@Druvis - is that any chance that we can test the firewall via traffic-generator. I think that someone mentioned about that on the MUM. Are u familiar with that?
Great, we’ll use this pcap method to record and inject traffic in dynamic positioning ships networks, to increase confidentiality in redundancy machinery arrangements to sustain worst case failure. Thanks.
There is no straight answer to that, but it will be a lot more secure in both cases if you only connect through a tunnel. Wireguard is particularly good as it does not respond to port scans.
Could anyone help me? I followed all these steps and everything was going right way however my router doesnt have enough Total HDD memory for my injected file pcap. it is extremly larger than my router's HDD space. Obviously i cut down my file.pcap from 350Mb to 70 Mb and neighbor routers were not going to crash. I wonder to know what size of file.pcap do i need to overload neighbor routers?
Not sure. Perhaps you can use a USB drive. Alternatively a fun experiment might be write a script that generates raw data for traffic generator to inject ;)
This type of an attack can cause a reboot in devices by other manufacturers too. The only reason that it is possible to do this is that the compromised device is in a trusted network with neighbor discovery enabled.
@@RB01-lite the fact that other manufacturers have buggy or fragile software too isn't a valid argument for not fixing the bugs / weaknesses leading to such an easy denial of service attack
This series format is super interesting, but really, it's more valuable if you present red team AND blue team approach
the pcap injection is quite nice to test frewall's
@Druvis - is that any chance that we can test the firewall via traffic-generator.
I think that someone mentioned about that on the MUM.
Are u familiar with that?
I have one thing to say about these new mikrotik videos.... MORE. :)
How to protect from above mentioned flood?
You have to disable cdp on interfaces, that dont need it.
Another option is to configure port security.
@@pierromaximus Port security is not always option, besides, this can be passed thru WiFi.
@@maigonis.elleris You can isolate WIFI clients in separate VLAN and disable cdp on SVI interface.
Druves .you are good ,where do you get all these knowledge from . Recommend books to me 🙏
The internet is the best resource. But if you want a good book here is one that I liked - 'The Art of Learning' by Josh Waitzkin.
is it mendatory to use CDP packet ..? i mean if i want to test that on my router but i don't have Kali linux..!
Great, we’ll use this pcap method to record and inject traffic in dynamic positioning ships networks, to increase confidentiality in redundancy machinery arrangements to sustain worst case failure. Thanks.
can you elaborate
Hackers movie?
Just don't hack NASA
Simply wait for the next video on how to protect yourself from dumb "hacks" like this :) and don't be so serious. If you have firewall, you are safe
@@mikrotikdumb hack 😱😱meaning there are far more hacks to be aware of 😅
Is disabling neighbor discovery enough to protect the router from this attack?
Yes, but even so, do not keep open ports to untrusted networks. To be extra safe, use VPN to access the router, all other ports should be firewalled.
Hei, is remote mikrotik through wifi with ssh more secure than remote it with winbox even if winbox port changed??
There is no straight answer to that, but it will be a lot more secure in both cases if you only connect through a tunnel. Wireguard is particularly good as it does not respond to port scans.
Could anyone help me? I followed all these steps and everything was going right way however my router doesnt have enough Total HDD memory for my injected file pcap. it is extremly larger than my router's HDD space.
Obviously i cut down my file.pcap from 350Mb to 70 Mb and neighbor routers were not going to crash.
I wonder to know what size of file.pcap do i need to overload neighbor routers?
Not sure. Perhaps you can use a USB drive. Alternatively a fun experiment might be write a script that generates raw data for traffic generator to inject ;)
because the CPU goes up by 30% when updating v7
Seems you paid too much, as you have 70% unused CPU resources 😎
What about the cpu of the router problem sir?
What is the problem?
how about cpu if have hack on mikrotik sir@@mikrotik
how show app yersinal grapn......?
hello
this ddos ?
It's dos, ddos means there are multiple devices used for the attack.
Yo no Ingles
mikrotik should just fix routeros so that simple attacks like this don't cause reboots
This type of an attack can cause a reboot in devices by other manufacturers too. The only reason that it is possible to do this is that the compromised device is in a trusted network with neighbor discovery enabled.
@@RB01-lite the fact that other manufacturers have buggy or fragile software too isn't a valid argument for not fixing the bugs / weaknesses leading to such an easy denial of service attack
Disabling firewall is not "denial of service", it is bad configuration
Thanks