[HamWAN PSDR] OPP outage and vulnerability warning

Tony Ross w7efs at centurylink.net
Wed Mar 28 20:47:56 PDT 2018 

I am naturally suspicious of anything with "win" in its name, such as 
"winbox".

     Tony  W7EFS

On 03/28/2018 10:18 AM, JOSEPH WOMACK wrote:
>
> You may want to check out:
>
> The Mikrotik RouterOS-Based Botnet
>
> https://security.radware.com/ddos-threats-attacks/threat-advisories-attack-reports/mikrotik-botnet/
>
> Hajime Botnet Makes a Comeback With Massive Scan for MikroTik Routers
>
> https://www.bleepingcomputer.com/news/security/hajime-botnet-makes-a-comeback-with-massive-scan-for-mikrotik-routers/
>
> Joe
>
> *From:*PSDR <psdr-bounces at hamwan.org> *On Behalf Of *Bart Kus
> *Sent:* Saturday, March 24, 2018 6:19 PM
> *To:* psdr at hamwan.org
> *Subject:* Re: [HamWAN PSDR] OPP outage and vulnerability warning
>
> Seattle-ER1 has been rolled back to a snapshot and is serving OPP 
> again. If your tunnel is still down, please complain.
>
> --Bart
>
> On 3/24/2018 5:28 PM, Tom Hayward wrote:
>
>     This morning I discovered a bunch of failed login attempts to
>     HamWAN routers coming from other HamWAN routers. When checking the
>     list of logged in users, there weren't any. Apparently something
>     was able to remotely execute code on HamWAN routers without
>     logging in. I think it may be related to this:
>     https://forum.mikrotik.com/viewtopic.php?t=119255. Nigel and I
>     worked to identify the traffic and patch the hole. We were able to
>     stop it through a combination of firewall rules, disabling
>     services, and upgrading software.
>
>     One casualty is that upgrading the software on Seattle-ER1 broke
>     the OPP IPsec configuration. We haven't figured out how to fix
>     this, so OPP is down for now.
>
>     To protect your equipment from this exploit, you can disable
>     unnecessary services like this:
>
>     /ip service disable telnet,ftp,www,api,winbox,api-ssl
>
>     Make sure to do this from SSH so that you know it's working before
>     disabling Winbox!
>
>     This is a reminder of the importance of strict firewall rules.
>     Nigel is a wise man.
>
>     Tom
>
>
>
>
>     _______________________________________________
>
>     PSDR mailing list
>
>     PSDR at hamwan.org <mailto:PSDR at hamwan.org>
>
>     http://mail.hamwan.net/mailman/listinfo/psdr
>
>
>
> _______________________________________________
> PSDR mailing list
> PSDR at hamwan.org
> http://mail.hamwan.net/mailman/listinfo/psdr

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.hamwan.net/pipermail/psdr/attachments/20180328/0414fea0/attachment.html>

More information about the PSDR mailing list