[ogurechny]

0. There seems to be a MikroTik exploit, and all versions are vulnerable. Well, it possible that someone collected the passwords back in 2018, and used them to access updated devices this year, but I guess naaah.

I wonder what should happen to that fine company to make them stop running all the potentially vulnerable system configuration services on all interfaces by default. IP > Services is one of the locations anyone should check ASAP to make sure unneeded ones are disabled, but it's actually misleading. These are just preconfigured wrappers for some components, and others, like DNS or bandwidth test server mentioned in the article, are not shown even if they are running. There isn't even a netstat-like command to check which ports are open.

1. While reaching a record number, the attack against something on the scale of Yandex and Cloudflare is more of a maximum capacity test not limited by target's connectivity, and/or an advertisement for someone's DDoS services.

2. Still, it's an application-level DDoS, so you have to have a swift application-level detection in place if you don't want to just ban IP addresses (and potentially cut legal users from HTTP(S) APIs and other services that might be shared on the server or network).

3. Some skill was demonstrated in finding no-trivial weak points to amplify the server load.