Not logged in — Log In DroneBL

What to do in case of a vulnerable MikroTik router

DroneBL has historically seen, and continues to see, excessive numbers of exploited/vulnerable MikroTik router devices. The vast majority of these are due to since-fixed software vulnerabilities in MikroTik's firmware, as well as common misconfigurations (e.g. exposing the configuration ports to the internet). Attackers can activate various proxy options on these devices to obscure their true IP address (using your MikroTik device's IP address) to attack and spam websites and other services on the Internet. If you've been directed to this page regarding a DroneBL listing, this is probably what has happened to you.

Here's what to do if your router is vulnerable:

  1. Upgrade your router to the latest security patches provided by MikroTik. Instructions are provided on MikroTik's website here: https://help.mikrotik.com/docs/display/ROS/Upgrading+and+installation
  2. Ensure that you recognize all user accounts present on the router, and that all users have secure passwords. Here's MikroTik's documentation for managing user accounts: https://help.mikrotik.com/docs/display/ROS/User#User-RouterUsers
  3. Ensure that you recognize all of the configuration options applied to your router, especially the proxy-related options:
    1. HTTP proxy: https://wiki.mikrotik.com/wiki/Manual:IP/Proxy
    2. SOCKS proxy: https://wiki.mikrotik.com/wiki/Manual:IP/SOCKS
    3. PPTP server: https://wiki.mikrotik.com/wiki/Manual:Interface/PPTP#PPTP_Server
    4. L2TP server: https://wiki.mikrotik.com/wiki/Manual:Interface/L2TP#L2TP_Server
    5. SSTP server: https://wiki.mikrotik.com/wiki/Manual:Interface/SSTP#SSTP_Server
  4. If possible, ensure that all MikroTik IP services only accept connections from the local network, using the address= syntax: https://wiki.mikrotik.com/wiki/Manual:IP/Services
  5. Protect access to the MikroTik router with firewall rules: https://help.mikrotik.com/docs/display/ROS/Building+Your+First+Firewall

If you've been directed here due to a DroneBL listing, please reply to your ticket email once you've followed these instructions to secure your MikroTik device, and we'll check whether the problem still exists.

kbuck / Jul-04-2021 23:40:22 GMT

Comments for What to do in case of a vulnerable MikroTik router

These are the 1 (6 hidden) comments for the above post. You may add your own comment about the blog entry below! (Removal requests made here are IGNORED as they do not belong here! Contact the maintainer instead.)

Duck (DroneBL) said on Feb-26-2024 20:23:47 GMT :

Please do not request removal by commenting on this article. Instead, query the IP address that's been listed from the homepage of this site, and on the listing page click "Request Removal". Requests made by commenting on this article will not be published, and your IP will not be removed from DroneBL.

Add your own comment

Your name
Captcha
Your comment
You can use markdown syntax here for formatting.