You know something is working OK when you hit the snmp integer uptime limit of the device, 497 days, then it goes back to zero again, who said Mikrotik devices weren't reliable..... Paul
Sounds exploitable :-) On Mon, 10 Sep 2018 at 11:55 am, Paul Julian <paul@buildingconnect.com.au> wrote:
You know something is working OK when you hit the snmp integer uptime limit of the device, 497 days, then it goes back to zero again, who said Mikrotik devices weren't reliable.....
Paul
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
-- Kind Regards, *Nick Pratley* P: 0448 379 418 E: nick@npratley.net
Yay for 32 bit numbers! I ended up writing a script a while back that used plink to scrape the uptime of devices (not just MT) because of this "feature". And as per Nick's comment, there are various exploits that weren't publicly known, let alone patched, 497 days ago :) -----Original Message----- From: Public <public-bounces@talk.mikrotik.com.au> On Behalf Of Nick Pratley Sent: Monday, 10 September 2018 12:36 PM To: MikroTik Australia Public List <public@talk.mikrotik.com.au> Subject: Re: [MT-AU Public] MT Uptime Sounds exploitable :-) On Mon, 10 Sep 2018 at 11:55 am, Paul Julian <paul@buildingconnect.com.au> wrote:
You know something is working OK when you hit the snmp integer uptime limit of the device, 497 days, then it goes back to zero again, who said Mikrotik devices weren't reliable.....
Paul
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com. au
-- Kind Regards, *Nick Pratley* P: 0448 379 418 E: nick@npratley.net _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
Only privately accessible though, all good ! None of our gear is accessible to the public. You would think they would redo the SNMP to be 64 bit, but nah.... Paul -----Original Message----- From: Public <public-bounces@talk.mikrotik.com.au> On Behalf Of Philip Loenneker Sent: Monday, 10 September 2018 12:44 PM To: MikroTik Australia Public List <public@talk.mikrotik.com.au> Subject: Re: [MT-AU Public] MT Uptime Yay for 32 bit numbers! I ended up writing a script a while back that used plink to scrape the uptime of devices (not just MT) because of this "feature". And as per Nick's comment, there are various exploits that weren't publicly known, let alone patched, 497 days ago :) -----Original Message----- From: Public <public-bounces@talk.mikrotik.com.au> On Behalf Of Nick Pratley Sent: Monday, 10 September 2018 12:36 PM To: MikroTik Australia Public List <public@talk.mikrotik.com.au> Subject: Re: [MT-AU Public] MT Uptime Sounds exploitable :-) On Mon, 10 Sep 2018 at 11:55 am, Paul Julian <paul@buildingconnect.com.au> wrote:
You know something is working OK when you hit the snmp integer uptime limit of the device, 497 days, then it goes back to zero again, who said Mikrotik devices weren't reliable.....
Paul
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com. au
-- Kind Regards, *Nick Pratley* P: 0448 379 418 E: nick@npratley.net _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
If it has a public interface it’s potentially exploitable from the Internet, even if a firewall is employed. Today it’s good practice to keep your boxes up to date, particularly if there is a known vulnerability for a particular version of the running OS. Plus, a large percentage of malicious actors originate from the inside of you network, you just never know who you can trust these days. Jason Jason Ross, CISSP, PCNSE8, PCNSI Principal Consultant/Managing Director EthiSEC Pty Ltd Cyber Security Consultants Level 9, Avaya House 123 Epping Rd, North Ryde 2113 O: 1300 67 22 75 D: 02 8209 6488 M: 0401 988 248
On 10 Sep 2018, at 12:49 pm, Paul Julian <paul@buildingconnect.com.au> wrote:
Only privately accessible though, all good ! None of our gear is accessible to the public.
You would think they would redo the SNMP to be 64 bit, but nah....
Paul
-----Original Message----- From: Public <public-bounces@talk.mikrotik.com.au> On Behalf Of Philip Loenneker Sent: Monday, 10 September 2018 12:44 PM To: MikroTik Australia Public List <public@talk.mikrotik.com.au> Subject: Re: [MT-AU Public] MT Uptime
Yay for 32 bit numbers! I ended up writing a script a while back that used plink to scrape the uptime of devices (not just MT) because of this "feature".
