MikroTik

Mikrotik RouterOS ver.: 2.9.7
nmap ver.: 4.10
pptp server: not enabled
pptp port: nmap reported open

problem: after nmap scanned ROS host, ROS reported weird pptp connect tries in the log and created two bogus buggy pptp dynamic connections that when tried to remove crashed winbox, and CPU usage got 100% and all traffic was slower because of this...

Now I think I should've tried to remove the bogus pptp cons via telnet and see if CPU goes to normal but... I guess I was too busy to play around with this.

Someone try to reproduce and report to MT devs if a fix is needed. Thanks. edit: reproduce on the latest version is needed...

P.S. I want to express my joy that mikrotik exists and there are such wonderful people on this forum. Although currently my development is at education state I am sure that I will choose to work with Mikrotik products. Cheers.

I can't reproduce with nmap 3.77 and 2.9.17 ... with or without 1723 open.

Paste in the command and results of nmap if you can... as well as any log entries on mikrotik so we can see whats happening.

Sam

Successfully reproduced on the older 2.9.7:

nmap v4.00 command: (the first time I used 4.01 & same cmd)
nmap <IPaddr> -P0 -sV -O -A

http://www.geocities.com/dot_bot_id/pptp-experiment.gif - screenshot
http://www.geocities.com/dot_bot_id/ppt ... iment2.gif - screenshot of CPU graph
http://www.geocities.com/dot_bot_id/pptp-experiment.txt - LOG
http://www.geocities.com/dot_bot_id/ppt ... iment2.txt - nmap output

Happened on my other MT 2.9.7 on a VMWare too but only with one bogus pptp connection.

Also note that pptp server is enabled in both cases. The first time pptp server was not enabled but maybe it was another bug that it was not showing it as enabled but really was enabled...

I would suggest you do an upgrade. I remember back in 2.9.6 if the BWTest server was left on and somebody did an nmap to the routers ip, it would simply crash and reboot after a few minutes.

I think that MT dev team is dealing with phenomena like this from time to time and the newer versions do not face issues like the above.

I've tested it on the latest ver. 2.9.17 too. I installed it with all packages, didn't touch any config, I only enabled pptp server. Scanned with the nmap command and the problem is there.

This is a serious DenialOfService issue. Shame on all of you @ mikrotikls...

Hmmm, is THIS the weird 2.9.x reboot thing we have just started to see over the last few days ?

On two occasions now EVERY PUBLICALLY AVAILABLE 2.9.x MT on our network rebooted within 2 mins of each other. The 2.8.28's were unhurt.
Have been scratching our heads furiously.

This soft is like swiss cheese mate

What's new in 2.9.18:

*) fixed bug - dhcp server, dhcp client and hotspot could show up as
invalid in case of many (> 10) vlan interfaces;
*) added back ospf logs, they were removed since 2.9.13;
*) fixed vrrp mac address restoring after reboot;
*) upgraded SysKonnect SK-98xx/SK-95xx Gigabit Ethernet driver;
*) inceased the speed of CDMA modems;
*) fixed netwatch missing ping replies;
*) added ability to reset counters for single queue;
*) fixed bug - PPTP server started to use 100% CPU after NMAPing it;
*) changed behaviour of scheduler entries that have start-time=startup:
use router uptime instead of clock time,
if interval is not 0, then do not run that entry immedeately after startup;
*) added radius-default-domain setting for hotspot server profile;

'bout time.....