Protecting Against DoS Attacks MikroTik Router Firewall Strategies

A recently disclosed vulnerability in MikroTik RouterOS has made it possible for attackers to perform DOS attacks. This vulnerability, known as CVE-2018-14847, can allow an attacker to gain access to the router's administration interface, which can lead to serious problems for network operators.

Today, we'll take a look at what this vulnerability is, what it can do, and how you can protect your network from it.

What is MikroTik RouterOS?

MikroTik RouterOS is a highly popular router operating system that powers many network devices, including routers, switches, and wireless access points. One of the strengths of RouterOS is its customizable configuration options that allow users to create a powerful and flexible network infrastructure.

RouterOS is also known for its extensive support for networking protocols, making it an attractive choice for network operators who need to work with complex networks.

What is the CVE-2018-14847 vulnerability?

The CVE-2018-14847 vulnerability is a vulnerability in the Winbox service of MikroTik RouterOS. Winbox is a GUI application that allows network administrators to configure and manage their RouterOS devices. It provides a simple and user-friendly interface that allows network administrators to easily manage complex network infrastructures.

The CVE-2018-14847 vulnerability allows an attacker to perform a directory traversal attack on the RouterOS device. This means that the attacker can access files on the router that they should not be able to access.

Specifically, the vulnerability allows an attacker to access the router's key store file, which contains the device's SSL/TLS private keys. These keys can be used to perform a man-in-the-middle attack on the router, giving the attacker access to the network traffic passing through the device.

What are the implications of the CVE-2018-14847 vulnerability?

The potential impact of the CVE-2018-14847 vulnerability is significant. If an attacker gains access to a router's administration interface, they could potentially perform a range of malicious activities, including:

Disrupting network traffic by performing a denial-of-service (DoS) attack on the router
Stealing sensitive information from the router, including usernames and passwords
Monitoring network traffic passing through the router and stealing sensitive information, including credit card numbers and other personal information
Infecting the router with malware

All of these activities could have serious implications for network operators, including loss of revenue, damage to reputation, and legal repercussions.

What can you do to protect your network?

If you have a MikroTik RouterOS device, it's important to take steps to protect your network from the CVE-2018-14847 vulnerability. Here are some things you can do:

Update RouterOS

The first step is to update your RouterOS device to the latest version. This vulnerability was patched in RouterOS versions 6.42.7, 6.40.9, and 6.43rc3. If you have not yet updated your device, we recommend doing so as soon as possible.

Disable Services

If you do not need the Winbox service, you can disable it to reduce the attack surface of your device. You can do this by going to the "IP" section of the RouterOS web interface, selecting "Services", and then unchecking the "winbox" box.

Similarly, if you do not need the SSH service, you can disable it to reduce the attack surface. You can do this by going to the "IP" section of the RouterOS web interface, selecting "Services", and then unchecking the "ssh" box.

Use Firewall Rules

You can also use firewall rules to block incoming traffic on the default Winbox and SSH ports (8291/tcp and 22/tcp, respectively). This can prevent attackers from exploiting this vulnerability and gaining access to your router's administration interface.

You can create a firewall rule to block incoming traffic on port 8291/tcp by going to the "IP" section of the RouterOS web interface, selecting "Firewall", and then selecting the "Filter Rules" tab. Click "Add New" and enter the following information:

Chain: input
Protocol: tcp
Dst. Port: 8291
Action: drop

You can create a similar rule to block incoming traffic on port 22/tcp.

Read also

Use Strong Passwords

Finally, we recommend using strong passwords to protect your RouterOS device. This can prevent attackers from easily gaining access to your router's administration interface even if they are able to exploit the CVE-2018-14847 vulnerability.

Make sure your password is at least 12 characters long and includes a mix of uppercase and lowercase letters, numbers, and special characters.

Conclusion

The CVE-2018-14847 vulnerability is a serious issue for MikroTik RouterOS users. However, with the right precautions, you can protect your network from this vulnerability and minimize the risk of an attack.

By updating your RouterOS device, disabling services you do not need, using firewall rules, and using strong passwords, you can keep your network safe and secure.