And as per Nick's comment, there are various exploits that weren't publicly known, let alone patched, 497 days ago :)
-----Original Message----- From: Public <public-bounces@talk.mikrotik.com.au> On Behalf Of Nick Pratley Sent: Monday, 10 September 2018 12:36 PM To: MikroTik Australia Public List <public@talk.mikrotik.com.au> Subject: Re: [MT-AU Public] MT Uptime
Sounds exploitable :-)
On Mon, 10 Sep 2018 at 11:55 am, Paul Julian <paul@buildingconnect.com.au> wrote:
You know something is working OK when you hit the snmp integer uptime limit of the device, 497 days, then it goes back to zero again, who said Mikrotik devices weren't reliable.....
Paul
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com. au
--
Kind Regards, *Nick Pratley* P: 0448 379 418 E: nick@npratley.net _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
The devices will never need any more than 640kb of RAM, either ;) -----Original Message----- From: Public <public-bounces@talk.mikrotik.com.au> On Behalf Of Jason Ross Sent: Monday, 10 September 2018 2:32 PM To: MikroTik Australia Public List <public@talk.mikrotik.com.au> Subject: Re: [MT-AU Public] MT Uptime If it has a public interface it’s potentially exploitable from the Internet, even if a firewall is employed. Today it’s good practice to keep your boxes up to date, particularly if there is a known vulnerability for a particular version of the running OS. Plus, a large percentage of malicious actors originate from the inside of you network, you just never know who you can trust these days. Jason Jason Ross, CISSP, PCNSE8, PCNSI Principal Consultant/Managing Director EthiSEC Pty Ltd Cyber Security Consultants Level 9, Avaya House 123 Epping Rd, North Ryde 2113 O: 1300 67 22 75 D: 02 8209 6488 M: 0401 988 248
On 10 Sep 2018, at 12:49 pm, Paul Julian <paul@buildingconnect.com.au> wrote:
Only privately accessible though, all good ! None of our gear is accessible to the public.
You would think they would redo the SNMP to be 64 bit, but nah....
Paul
-----Original Message----- From: Public <public-bounces@talk.mikrotik.com.au> On Behalf Of Philip Loenneker Sent: Monday, 10 September 2018 12:44 PM To: MikroTik Australia Public List <public@talk.mikrotik.com.au> Subject: Re: [MT-AU Public] MT Uptime
Yay for 32 bit numbers! I ended up writing a script a while back that used plink to scrape the uptime of devices (not just MT) because of this "feature".
And as per Nick's comment, there are various exploits that weren't publicly known, let alone patched, 497 days ago :)
-----Original Message----- From: Public <public-bounces@talk.mikrotik.com.au> On Behalf Of Nick Pratley Sent: Monday, 10 September 2018 12:36 PM To: MikroTik Australia Public List <public@talk.mikrotik.com.au> Subject: Re: [MT-AU Public] MT Uptime
Sounds exploitable :-)
On Mon, 10 Sep 2018 at 11:55 am, Paul Julian <paul@buildingconnect.com.au> wrote:
You know something is working OK when you hit the snmp integer uptime limit of the device, 497 days, then it goes back to zero again, who said Mikrotik devices weren't reliable.....
