10 - 3:12 - Same IP on different interfaces 09 - 5:15 - Lack of monitoring 08 - 20:45 - DNS Issues 07 - 25:15 - Firewall Inefficiency 06 - 27:33 - NAT Issues 05 - 33:44 - Allowed IP Spoofing 04 - 39:45 - Bridge Issues 03 - 44:45 - PoE Issues 02 - 48:40 - Waiting for Hackers 01 - 52:00 - admin / no password

Very interesting talk, thank you!

just wow sir.

Great !

Great 👍

sir on minute 36:30 when you were discussing traffic generator tool, in packet templates you had 3 tabs General, MAC,IP. but in my routerOS i dont see those 3 Tabs, i only have a General TAB......i am using version 6.35, can you please tell me what version were you using when you prepared those slides? Regards azfar

At the NAT section, I supose I don't need the third rule since I'm only accepting related / established connections right?

2 interfaces can share the same LINK LOCAL address just fine, right? Such as using fe80::1 as ipv6 gw

Nice presentation , but on the DNS filtering there is no state for UDP , for what I know UDP is connectionless so you can't filter on new connection state isn't it ?

Hi Andis! Where slides can be downloaded? Thanks

my traineeer

i see some of those mistakes and i think... why doesn't RouterOS handles them? look at junos or IOSm they won't allow to configure overlapping ip/subnets on two interfaces in the same vrf

I was disabled the lan interface by winbox now I can’t able to access the router how to solve this issue

GNU/MikroTik

Haber si las vídeos sean traducidos en español ya que es la lengua que mas se habla en el mundo seria genial

[20:46] Why even implement this feature without any means to configure it the right way, like selecting interfaces for this service to be available on?

Using Mikrotik without studying all the bugs that affect you is probably #1

mikrotik

too long

Just skip this guy's autopromotion about resume and M$ Cerrified B$ and jump directly to kzfaq.info/get/bejne/eNGKe7V1m9nagYk.html

At 26 minutes in, talking about firewall inefficiency, Does this person have any knowledge of the subject matter? Apparently not. MikroTik has a stateful firewall and state tables should be examined before any of the configured rules. For traffic from any of the whitelisted IP addresses the return traffic from the web server should never reach the first firewall rule. It should just be permitted by the state table and that should happen very fast. It says this video was published by MikroTik and seeing misinformation like this gives me concern the company does not even know their own product. I have a very large investment in MikroTik equipment and maybe they have lost their talent that was knowledgeable. A better improvement would be to move the rule 9 up to the top since this is for a web server it should be expected that most of the inbound traffic would be hitting that rule. Also doesn't only the first packet of each connection run down the list of rules and all further packets of that connection would be handled in the state table?