Posted by jpluimers on 2017/06/26
Edit 20260501: be careful, as this damaged the NAND memory of my router because of too many write cycles. Root cause: too high update frequency.
Interesting: middelink/mikrotik-fwban: Use your Mikrotik firewall to do fail2ban like blocking of unwanted IPs. Written in Go.
It might beat these (that just count SSH connections, not failed connection attempts)
Posted in Development, Hardware, Internet, MikroTik, Network-and-equipment, Power User, RouterOS, routers, Scripting, Software Development, WinBox | Leave a Comment »
Posted by jpluimers on 2017/06/23
WHAT IS A BOGON, AND WHY SHOULD I FILTER IT?
A bogon prefix is a route that should never appear in the Internet routing table. A packet routed over the public Internet (not including over VPNs or other tunnels) should never have a source address in a bogon range. These are commonly found as the source addresses of DDoS attacks.
Source: The Bogon Reference – Team Cymru
The regular Bogon list is pretty static (last change in 2012), so I’ve listed the text version below. But the full Bogon list (including unused IPv4 space) is dynamic.
0.0.0.0/8 10.0.0.0/8 100.64.0.0/10 127.0.0.0/8 169.254.0.0/16 172.16.0.0/12 192.0.0.0/24 192.0.2.0/24 192.168.0.0/16 198.18.0.0/15 198.51.100.0/24 203.0.113.0/24 224.0.0.0/4 240.0.0.0/4
–jeroen
Posted in Internet, Power User, routers, Security | Leave a Comment »
Posted by jpluimers on 2017/06/19
Paraphrased from MikroTik SFP module compatibility table – MikroTik Wiki [WayBack]:
SFP+ interface compatibility settings with 1G links
For MikroTik devices with SFP+ interface that support both 10G and 1G link rate following settings are needed to be set on both linked devices for required interfaces. In order to get them working in 1G link rate.
- auto-negotiation disabled
- port speed 1G
- FD
Devices which SFP+ ports support 1G links:
- All SFP+ interfaces can be used in 1G mode if required:
- Only SFP+1 supports 1G link speed, SFP+2 is for 10G links only:
Devices which SFP+ interfaces can be used only for 10G links:
Some caveats leading to the above info: CCR1036-8G-2S+ SFP Problems – MikroTik RouterOS [WayBack]
–jeroen
Posted in Internet, MikroTik, Power User, routers | Leave a Comment »
Posted by jpluimers on 2017/06/16
PCC load balancing saved my ass; here are some link I used:
Source: PCC side effect on Mikrotik Forum – MikroTik RouterOS
–jeroen
Posted in Development, Internet, MikroTik, Power User, RouterOS, routers, Scripting, Software Development | Leave a Comment »
Posted by jpluimers on 2017/06/15
I need to really put some effort in this:
–jeroen
Posted in Internet, MikroTik, Power User, routers | Leave a Comment »
Posted by jpluimers on 2017/06/14
Some links that inspired me for various Mikrotik firewall rules:
–jeroen
Posted in Development, Internet, MikroTik, Power User, RouterOS, routers, Scripting, Software Development | Leave a Comment »
Posted by jpluimers on 2017/06/13
For my research list:
–jeroen
Posted in Development, Internet, MikroTik, Power User, RouterOS, routers, Scripting, Software Development | Leave a Comment »
Posted by jpluimers on 2017/06/09
When you want your Mikrotik DHCP Server handout different gateways (or DNS/WINS/NTP/.. servers and other settings), many of the answers tell you to fiddle with the DHCP networks like DHCP Server different gateways – MikroTik RouterOS [WayBack] but lack concrete examples, so here we go elaborating a lot on DHCP server with static leases – MikroTik RouterOS [WayBack]:
Posted in Internet, MikroTik, Power User, routers | Leave a Comment »
Posted by jpluimers on 2017/06/08
The RouterOS scripting language you can use on Mikrotik device immediately shows it’s origin: the console.
As promised some links to questions I asked:
Posted in Development, Hardware, Internet, MikroTik, Network-and-equipment, Power User, RouterOS, routers, Scripting, Software Development, WinBox | 1 Comment »
Posted by jpluimers on 2017/06/07
When switching my DHCP to a Mikrotik CCR1009, both the AP7920 and AP7921 failed to get IP addresses. The APC7921 would look bounce between waiting and offered states like this:
The cause is the need of DHCP Option 43 (Vendor Class Identifier) specified in RFC2132 – based on [WayBack] RFC 2131 – Dynamic Host Configuration Protocol and [WayBack] RFC 1533 – DHCP Options and BOOTP Vendor Extensions – which I found first via these links:
Posted in Development, Internet, MikroTik, Power User, RouterOS, routers, Scripting, Software Development | 3 Comments »
The Wiert Corner - irregular stream of stuff 