Paul
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com. au
--
Kind Regards, *Nick Pratley* P: 0448 379 418 E: nick@npratley.net _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
It was enough to go to the moon, it's enough for you. In all seriousness though - yeah, update update update. One day, a firewall rule / whitelist will be missed in a copy/paste, and it'll be game over for that box. I haven't dug too deep into the exploit - but an un-managed (by me / $work) device had been exploited recently - what was originally doing ~10G / traffic a month started doing ~10TB traffic a month till it was caught and dealt with. Ala, botnet code exists for these devices and they used the winbox gimme all password CVE to deploy. Kind Regards, *Nick Pratley* P: 0448 379 418 E: nick@npratley.net On Mon, Sep 10, 2018 at 2:45 PM, Philip Loenneker < Philip.Loenneker@tasmanet.com.au> wrote:
The devices will never need any more than 640kb of RAM, either ;)
-----Original Message----- From: Public <public-bounces@talk.mikrotik.com.au> On Behalf Of Jason Ross Sent: Monday, 10 September 2018 2:32 PM To: MikroTik Australia Public List <public@talk.mikrotik.com.au> Subject: Re: [MT-AU Public] MT Uptime
If it has a public interface it’s potentially exploitable from the Internet, even if a firewall is employed.
Today it’s good practice to keep your boxes up to date, particularly if there is a known vulnerability for a particular version of the running OS.
Plus, a large percentage of malicious actors originate from the inside of you network, you just never know who you can trust these days.
Jason
Jason Ross, CISSP, PCNSE8, PCNSI
Principal Consultant/Managing Director EthiSEC Pty Ltd
Cyber Security Consultants
Level 9, Avaya House 123 Epping Rd, North Ryde 2113
O: 1300 67 22 75 D: 02 8209 6488 M: 0401 988 248
On 10 Sep 2018, at 12:49 pm, Paul Julian <paul@buildingconnect.com.au> wrote:
Only privately accessible though, all good ! None of our gear is accessible to the public.
You would think they would redo the SNMP to be 64 bit, but nah....
Paul
-----Original Message----- From: Public <public-bounces@talk.mikrotik.com.au> On Behalf Of Philip Loenneker Sent: Monday, 10 September 2018 12:44 PM To: MikroTik Australia Public List <public@talk.mikrotik.com.au> Subject: Re: [MT-AU Public] MT Uptime
Yay for 32 bit numbers! I ended up writing a script a while back that used plink to scrape the uptime of devices (not just MT) because of this "feature".
And as per Nick's comment, there are various exploits that weren't publicly known, let alone patched, 497 days ago :)
-----Original Message----- From: Public <public-bounces@talk.mikrotik.com.au> On Behalf Of Nick Pratley Sent: Monday, 10 September 2018 12:36 PM To: MikroTik Australia Public List <public@talk.mikrotik.com.au> Subject: Re: [MT-AU Public] MT Uptime
Sounds exploitable :-)
On Mon, 10 Sep 2018 at 11:55 am, Paul Julian < paul@buildingconnect.com.au> wrote:
You know something is working OK when you hit the snmp integer uptime limit of the device, 497 days, then it goes back to zero again, who said Mikrotik devices weren't reliable.....
Paul
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com. au
--
Kind Regards, *Nick Pratley* P: 0448 379 418 E: nick@npratley.net _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
Officially, our advice to all of our customers and partners is, and has always been, "never upgrade routerOS unless there is something in the new version that you need or want" That is still the case now - noting that 'fix severe security vulnerability' definitely comes in under the category of 'want or need' ;-) Cheers! Mike.
-----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Nick Pratley Sent: Monday, 10 September 2018 3:14 PM To: MikroTik Australia Public List <public@talk.mikrotik.com.au> Subject: Re: [MT-AU Public] MT Uptime
It was enough to go to the moon, it's enough for you.
In all seriousness though - yeah, update update update.
One day, a firewall rule / whitelist will be missed in a copy/paste, and it'll be game over for that box.
I haven't dug too deep into the exploit - but an un-managed (by me / $work) device had been exploited recently - what was originally doing ~10G / traffic a month started doing ~10TB traffic a month till it was caught and dealt with. Ala, botnet code exists for these devices and they used the winbox gimme all password CVE to deploy.
