Re: [44net] network equipment passwords

Changing the password won’t do a thing with the latest mikrotik exploits as they circumvented the password and downloaded the password database Ruben - ON3RVH > On 6 Aug 2018, at 16:43, Robert Keyes <robertwkeyes(a)gmail.com> wrote: > > Ha ha this is the type of thing I deal with all the time at work. CHANGE > THE PASSWORD and don't use a dumb password! In our case, that means don't > use your call sign, among other things. > >> On Sun, Aug 5, 2018 at 4:41 PM, Ruben ON3RVH <on3rvh(a)on3rvh.be> wrote: >> >> Upgrading won’t mean you can never ever be infected again. >> As I always tell everyone over and over again: “secure your sh*t” (pardon >> my french) this is very very very important. >> Block all winbox (and other unneeded services) from everywhere but your >> own management ranges/ips. >> And make sure your computers/servers on that management range/ip is also >> secure and clean. >> >> Ruben - ON3RVH >> >> On 5 Aug 2018, at 22:19, Rob Janssen <pe1chl(a)amsat.org> wrote: >> >>>> Before, or as soon as you attach a piece of equipment to our network >>>> (or anywhere else, for that matter) IMMEDIATELY CHANGE THE PASSWORD. >>> >>>> Oh, and be careful when upgrading firmware: in far too many devices >>>> when you flash new firmware into it, the password gets reset to the >>>> factory default. Be sure to check it afterwards! >>> >>> But, do not see this as a reason to not upgrade firmware! >>> It is really important to keep firmware uptodate, as e.g. was seen in >> the recent >>> case of MikroTik routers being compromised because they were running >> firmware >>> before version 6.42.1 which has a vulnerability that allows a remote >> user to >>> retrieve the correct password from the router! This was fixed some time >> ago >>> (current version is 6.42.6) but people didn't upgrade, and their router >> became >>> infected with a botnet that essentially allows it do do anything. >>> >>> In this case, it is also important to change the password after the >> upgrade, >>> not because it would be reset, but because it could be known to an >> attacker who >>> retrieved it before the upgrade. In that case they can still login >> after upgrade! >>> >>> (more details on how to avoid such things can be found on the MikroTik >> forum, but >>> even the "cannot do! too difficult for me!" type of operator still can >> upgrade the >>> software as this is only a matter of two clicks in the user interface) >>> >>> Rob >>> >>> _________________________________________ >>> 44Net mailing list >>> 44Net(a)mailman.ampr.org >>> https://mailman.ampr.org/mailman/listinfo/44net >> >> _________________________________________ >> 44Net mailing list >> 44Net(a)mailman.ampr.org >> https://mailman.ampr.org/mailman/listinfo/44net >> >