2. 2
2
• Network engineer and enthusiast for a long time
• Working as a Trainer/Analyst @ APNIC
• Have an exposer with multi-vendor multi-platform different
technologies
• A security minded person
• Would love to contribute to the community
zobair.khan@apnic.net
$ whois MD ZOBAIR KHAN
9. 9
9
Port 53
More than 70k ports are open
More than 60k have recursion enabled
Vulnerable to DNS exploits including amplification attack, cache poisoning,
spoofing etc
Lots of Mikrotik devices
Filter if not needed
Introduce ACL in recursion
Do security hardening for Mikrotik
10. 10
10
Port 161
More than 70k ports are open
Around 20k have SNMP version 1 enabled with public community
Information like Interface description, IP addresses, routing table etc. can be
accessed without any authorization.
Lots of Mikrotik devices
Use SNMP version 3
Introduce ACL and different SNMP community name
Do security hardening for Mikrotik
11. 11
11
Port 2000
More than 70k ports are open
Almost all of them are Mikrotik Bandwidth Test Server
Opens another attach surface for the attackers
Turn it off in production network
Do security hardening for Mikrotik
12. 12
12
Port 179
More than 55k ports are open
3k are running BGP
Attack surface for DDoS, BGP Hijack, Route Leak, Internet Disruption etc.
Use ACL, GTTL, BGP MD5 or TCP-AO, RPKI, MANRS, BCP 194
13. 13
13
Port 80
More than 50k ports are open
More than 9k are from Mikrotik
All the interface details and PPPoE usernames are visible without any
authorization in Mikrotik via port 80
Attack surface for Apache, nginx, Microsoft IIS, Cisco/Mikrotik HTTP etc.
Use firewall, TLS