Kind Regards, *Nick Pratley* P: 0448 379 418 E: nick@npratley.net
On Mon, Sep 10, 2018 at 2:45 PM, Philip Loenneker < Philip.Loenneker@tasmanet.com.au> wrote:
The devices will never need any more than 640kb of RAM, either ;)
-----Original Message----- From: Public <public-bounces@talk.mikrotik.com.au> On Behalf Of Jason Ross Sent: Monday, 10 September 2018 2:32 PM To: MikroTik Australia Public List <public@talk.mikrotik.com.au> Subject: Re: [MT-AU Public] MT Uptime
If it has a public interface it’s potentially exploitable from the Internet, even if a firewall is employed.
Today it’s good practice to keep your boxes up to date, particularly if there is a known vulnerability for a particular version of the running OS.
Plus, a large percentage of malicious actors originate from the inside of you network, you just never know who you can trust these days.
Jason
Jason Ross, CISSP, PCNSE8, PCNSI
Principal Consultant/Managing Director EthiSEC Pty Ltd
Cyber Security Consultants
Level 9, Avaya House 123 Epping Rd, North Ryde 2113
O: 1300 67 22 75 D: 02 8209 6488 M: 0401 988 248
On 10 Sep 2018, at 12:49 pm, Paul Julian <paul@buildingconnect.com.au> wrote:
Only privately accessible though, all good ! None of our gear is accessible to the public.
You would think they would redo the SNMP to be 64 bit, but nah....
Paul
-----Original Message----- From: Public <public-bounces@talk.mikrotik.com.au> On Behalf Of Philip Loenneker Sent: Monday, 10 September 2018 12:44 PM To: MikroTik Australia Public List <public@talk.mikrotik.com.au> Subject: Re: [MT-AU Public] MT Uptime
Yay for 32 bit numbers! I ended up writing a script a while back that used plink to scrape the uptime of devices (not just MT) because of this "feature".
And as per Nick's comment, there are various exploits that weren't publicly known, let alone patched, 497 days ago :)
-----Original Message----- From: Public <public-bounces@talk.mikrotik.com.au> On Behalf Of Nick Pratley Sent: Monday, 10 September 2018 12:36 PM To: MikroTik Australia Public List <public@talk.mikrotik.com.au> Subject: Re: [MT-AU Public] MT Uptime
Sounds exploitable :-)
On Mon, 10 Sep 2018 at 11:55 am, Paul Julian < paul@buildingconnect.com.au> wrote:
You know something is working OK when you hit the snmp integer uptime limit of the device, 497 days, then it goes back to zero again, who said Mikrotik devices weren't reliable.....
Paul
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com. au
--
Kind Regards, *Nick Pratley* P: 0448 379 418 E: nick@npratley.net _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.co m.au
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.co m.au
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.co m.au
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com. au _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com. au
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
Hi Mike,
On 10 Sep 2018, at 3:27 pm, Mike Everest <mike@duxtel.com> wrote:
Officially, our advice to all of our customers and partners is, and has always been, "never upgrade routerOS unless there is something in the new version that you need or want”
Unfortunately this isn’t great advice today, although I can understand the reasoning behind it.
That is still the case now - noting that 'fix severe security vulnerability' definitely comes in under the category of 'want or need' ;-)
Cheers!
My POV is security fixes are more need than want. In some situations you won’t want to upgrade immediately for any number of reasons. If this is the case you should perform a risk analysis and implement the necessary mitigation strategies to minimise your risk. As soon as you can upgrade, you should upgrade in my opinion. Some food for thought - From memory the average time most people take to discover they've been compromised is 18 months. Jason
Absolutely! Security fixes are DEFINITELY "want or need", and agreed - emphasis is on 'need' in those cases ;) However, updates that only offer new features that you don’t currently use, or fix bugs that don't affect you are not worth the downtime caused by install, or potential break in functionality caused by introducing new bugs that did not previously exist! :-D So,... our advice still stands :-} (and we follow our own advice too! ;) Incidentally, we also encourage bugfix release stream as well for all production equipment (unless there is a 'want or need' type feature in other streams. Cheers! Mike.
