian < paul@buildingconnect.com.au> wrote:
You know something is working OK when you hit the snmp integer uptime limit of the device, 497 days, then it goes back to zero again, who said Mikrotik devices weren't reliable.....
Paul
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com. au
--
Kind Regards, *Nick Pratley* P: 0448 379 418 E: nick@npratley.net _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au