28 Mar
2018
28 Mar
'18
8:20 p.m.
On Wed, Mar 28, 2018 at 11:05:53AM -0700, Tom Hayward wrote:
On Wed, Mar 28, 2018 at 9:59 AM, Ruben ON3RVH
<on3rvh(a)on3rvh.be> wrote:
it is not wise to block port 8291, because the exploitable service is
on http port 80 tcp.
also, port 8291 is the winbox admin iface, which most sysop's use, when they
are not firm in using the ssh console. if they'd like to issue a firmware
upgrade for the security update, but can't use the program they normaly use,
it's a bit contra productive..
blocking tcp port 80 on core routers is also not a really good idea ;)
..except if you like discuss what's the most harmful protocol and the dead
of the internet ;))
vy 73,
- Thomas dl9sau
A central syslog and firewalled 8291 ports with
logging would be a better
solution imho :)
Grep seems less of a strain than tshark and would be quicker I imagine
44.24.240.0/20 and 44.25.0.0/16 do both of these things. Port 8291 is now
blocked at the edge routers. This could be why they dropped off of Rob's
list, although we also upgraded the RouterOS version.