Skip to content
Aug 30 / thebrotherswisp

TheBrothersWISP – Why Should I Use IPv6?

Nick, John, Miller, Tommy, Mike, and Greg talk about the various reasons to do IPv6 or not, some of the hurdles to implement, and use cases.

We also discuss:
Business case for IPv6
Islands of knowledge
Consumer vs Enterprise
Dual stacking
P2P addressing
Subnet sizes
Subnet sizes to deliver to customers
Prefix delegation via DHCP
AAAA and IPv6 DNS
Hotspots and IPv6
SLAAC
Various address types
Neighbor tables
ICMP in IPv6

Help support us by becoming a patron! <==join our Slack team!
Keep contacting us: contactus (at) thebrotherswisp.com or https://facebook.com/thebrotherswisp

Click the link below to view the article!

Aug 27 / Greg

Protect Your Network From Mikrotik Exploits

Attacks on older versions of Mikrotik have stepped up recently. You can easily protect your network from such attacks in a couple of simple steps.

1. Update your Mikrotik to a new version that isn’t affected

1
system package upgrade

2. Disable any unneeded Mikrotik services

1
2
ip services
dis 0,1,2,3,4,7

3. Add firewall rules to protect those services – be sure to drag it to the top of the list

1
2
3
4
5
6
7
/ip firewall address-list
# create an address-list where management traffic will be sourced from
add address=192.168.5.0/24 list=management
 
/ip firewall filter
# create a firewall drop rule that will block access to the allowed ip services if it's not from the management subnet
add action=drop chain=input dst-port=80,8291 protocol=tcp src-address-list=!management

Create entries in an address list that will specify what your management subnets are.


If you would like to protect Mikrotiks inside of your network, you should apply similar rules to the forward chain of your border routers.

This obviously isn’t a complete security policy, or all of the firewall rules you should have in place, but it will at a minimum stop attacks.

If you have been comprimised, you really should update, then verify no new users, firewall rules, socks, or web proxies are in place.

You then need to change all of your user/password combos as part of the exploits is extraction of the user database!

You should update ASAP. A best strategy would be to reset the configuration, update, and rebuild.

Aug 19 / thebrotherswisp

TheBrothersWISP 74 – Protect your tik, Ciena Metro E, Unresponsive Customers



This week Greg, Dave, Mike, Miller and Andrew Cox totally bro out and talk about manly things…and at the end Greg feels all the feels, so use caution if that’s not your thing 😉

This cast we talk about:
Dragonwav’s annoucement
Bare minimum to protect your Mikrotik
Greg Trains on Ciena Metro E Kit
Ciena 3930
Ciena 8700
Monitoring customers with overlapping subnets?
Working with unresponsive customers

Help support us by becoming a patron! <==join our Slack team!
Keep contacting us: contactus (at) thebrotherswisp.com or https://facebook.com/thebrotherswisp

Click the link below to view the article!

Aug 5 / thebrotherswisp

TheBrothersWISP 73 – Mikrotik 4011, security, MTU, cheap fiber tools



This week Greg, Dave, and Mike trade our favorite recipes.

This cast we talk about:
Mikrotik 4011 first look
Mikrotik 4011 second look
Wireless Wire MTU Issue – regular wireless l2mtu of 1600
Mikrotik selling CWDM muxes and optics
Mikrotik coinhive crytpojacking
More botnets taking advantage of winbox holes up to version 6.42
Mikrotik has a security blog
Locating fiber in the field – VFL
ST to LC adapter for a VFL
Ubiquiti Fiber PoE – tranciever with passive PoE out (McAfee)

Help support us by becoming a patron! <==join our Slack team!
Keep contacting us: contactus (at) thebrotherswisp.com or https://facebook.com/thebrotherswisp

Click the link below to view the article!

Jul 12 / thebrotherswisp

TBW 71: Where oh were could Greg be?



This cast we talk about:
NEWS: Cambium launches the e700 outdoor WiFi AP
NEWS: RF Elements gets hornier
Mikrotik have found a bit of focus on LTE, HOORAY!
NEWS: Mikrotik: RB450Gx4 and hEX S new products + discuss the inevitable refresh of Omnitik AC, Dynadish, Netmetal
Mikrotik switching – State of Play 1H2018
Ham Stuff

Help support us by becoming a patron! <==join our Slack team!
Keep contacting us: contactus (at) thebrotherswisp.com or https://facebook.com/thebrotherswisp

Here’s the video:(if you don’t see it, hit refresh)

Jun 22 / Greg

Mikrotik – Move WAN To PoE Out Port

On many Mikrotik devices there is a PoE out port on ether 5, but the WAN port defaults to ether 1. Here’s a quick tutorial on moving the WAN over to ether 5 to power up the CPE straight from their home router.

Jun 10 / thebrotherswisp

TheBrothersWISP 70 – LHG60g, Vendor Stagnation, Why Ham?



This week Greg, Dave, and Mike get jazzy. Can you notice the better audio?

This cast we talk about:
Mikrotik LHG60 available around 15th of this month
stagnation in vendors vs wireless in emerging markets
Caching on https
USAC – FCC subsidized telecom costs for govn’t organizations
UBNT starts looking into AirMax MPLS issues
Project Fi
Mike asks what fiber tools do you find essential (non termination tools)
ham radio license / topics / legally buy Mikrotik intl versions
Amature radio bands
Tytera (TYT) MD-380 DMR Digital Two Way Radio

Help support us by becoming a patron! <==join our Slack team!
Keep contacting us: contactus (at) thebrotherswisp.com or https://facebook.com/thebrotherswisp

Click the link below to view the article!