With my total respect to Mikrotik let me tell you guys again that your ROS 6.43.4 is still vulnerable and tonight I was playing with the hacker by closing every single door to access my router. If you reset the configuration (which is what we usually do after RoS/firmware update), the option for autoupdate will be set to "off" and you can configure it by yourself as you want. It's similar thing to default configuration that forbids the logon from WAN port.
#Winbox 6.27 how to#
The reason is simple: if you just connect the device to network and you don't care about config at all, it become a ticking bomb for the rest of the network - this is is the way how to partially fix this kind of behavior (as it happens, and you cannot do anything about it). Yes, default value (when you erase configuration) should be "off", in "default configuration" (the factory default when you turn on the device for the first time) it imho should be "on". Just to be sure, I would like to say, that by " should be in default configuration" I don't mean "it should be default value". If you use MT it will be in most cases behind their router with port forwarding enabled.
Here, in country where I am from all home based routers CPE's are belonging to providers and are directly managed by them. That's my opinion based on 30 years of experience as system engineer/admin. No, if that ever sees day light then it should be an "opt in" option with warning sign on first connect screen otherwise it should be as it is now. And these usually don't run the critical applications, that does not survive two or three minutes outage during the night hours. Home users, who does not care much and leave the default config on (or those who does not understand/does not care) will get automatic updates and won't stay behind with old vulnerable versions.
#Winbox 6.27 upgrade#
I think that automatic upgrade could be in "default configuration" - if you do anything beyond average home configuration (like the example you described), first step with a new device is "remove default configuration" and then config the device from the very beginning, tailored to your needs. If you like automation there is what Normis proposed as a script for doing it. Not every one have Mikrotik in home or small office environment. I could be fired on the spot if I don't issue warning about down time. Automatic upgrade should be the default and is quickly becoming best practice.
0 kommentar(er)
