MikroTik is a network equipment manufacturer know for its low-cost routers used to provide both last-mile access to home users and are used in core network infrastructure. Although they are also known for the security flaws on their products.
- Characterize attacks to MikroTik devices (RouterOS);
- Automate Attack Classification based on CVE.
- We reveal the landscape of MikroTik devices worldwide. See our paper (to appear);
- We propose a realistic, easy deploy honeypot that mimics low-cost MikroTik routers;
- We propose an automated classification of the traffic collected at the honeypot and discuss ways for mitigating the collected attacks.
Our Honeypot: You can find our open source honeypot described in our repository.
Signatures: We have developed signatures for the well-known vulnerabilities related to the MikroTik devices. They are compatible with the Berkeley Packet Filter.