Upgrading won’t mean you can never ever be infected again. As I always tell everyone over and over again: “secure your sh*t” (pardon my french) this is very very very important. Block all winbox (and other unneeded services) from everywhere but your own management ranges/ips. And make sure your computers/servers on that management range/ip is also secure and clean.
Ruben - ON3RVH
On 5 Aug 2018, at 22:19, Rob Janssen pe1chl@amsat.org wrote:
Before, or as soon as you attach a piece of equipment to our network (or anywhere else, for that matter) IMMEDIATELY CHANGE THE PASSWORD.
Oh, and be careful when upgrading firmware: in far too many devices when you flash new firmware into it, the password gets reset to the factory default. Be sure to check it afterwards!
But, do not see this as a reason to not upgrade firmware! It is really important to keep firmware uptodate, as e.g. was seen in the recent case of MikroTik routers being compromised because they were running firmware before version 6.42.1 which has a vulnerability that allows a remote user to retrieve the correct password from the router! This was fixed some time ago (current version is 6.42.6) but people didn't upgrade, and their router became infected with a botnet that essentially allows it do do anything.
In this case, it is also important to change the password after the upgrade, not because it would be reset, but because it could be known to an attacker who retrieved it before the upgrade. In that case they can still login after upgrade!
(more details on how to avoid such things can be found on the MikroTik forum, but even the "cannot do! too difficult for me!" type of operator still can upgrade the software as this is only a matter of two clicks in the user interface)
Rob
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net