By: David Dean

This Qrator Labs blog post describes a large botnet recently discovered that exploits MikroTik routers:

ISPApp uniquely protects your Tiks by allowing you to control all your routers from your secure cloud server while blocking all inbound management ports on your devices.

According to the Qrator Labs blog post this botnet opens port 5678 on the routers. You can check your network for this open port using nmap like this:

nmap -p 5678 192.168.1.0/24

If the port is open you will get a result like this:

Nmap scan report for 192.168.1.20

Host is up (0.012s latency).

PORT STATE SERVICE

5678/tcp open unknown