-----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Jason Ross Sent: Monday, 10 September 2018 5:06 PM To: MikroTik Australia Public List <public@talk.mikrotik.com.au> Subject: Re: [MT-AU Public] MT Uptime
Hi Mike,
On 10 Sep 2018, at 3:27 pm, Mike Everest <mike@duxtel.com> wrote:
Officially, our advice to all of our customers and partners is, and has always been, "never upgrade routerOS unless there is something in the new version that you need or want”
Unfortunately this isn’t great advice today, although I can understand the reasoning behind it.
That is still the case now - noting that 'fix severe security vulnerability' definitely comes in under the category of 'want or need' ;-)
Cheers!
My POV is security fixes are more need than want. In some situations you won’t want to upgrade immediately for any number of reasons. If this is the case you should perform a risk analysis and implement the necessary mitigation strategies to minimise your risk.
As soon as you can upgrade, you should upgrade in my opinion.
Some food for thought - From memory the average time most people take to discover they've been compromised is 18 months.
Jason
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
Well, <snort> stable 6.43 just got released. How many of you will push that out over the next few days? :) Alas it doesn't look like it has RB3011 hardware AES yet which is in the RC. On Mon, 10 Sep 2018 at 17:32, Mike Everest <mike@duxtel.com> wrote:
Absolutely!
Security fixes are DEFINITELY "want or need", and agreed - emphasis is on 'need' in those cases ;)
However, updates that only offer new features that you don’t currently use, or fix bugs that don't affect you are not worth the downtime caused by install, or potential break in functionality caused by introducing new bugs that did not previously exist! :-D
So,... our advice still stands :-}
(and we follow our own advice too! ;)
Incidentally, we also encourage bugfix release stream as well for all production equipment (unless there is a 'want or need' type feature in other streams.
Cheers!
Mike.
-----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Jason Ross Sent: Monday, 10 September 2018 5:06 PM To: MikroTik Australia Public List <public@talk.mikrotik.com.au> Subject: Re: [MT-AU Public] MT Uptime
Hi Mike,
On 10 Sep 2018, at 3:27 pm, Mike Everest <mike@duxtel.com> wrote:
Officially, our advice to all of our customers and partners is, and has always been, "never upgrade routerOS unless there is something in the new version that you need or want”
Unfortunately this isn’t great advice today, although I can understand the reasoning behind it.
That is still the case now - noting that 'fix severe security vulnerability' definitely comes in under the category of 'want or need' ;-)
Cheers!
My POV is security fixes are more need than want. In some situations you won’t want to upgrade immediately for any number of reasons. If this is the case you should perform a risk analysis and implement the necessary mitigation strategies to minimise your risk.
As soon as you can upgrade, you should upgrade in my opinion.
Some food for thought - From memory the average time most people take to discover they've been compromised is 18 months.
Jason
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
Ooops, RB3011 HW AES is in 6.43. On Mon, 10 Sep 2018 at 21:22, Jason Hecker (Up & Running Tech) < jason@upandrunningtech.com.au> wrote:
Well, <snort> stable 6.43 just got released. How many of you will push that out over the next few days? :) Alas it doesn't look like it has RB3011 hardware AES yet which is in the RC.
On Mon, 10 Sep 2018 at 17:32, Mike Everest <mike@duxtel.com> wrote:
Absolutely!
Security fixes are DEFINITELY "want or need", and agreed - emphasis is on 'need' in those cases ;)
However, updates that only offer new features that you don’t currently use, or fix bugs that don't affect you are not worth the downtime caused by install, or potential break in functionality caused by introducing new bugs that did not previously exist! :-D
So,... our advice still stands :-}
(and we follow our own advice too! ;)
Incidentally, we also encourage bugfix release stream as well for all production equipment (unless there is a 'want or need' type feature in other streams.
Cheers!
Mike.
-----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Jason Ross Sent: Monday, 10 September 2018 5:06 PM To: MikroTik Australia Public List <public@talk.mikrotik.com.au> Subject: Re: [MT-AU Public] MT Uptime
Hi Mike,
On 10 Sep 2018, at 3:27 pm, Mike Everest <mike@duxtel.com> wrote:
Officially, our advice to all of our customers and partners is, and has always been, "never upgrade routerOS unless there is something in the new version that you need or want”
Unfortunately this isn’t great advice today, although I can understand the reasoning behind it.
