Recently, Mikrotik added a REST server as a new API for managing the router. It is a nice alternative to their proprietary API when automating RouterOS.
However, young software usually contains bugs. Sometimes, these bugs are security-related, and, together with not-so-safe defaults, they may create a vulnerability.
A few months ago, as part of our investigations on IPv6 security in the NetSecurityLab @ Sapienza University, we discovered a vulnerability that allows attackers to bypass rules in pf-based IPv6 firewalls in particular conditions. Let’s see some details of this vulnerability.
Debian in LXC/Proxmox works flawlessly, except for some systemd utility daemons. Instead of disabling those services, we can leverage Linux capabilities to achieve the same results.
Winbox, the MikroTik RouterOS management application, uses a proprietary link-layer protocol to discover and connect to RouterOS appliances. It’s useful when you have a router with a bad/unknown network configuration.
Let’s see how we can use it on Linux and WINE.
While still very useful, the old definition of NAT types is outdated. The new definition accurately reflects the kind of NAT present in the network and what we can expect from the translator.
In the last two days, I was preparing a virtual environment for some tests
about MariaDB replication. I was determined to use the same identical
settings of the production machine I was simulating: Debian 10, Docker,
MariaDB 10.4. I use terraform for these tests, which works pretty well
with the libvirt provider.
TL;DR: the Cisco VPN 3000 Concentrator has a bug that allows you to create a DoS (and maybe a MITM) by sending the wrong netmask in IPSec phase 2. You need valid credentials. Apparently there is no workaround or fix. It’s EOL, so maybe you may want to change it :-)
Sometimes the network setup isn't the one that you find in a textbook. Policy based routing is a mechanism to choose a route based on a policy (which can be anything, from the current time to the kind of packet/frame).
Despite the web is full of pages about fogproject and Windows 10, there are many different things that you need to do in order to make fog to deploy a Windows 10 image in a fully automated way (without your physical intervention). This is my guide, just in case.
As many IT folks, I have my VPS (for instance, this website is running on it). I use this virtual server mainly to host my blog and some other websites that I own. The main reason why I use a "server" (and not an "hosting solution") is that, in this case, I have complete access to the machine. I like to be able to customize my services from top to bottom, even if it's a simple blog.
Apparently now RouterOS supports hostnames in address lists (tested in 6.49.2). So this article is superseeded (just add an hostname in the address list to have it resolved dinamically).