Ha ha this is the type of thing I deal with all the time at work. CHANGE THE PASSWORD and don't use a dumb password! In our case, that means don't use your call sign, among other things.
On Sun, Aug 5, 2018 at 4:41 PM, Ruben ON3RVH on3rvh@on3rvh.be wrote:
Upgrading won’t mean you can never ever be infected again. As I always tell everyone over and over again: “secure your sh*t” (pardon my french) this is very very very important. Block all winbox (and other unneeded services) from everywhere but your own management ranges/ips. And make sure your computers/servers on that management range/ip is also secure and clean.
Ruben - ON3RVH
On 5 Aug 2018, at 22:19, Rob Janssen pe1chl@amsat.org wrote:
Before, or as soon as you attach a piece of equipment to our network (or anywhere else, for that matter) IMMEDIATELY CHANGE THE PASSWORD.
Oh, and be careful when upgrading firmware: in far too many devices when you flash new firmware into it, the password gets reset to the factory default. Be sure to check it afterwards!
But, do not see this as a reason to not upgrade firmware! It is really important to keep firmware uptodate, as e.g. was seen in
the recent
case of MikroTik routers being compromised because they were running
firmware
before version 6.42.1 which has a vulnerability that allows a remote
user to
retrieve the correct password from the router! This was fixed some time
ago
(current version is 6.42.6) but people didn't upgrade, and their router
became
infected with a botnet that essentially allows it do do anything.
In this case, it is also important to change the password after the
upgrade,
not because it would be reset, but because it could be known to an
attacker who
retrieved it before the upgrade. In that case they can still login
after upgrade!
(more details on how to avoid such things can be found on the MikroTik
forum, but
even the "cannot do! too difficult for me!" type of operator still can
upgrade the
software as this is only a matter of two clicks in the user interface)
Rob
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net