[sliken]

I've heard of Mikrotik, seemed popular with SysAdmin types, at least until they were widely targeted by some malicious folks looking to compromise SysAdmins to exploit the networks they manage.

Found one of many mentions (sorry for the long URL): https://www.trendmicro.com/vinfo/us/security/news/cybercrime...

I heard something about software limiting the routers, so you had to pay for license upgrades to get full functionality out of their routers. Any truth to that?

[garganzol]

The amount of security weaknesses in Mikrotik is low and they get immediately patched. Those guys do excellent software updates and there are tons of resources to get help at.

Regarding the pay for a license to get the full functionality. There is no chance a home or ordinary office user will ever hit any limitations within a stock license. The upgrade might be needed only for the ultimate stuff in realm of BGP tunnels and stuff alike.

[mopsi]

My memory isn't perfect, but from the past few years I've had Mikrotiks, I don't remember any effective attacks against properly configured devices. By "proper configuration" I mean disabled telnet, no management access from the internet, and other really basic precautions.

The 200 000 devices mentioned in the article you linked all had management port exposed to the whole world, which is something that should never be done.