That is still the case now - noting that 'fix severe security vulnerability' definitely comes in under the category of 'want or need' ;-)
Cheers!
My POV is security fixes are more need than want. In some situations you won’t want to upgrade immediately for any number of reasons. If this is the case you should perform a risk analysis and implement the necessary mitigation strategies to minimise your risk.
As soon as you can upgrade, you should upgrade in my opinion.
Some food for thought - From memory the average time most people take to discover they've been compromised is 18 months.
Jason
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au
http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
"Hardware accelerated IPsec for 3011 is not included in this release. Unfortunately, we could not get it working stable enough in time. It will be available in 6.44." https://forum.mikrotik.com/viewtopic.php?f=21&t=138995 -----Original Message----- From: Public <public-bounces@talk.mikrotik.com.au> On Behalf Of Jason Hecker (Up & Running Tech) Sent: Monday, 10 September 2018 7:24 PM To: MikroTik Australia Public List <public@talk.mikrotik.com.au> Subject: Re: [MT-AU Public] MT Uptime Ooops, RB3011 HW AES is in 6.43. On Mon, 10 Sep 2018 at 21:22, Jason Hecker (Up & Running Tech) < jason@upandrunningtech.com.au> wrote:
Well, <snort> stable 6.43 just got released. How many of you will push that out over the next few days? :) Alas it doesn't look like it has RB3011 hardware AES yet which is in the RC.
On Mon, 10 Sep 2018 at 17:32, Mike Everest <mike@duxtel.com> wrote:
Absolutely!
Security fixes are DEFINITELY "want or need", and agreed - emphasis is on 'need' in those cases ;)
However, updates that only offer new features that you don’t currently use, or fix bugs that don't affect you are not worth the downtime caused by install, or potential break in functionality caused by introducing new bugs that did not previously exist! :-D
So,... our advice still stands :-}
(and we follow our own advice too! ;)
Incidentally, we also encourage bugfix release stream as well for all production equipment (unless there is a 'want or need' type feature in other streams.
Cheers!
Mike.
-----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Jason Ross Sent: Monday, 10 September 2018 5:06 PM To: MikroTik Australia Public List <public@talk.mikrotik.com.au> Subject: Re: [MT-AU Public] MT Uptime
Hi Mike,
On 10 Sep 2018, at 3:27 pm, Mike Everest <mike@duxtel.com> wrote:
Officially, our advice to all of our customers and partners is, and has always been, "never upgrade routerOS unless there is something in the new version that you need or want”
Unfortunately this isn’t great advice today, although I can understand the reasoning behind it.
That is still the case now - noting that 'fix severe security vulnerability' definitely comes in under the category of 'want or need' ;-)
Cheers!
My POV is security fixes are more need than want. In some situations you won’t want to upgrade immediately for any number of reasons. If this is the case you should perform a risk analysis and implement the necessary mitigation strategies to minimise your risk.
As soon as you can upgrade, you should upgrade in my opinion.
Some food for thought - From memory the average time most people take to discover they've been compromised is 18 months.
Jason
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au
http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com .au
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com .au
-- <https://www.upandrunningtech.com.au> _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
RB3011 AES HW acceleration is in 6.43.1 just out this morning. Who dares try? :) On Mon, 10 Sep 2018 at 22:31, Andrew Oakeley <andrew@oakeley.com.au> wrote:
"Hardware accelerated IPsec for 3011 is not included in this release. Unfortunately, we could not get it working stable enough in time. It will be available in 6.44." https://forum.mikrotik.com/viewtopic.php?f=21&t=138995
-----Original Message----- From: Public <public-bounces@talk.mikrotik.com.au> On Behalf Of Jason Hecker (Up & Running Tech) Sent: Monday, 10 September 2018 7:24 PM To: MikroTik Australia Public List <public@talk.mikrotik.com.au> Subject: Re: [MT-AU Public] MT Uptime
Ooops, RB3011 HW AES is in 6.43.
