[HamWAN PSDR] OPP outage and vulnerability warning

Tom Hayward tom at tomh.us
Sat Mar 24 17:28:55 PDT 2018

This morning I discovered a bunch of failed login attempts to HamWAN
routers coming from other HamWAN routers. When checking the list of logged
in users, there weren't any. Apparently something was able to remotely
execute code on HamWAN routers without logging in. I think it may be
related to this: https://forum.mikrotik.com/viewtopic.php?t=119255. Nigel
and I worked to identify the traffic and patch the hole. We were able to
stop it through a combination of firewall rules, disabling services, and
upgrading software.

One casualty is that upgrading the software on Seattle-ER1 broke the OPP
IPsec configuration. We haven't figured out how to fix this, so OPP is down
for now.

To protect your equipment from this exploit, you can disable unnecessary
services like this:

/ip service disable telnet,ftp,www,api,winbox,api-ssl

Make sure to do this from SSH so that you know it's working before
disabling Winbox!

This is a reminder of the importance of strict firewall rules. Nigel is a
wise man.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.hamwan.net/pipermail/psdr/attachments/20180324/918bc651/attachment.html>

More information about the PSDR mailing list