The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

    Mastodon

  • Twitter Updates

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 1,839 other subscribers

Archive for the ‘Network-and-equipment’ Category

« Previous Entries
Next Entries »

Mikrotik RouterOS scripting: for loops are a bit of getting used to

Posted by jpluimers on 2017/07/18

Earlier, I wrote “:for loops are a strange beast so I will elaborate on those in a separate post.” so now is the time to do that.

The :for loop documentation is very dense:

Command Syntax Description
for :for <var> from=<int> to=<int> step=<int> do={ <commands> } execute commands over a given number of iterations

So a for loop has these elements:

  • from=
  • to=
  • step=
  • do=

Luckily, the old RouterOS 2.7 documentation on loops (which they’ve revamped after Router OS 2.7 removing many useful examples) has this:

:for – It has one unnamed argument, the name of the loop variable. from argument is the starting value for the loop counter, tovalue is the final value. This command counts loop variable up or down starting at from and ending with to, inclusive, and for each value it executes the do statement. It is possible to change the increment from the default 1 (or -1), by specifying the stepargument.

[admin@MikroTik] > :for i from=1 to=100 step=37  do={:put ($i . " - " . 1000/$i)}
1 - 1000
38 - 26
75 - 13
[admin@MikroTik] >

You might think that from= the start value, to= the finish value and the loop won’t execute when step= a positive value and from= larger than to=. Or that without a step= the loop will always iterate in ascending order.

Wrong! And wrong!

So it’s time for some…

:for loop examples

Read the rest of this entry »

Posted in Development, Internet, MikroTik, Power User, RouterOS, routers, Scripting, Software Development | Leave a Comment »

TomatoUSB – selectively save/restore NVRAM settings before/after upgrading

Posted by jpluimers on 2017/07/14

TomatoUSB recommends a NVRAM reset (or 30/30/30 reset) before and after upgrades.

This means you loose all your settings which causes a lot of people to not upgrade at all.

The steps to export/import are a bit vague as they depend on what you want to save.

It basically comes down to do this on the old configuration

nvram export --set

Save that output to a local file and then use a search tool searching for specific sections you want to restore.

After you restored the sections ensure you persist them:

nvram commit

This is what the TomatoUSB author usually searches for:

Read the rest of this entry »

Posted in Internet, Power User, routers, TomatoUSB | Leave a Comment »

3.6 GIG – Public-Mikrotik-Bandwidth-Test-Server – MikroTik RouterOS

Posted by jpluimers on 2017/07/10

Don’t abuse: 3.6 GIG – Public-Mikrotik-Bandwidth-Test-Server – MikroTik RouterOS [WayBack]

Primary btest server (for short high speed bursts):

Read the rest of this entry »

Posted in Hardware, Internet, MikroTik, Network-and-equipment, Power User, routers, WinBox | 6 Comments »

Mikrotik RouterOS /ip firewall address-list timeout values sort-of documented

Posted by jpluimers on 2017/07/05

Thanks to ZeroByte answering at [Answered] Where are ip firewall address-list timeout values documented – MikroTik RouterOS [WayBack] which I edited a bit here:

I haven’t seen anything specific to the format of these time tokens, but the firewall add-to-address-list timeout is documented here:
http://wiki.mikrotik.com/wiki/Manual:IP … Properties…It seems to take the same format as any other similar duration-related input I’ve encountered:
  • a raw number is interpreted as seconds
You can specify a number as another duration with tokens:
  • s = seconds (default)
  • m = minutes
  • h = hours
  • d = days
  • w = weeks

A few aspects:

  • Tokens can combine be in any order
  • Whitespace is ignored

So these are all valid:

2s 2h 2w
1w2d3h4m5s
5s4m3h2d1w

  • Days and weeks just get added together. If you specify 1w8d, this is the same as 2w1d
  • The last value specified may be in h:m:s format or in h:m (omit seconds)
  • Interestingly, if you mix and match, they just get added:
    • “1d 2h 12:30” -> “1d 14:30:00”
  • Values larger than 536870911 seconds are stored and tracked but when displayed show as 0sec.
    (248 days, 13:13:55)
  • The maximum value is 4294967295 seconds (which is the maximum 32-bit value)
    This decodes to: 7101w3d6h28m15s as the largest value….
    (7101 weeks is ~136 years counting for leap years, by the way)

–jeroen

Posted in Development, Internet, MikroTik, Power User, RouterOS, routers, Scripting, Software Development | Leave a Comment »

Tunneling over WebSockets

Posted by jpluimers on 2017/07/04

Just found out about these interesting links I had loved to use years ago, but alas, now I know (:

It looks similar to SSL VPN sometimes also called WebVPN:

Then there are non-VPN tunnels through WebSockets:

Since WebSockets can run over a proxy server you could route any kind of binary traffic through them even in places that disallow non-web protocols or layer-7 inspect https traffic.