On Mon, 10 Sep 2018 at 21:22, Jason Hecker (Up & Running Tech) < jason@upandrunningtech.com.au> wrote:
Well, <snort> stable 6.43 just got released. How many of you will push that out over the next few days? :) Alas it doesn't look like it has RB3011 hardware AES yet which is in the RC.
On Mon, 10 Sep 2018 at 17:32, Mike Everest <mike@duxtel.com> wrote:
Absolutely!
Security fixes are DEFINITELY "want or need", and agreed - emphasis is on 'need' in those cases ;)
However, updates that only offer new features that you don’t currently use, or fix bugs that don't affect you are not worth the downtime caused by install, or potential break in functionality caused by introducing new bugs that did not previously exist! :-D
So,... our advice still stands :-}
(and we follow our own advice too! ;)
Incidentally, we also encourage bugfix release stream as well for all production equipment (unless there is a 'want or need' type feature in other streams.
Cheers!
Mike.
-----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Jason Ross Sent: Monday, 10 September 2018 5:06 PM To: MikroTik Australia Public List <public@talk.mikrotik.com.au> Subject: Re: [MT-AU Public] MT Uptime
Hi Mike,
On 10 Sep 2018, at 3:27 pm, Mike Everest <mike@duxtel.com> wrote:
Officially, our advice to all of our customers and partners is, and has always been, "never upgrade routerOS unless there is something in the new version that you need or want”
Unfortunately this isn’t great advice today, although I can understand the reasoning behind it.
That is still the case now - noting that 'fix severe security vulnerability' definitely comes in under the category of 'want or need' ;-)
Cheers!
My POV is security fixes are more need than want. In some situations you won’t want to upgrade immediately for any number of reasons. If this is the case you should perform a risk analysis and implement the necessary mitigation strategies to minimise your risk.
As soon as you can upgrade, you should upgrade in my opinion.
Some food for thought - From memory the average time most people take to discover they've been compromised is 18 months.
Jason
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au
http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com .au
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com .au
-- <https://www.upandrunningtech.com.au> _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
[yaleman@keepyourstinkinmittsoff] /system package update> download channel: current current-version: 6.42.6 latest-version: 6.43 status: Downloaded 59% (6.1MiB) :D On Mon, 10 Sep 2018, at 21:22, Jason Hecker (Up & Running Tech) wrote:
Well, <snort> stable 6.43 just got released. How many of you will push that out over the next few days? :) Alas it doesn't look like it has RB3011 hardware AES yet which is in the RC.
On Mon, 10 Sep 2018 at 17:32, Mike Everest <mike@duxtel.com> wrote:
Absolutely!
Security fixes are DEFINITELY "want or need", and agreed - emphasis is on 'need' in those cases ;)
However, updates that only offer new features that you don’t currently use, or fix bugs that don't affect you are not worth the downtime caused by install, or potential break in functionality caused by introducing new bugs that did not previously exist! :-D
So,... our advice still stands :-}
(and we follow our own advice too! ;)
Incidentally, we also encourage bugfix release stream as well for all production equipment (unless there is a 'want or need' type feature in other streams.
Cheers!
Mike.
-----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Jason Ross Sent: Monday, 10 September 2018 5:06 PM To: MikroTik Australia Public List <public@talk.mikrotik.com.au> Subject: Re: [MT-AU Public] MT Uptime
Hi Mike,
On 10 Sep 2018, at 3:27 pm, Mike Everest <mike@duxtel.com> wrote:
Officially, our advice to all of our customers and partners is, and has always been, "never upgrade routerOS unless there is something in the new version that you need or want”
Unfortunately this isn’t great advice today, although I can understand the reasoning behind it.
That is still the case now - noting that 'fix severe security vulnerability' definitely comes in under the category of 'want or need' ;-)
Cheers!
My POV is security fixes are more need than want. In some situations you won’t want to upgrade immediately for any number of reasons. If this is the case you should perform a risk analysis and implement the necessary mitigation strategies to minimise your risk.
