Geekzone: technology news, blogs, forums
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.

View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 
4081 posts

Uber Geek
+1 received by user: 1768


  # 1343442 15-Jul-2015 07:49
Send private message

The best thing about Mikrotik is that they come as a blank canvas. No assumptions are made in terms of what configuration is required.
And yea, if you are using it as a local dns server it will listen on ALL interfaces.
First thing to do would be create a 'drop all from wan' rule and then build the required 'accept' rules above that.

27989 posts

Uber Geek
+1 received by user: 7469

Biddle Corp
Lifetime subscriber

  # 1343447 15-Jul-2015 08:09
Send private message

Zeon: Thanks for the help Ralph, I think your suggestion was spot on.

For those interested it looks like our router was running an Open DNS resolver being used in a DNS amplification attack.

When I had got the router I only configured the PPP details and WLAN and presumed that the firewall must be preset but obviously not!

It's a Mikrotik RouterOS device. You could access the web control panel, SSH, telnet - pretty much everything over the WAN interface....

The default Mikrotik router configuration has a drop rule on the Ether1.

It's important if you configure a VLAN10 or use PPPoE that you replicate this rule on the VLAN10 or PPPoE inbound interface.


Mr Snotty
8732 posts

Uber Geek
+1 received by user: 4642

Lifetime subscriber

  # 1343450 15-Jul-2015 08:17
Send private message

Damn, I didn't ask that since I presumed you would firewall all the ports :)

I personally always run a port scan via GRC Shield's Up to confirm it is firewalled even if I know it is. With some routers it may surprise you.

3467 posts

Uber Geek
+1 received by user: 464


  # 1344690 15-Jul-2015 14:00
Send private message

Yea, my mistake on that presumption! I struggled to use the web-UI on Mikrotik to configure the firewall - it ended up being the command line was actually more user friendly :S

1 | 2 
View this topic in a long page with up to 500 replies per page Create new topic

Twitter and LinkedIn »

Follow us to receive Twitter updates when new discussions are posted in our forums:

Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:

Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:

News »

Spark Sport launches across a range of new devices
Posted 22-Jul-2019 13:19

Dunedin selects Telensa to deliver smart street lighting for 15,000 LEDs
Posted 18-Jul-2019 10:21

Sprint announces a connected wallet card with built-in IoT support
Posted 18-Jul-2019 08:36

Educational tool developed at Otago makes international launch
Posted 17-Jul-2019 21:57

Symantec introduces cloud access security solution
Posted 17-Jul-2019 21:48

New Zealand government unveils new digital service to make business easier
Posted 16-Jul-2019 17:35

Scientists unveil image of quantum entanglement
Posted 13-Jul-2019 06:00

Hackers to be challenged at University of Waikato
Posted 12-Jul-2019 21:34

OPPO Reno Z now available in New Zealand
Posted 12-Jul-2019 21:28

Sony introduces WF-1000XM3 wireless headphones with noise cancellation
Posted 8-Jul-2019 16:56

Xero announces new smarter tools, push into the North American market
Posted 19-Jun-2019 17:20

New report by Unisys shows New Zealanders want action by social platform companies and police to monitor social media sites
Posted 19-Jun-2019 17:09

ASB adds Google Pay option to contactless payments
Posted 19-Jun-2019 17:05

New Zealand PC Market declines on the back of high channel inventory, IDC reports
Posted 18-Jun-2019 17:35

Air New Zealand uses drones to inspect aircraft
Posted 17-Jun-2019 15:39

Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.

Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.