5 Aug
2018
5 Aug
'18
4:41 p.m.
Upgrading won’t mean you can never ever be infected again.
As I always tell everyone over and over again: “secure your sh*t” (pardon my french) this
is very very very important.
Block all winbox (and other unneeded services) from everywhere but your own management
ranges/ips.
And make sure your computers/servers on that management range/ip is also secure and clean.
Ruben - ON3RVH
On 5 Aug 2018, at 22:19, Rob Janssen <pe1chl(a)amsat.org> wrote:
Before, or as
soon as you attach a piece of equipment to our network
(or anywhere else, for that matter) IMMEDIATELY CHANGE THE PASSWORD.
Oh, and be careful when upgrading firmware: in
far too many devices
when you flash new firmware into it, the password gets reset to the
factory default. Be sure to check it afterwards!
But, do not see this as a reason to not upgrade firmware!
It is really important to keep firmware uptodate, as e.g. was seen in the recent
case of MikroTik routers being compromised because they were running firmware
before version 6.42.1 which has a vulnerability that allows a remote user to
retrieve the correct password from the router! This was fixed some time ago
(current version is 6.42.6) but people didn't upgrade, and their router became
infected with a botnet that essentially allows it do do anything.
In this case, it is also important to change the password after the upgrade,
not because it would be reset, but because it could be known to an attacker who
retrieved it before the upgrade. In that case they can still login after upgrade!
(more details on how to avoid such things can be found on the MikroTik forum, but
even the "cannot do! too difficult for me!" type of operator still can upgrade
the
software as this is only a matter of two clicks in the user interface)
Rob
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net