[HamWAN PSDR] OPP outage and vulnerability warning
Bart Kus
me at bartk.us
Sat Mar 24 18:19:26 PDT 2018
Seattle-ER1 has been rolled back to a snapshot and is serving OPP
again. If your tunnel is still down, please complain.
--Bart
On 3/24/2018 5:28 PM, Tom Hayward wrote:
> This morning I discovered a bunch of failed login attempts to HamWAN
> routers coming from other HamWAN routers. When checking the list of
> logged in users, there weren't any. Apparently something was able to
> remotely execute code on HamWAN routers without logging in. I think it
> may be related to this:
> https://forum.mikrotik.com/viewtopic.php?t=119255. Nigel and I worked
> to identify the traffic and patch the hole. We were able to stop it
> through a combination of firewall rules, disabling services, and
> upgrading software.
>
> One casualty is that upgrading the software on Seattle-ER1 broke the
> OPP IPsec configuration. We haven't figured out how to fix this, so
> OPP is down for now.
>
> To protect your equipment from this exploit, you can disable
> unnecessary services like this:
>
> /ip service disable telnet,ftp,www,api,winbox,api-ssl
>
> Make sure to do this from SSH so that you know it's working before
> disabling Winbox!
>
> This is a reminder of the importance of strict firewall rules. Nigel
> is a wise man.
>
> Tom
>
>
> _______________________________________________
> PSDR mailing list
> PSDR at hamwan.org
> http://mail.hamwan.net/mailman/listinfo/psdr
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.hamwan.net/pipermail/psdr/attachments/20180324/751f9bda/attachment.html>
More information about the PSDR
mailing list