Much of keeping a MikroTik network safe is following general network security best practices. Regular updates are a crucial part of any successful defense strategy. Recommendations for protecting your MikroTik router A firewall rule that allows remote access through port 5678.An L2TP client called lvpn, (or any other L2TP client unfamiliar to you).You’ll find the setting under IP → SOCKS if you do not use it, disable it Remove this rule (under System → Scheduler), if present A rule that executes the script with the fetch () method.Therefore, MikroTik’s first recommendation is to look at device configuration and check for the following: When a router joins a botnet, cybercriminals change a number of settings in the device firmware. How to tell if your MikroTik router is part of a botnet
The company has published indicators of device compromise and issued recommendations. If a user didn’t change the password, then even updated firmware could let attackers log in to the router and start exploiting it again.Īccording to MikroTik, the routers that are now infected with Mēris are the same devices that were compromised back in 2018. Although MikroTik fixed the vulnerability back in 2018, apparently not all users updated their routers.įurthermore, even among those who did, not everyone followed the manufacturer’s additional password-change recommendations. Why MikroTik devices are joining the botnetĪ few years ago, security research discovered a vulnerability in MikroTik routers: Winbox, a configuration tool for MikroTik routers through which many devices were compromised. Therefore, to ensure your router has not joined the Mēris botnet (or any other botnet, for that matter), you need to follow a few recommendations.
Having analyzed the situation, MikroTik experts found no new vulnerabilities in the company’s routers however, old ones may still pose a threat. According to Qrator research, MikroTik’s network devices generated a fair share of the botnet’s traffic. Recent large-scale DDoS attacks using a new botnet called Mēris peaked at almost 22 million requests per second.
0 kommentar(er)