Although ops might restrict stuff even further:

–jeroen

Posted in Internet, Network-and-equipment, Power User, VPN | Leave a Comment »

middelink/mikrotik-fwban: Use your Mikrotik firewall to do fail2ban like blocking of unwanted IPs. Written in Go

Posted by jpluimers on 2017/06/26

Edit 20260501: be careful, as this damaged the NAND memory of my router because of too many write cycles. Root cause: too high update frequency.

Interesting: middelink/mikrotik-fwban: Use your Mikrotik firewall to do fail2ban like blocking of unwanted IPs. Written in Go.

It might beat these (that just count SSH connections, not failed connection attempts)

Read the rest of this entry »

Posted in Development, Hardware, Internet, MikroTik, Network-and-equipment, Power User, RouterOS, routers, Scripting, Software Development, WinBox | Leave a Comment »

How to turn on your lights the Philips way

Posted by jpluimers on 2017/06/23

This was too funny to let go unnoticed: [WayBack] How to turn on the light at home, Philips Version – Kristian Köhntopp – Google+.

It was shown during [Archive.isGoogle Cloud Next 2017 in Amsterdam and immediately reminded me of The Big Bang Theory – How to turn on a lamp below.

A few notable entries from the comments:

  • Wie viele Server braucht man bei Philips, um eine Glühbirne zu wechseln?
  • Apple macht das wohl ähnlich, hier dient ein AppleTV oder ein iPad als “Bridge zur Bridge”.
  • They’re at least honest — the icon of the cloud in the upper left prominently displays a “waiting” circle animation. I also notice the use of the word “looks” rather than “works” in the title, which is probably also accurate.

–jeroen

Read the rest of this entry »

Posted in Cloud, Fun, Infrastructure, IoT Internet of Things, Network-and-equipment, Power User | Leave a Comment »

With so many vulnerabilities out there, here is how to find out of if a fixed…

Posted by jpluimers on 2017/06/23

For my blog archive as I already shared it on G+

[WayBack] With so many vulnerabilities out there, here is how to find out of if a fixed is applied to vulnerabilities on Debian/Ubuntu Linux using CVE. – Jeroen Wiert Pluimers – Google+

[WayBackDebian/Ubuntu Linux: Find If Installed APT Package Includes a Fix/Patch Via CVE Number – nixCraft

Explains how to view the changelog of an installed package on a Debian or Ubuntu Linux server to find out if a fix/patch applied via CVE number.

Hans Wolters:
And find all packages that belong to one cve :-)

zgrep -i cve /usr/share/doc/*/changelog.Debian.gz|grep 1000364

–jeroen

 

Posted in OpenVPN, Power User, Security | Leave a Comment »

The Bogon Reference – Team Cymru

Posted by jpluimers on 2017/06/23

WHAT IS A BOGON, AND WHY SHOULD I FILTER IT?

A bogon prefix is a route that should never appear in the Internet routing table. A packet routed over the public Internet (not including over VPNs or other tunnels) should never have a source address in a bogon range. These are commonly found as the source addresses of DDoS attacks.

Source: The Bogon Reference – Team Cymru

The regular Bogon list is pretty static (last change in 2012), so I’ve listed the text version below. But the full Bogon list (including unused IPv4 space) is dynamic.

0.0.0.0/8
10.0.0.0/8
100.64.0.0/10
127.0.0.0/8
169.254.0.0/16
172.16.0.0/12
192.0.0.0/24
192.0.2.0/24
192.168.0.0/16
198.18.0.0/15
198.51.100.0/24
203.0.113.0/24
224.0.0.0/4
240.0.0.0/4

–jeroen

Posted in Internet, Power User, routers, Security | Leave a Comment »

MikroTik SFP module compatibility table – MikroTik Wiki

Posted by jpluimers on 2017/06/19

Paraphrased from MikroTik SFP module compatibility table – MikroTik Wiki [WayBack]:

SFP+ interface compatibility settings with 1G links

For MikroTik devices with SFP+ interface that support both 10G and 1G link rate following settings are needed to be set on both linked devices for required interfaces. In order to get them working in 1G link rate.

  • auto-negotiation disabled
  • port speed 1G
  • FD

Devices which SFP+ ports support 1G links:

Devices which SFP+ interfaces can be used only for 10G links:

Some caveats leading to the above info: CCR1036-8G-2S+ SFP Problems – MikroTik RouterOS [WayBack]

–jeroen

Posted in Internet, MikroTik, Power User, routers | Leave a Comment »

« Previous Entries
Next Entries »