As soon as you can upgrade, you should upgrade in my opinion.
Some food for thought - From memory the average time most people take to discover they've been compromised is 18 months.
Jason
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
-- <https://www.upandrunningtech.com.au> _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
Only privately accessible though, all good ! None of our gear is accessible to the public.
Lateral movement, my favourite vector. :) James On Mon, 10 Sep 2018, at 12:49, Paul Julian wrote:
Only privately accessible though, all good ! None of our gear is accessible to the public.
You would think they would redo the SNMP to be 64 bit, but nah....
Paul
-----Original Message----- From: Public <public-bounces@talk.mikrotik.com.au> On Behalf Of Philip Loenneker Sent: Monday, 10 September 2018 12:44 PM To: MikroTik Australia Public List <public@talk.mikrotik.com.au> Subject: Re: [MT-AU Public] MT Uptime
Yay for 32 bit numbers! I ended up writing a script a while back that used plink to scrape the uptime of devices (not just MT) because of this "feature".
And as per Nick's comment, there are various exploits that weren't publicly known, let alone patched, 497 days ago :)
-----Original Message----- From: Public <public-bounces@talk.mikrotik.com.au> On Behalf Of Nick Pratley Sent: Monday, 10 September 2018 12:36 PM To: MikroTik Australia Public List <public@talk.mikrotik.com.au> Subject: Re: [MT-AU Public] MT Uptime
Sounds exploitable :-)
On Mon, 10 Sep 2018 at 11:55 am, Paul Julian <paul@buildingconnect.com.au> wrote:
You know something is working OK when you hit the snmp integer uptime limit of the device, 497 days, then it goes back to zero again, who said Mikrotik devices weren't reliable.....
Paul
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com. au
--
Kind Regards, *Nick Pratley* P: 0448 379 418 E: nick@npratley.net _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
Wow, I think I’ll just keep quiet next time, I wasn’t asking for advice from anybody really, just thought I would share an interesting fact. Regards Paul On 10 Sep 2018, at 4:26 pm, James Hodgkinson <yaleman@ricetek.net> wrote:
Only privately accessible though, all good ! None of our gear is accessible to the public.
Lateral movement, my favourite vector. :)
James
On Mon, 10 Sep 2018, at 12:49, Paul Julian wrote: Only privately accessible though, all good ! None of our gear is accessible to the public.
You would think they would redo the SNMP to be 64 bit, but nah....
Paul
-----Original Message----- From: Public <public-bounces@talk.mikrotik.com.au> On Behalf Of Philip Loenneker Sent: Monday, 10 September 2018 12:44 PM To: MikroTik Australia Public List <public@talk.mikrotik.com.au> Subject: Re: [MT-AU Public] MT Uptime
Yay for 32 bit numbers! I ended up writing a script a while back that used plink to scrape the uptime of devices (not just MT) because of this "feature".
And as per Nick's comment, there are various exploits that weren't publicly known, let alone patched, 497 days ago :)
-----Original Message----- From: Public <public-bounces@talk.mikrotik.com.au> On Behalf Of Nick Pratley Sent: Monday, 10 September 2018 12:36 PM To: MikroTik Australia Public List <public@talk.mikrotik.com.au> Subject: Re: [MT-AU Public] MT Uptime
Sounds exploitable :-)
On Mon, 10 Sep 2018 at 11:55 am, Paul Julian <paul@buildingconnect.com.au> wrote:
You know something is working OK when you hit the snmp integer uptime limit of the device, 497 days, then it goes back to zero again, who said Mikrotik devices weren't reliable.....
Paul
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com. au
--
Kind Regards, *Nick Pratley* P: 0448 379 418 E: nick@npratley.net _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
participants (8)
-
Andrew Oakeley
-
James Hodgkinson
-
Jason Hecker (Up & Running Tech)
-
Jason Ross
-
Mike Everest
-
Nick Pratley
-
Paul Julian
-
Philip Loenneker