Recently, Mikrotik added a REST server as a new API for managing the router. It is a nice alternative to their proprietary API when automating RouterOS.
However, young software usually contains bugs. Sometimes, these bugs are security-related, and, together with not-so-safe defaults, they may create a vulnerability.
A few months ago, as part of our investigations on IPv6 security in the NetSecurityLab @ Sapienza University, we discovered a vulnerability that allows attackers to bypass rules in pf-based IPv6 firewalls in particular conditions. Let’s see some details of this vulnerability.
Debian in LXC/Proxmox works flawlessly, except for some systemd utility daemons. Instead of disabling those services, we can leverage Linux capabilities to achieve the same results.
Winbox, the MikroTik RouterOS management application, uses a proprietary link-layer protocol to discover and connect to RouterOS appliances. It’s useful when you have a router with a bad/unknown network configuration.
Let’s see how we can use it on Linux and WINE.
While still very useful, the old definition of NAT types is outdated. The new definition accurately reflects the kind of NAT present in the network and what we can expect from the translator.
In the last two days, I was preparing a virtual environment for some tests about MariaDB replication.
TL;DR: the Cisco VPN 3000 Concentrator has a bug that allows you to create a DoS (and maybe a MITM) by sending the wrong netmask in IPSec phase 2.
Sometimes the network setup isn't the one that you find in a textbook.
Despite the web is full of pages about fogproject and Windows 10, there are many different things that you need to do in order to make fog to deploy a Windows 10 image in a fully automated way (without your physical intervention).
As many IT folks, I have my VPS (for instance, this website is running on it).
Important note! Apparently now RouterOS supports hostnames in address lists (tested in 6.