image from mikrotik.com
I Recently changed my router from TP Link’s Archer C2 and now Mikrotik’s 951G-2HnD after running weeks of unpatched system. TP Link or most of the consumer WiFi routers are left vulnerable from KRACK and yet people are constantly accessing their bank accounts or confidential work materials or servers. A sample successful attack can be found below:
Mikrotik is one of the cheapest enterprise ready OS for your network compared to Cisco, Juniper, etc.. The good thing about Mikrotik is that you can either purchase the machine preloaded with the operating system or you can build your own hardware and purchase the license.
Mikrotik’s configuration is also not that complicated, there are several options on how you may want to configure it. You can use ssh, web admin panel or a windows application called winbox.
As a startup configuration you can check the ssh commands below but you need to tweak it to fit your own network.
Update: The method above consumes a lot of CPU and its much more better to do block it by IP or through DNS.