By: David Dean

This Qrator Labs blog post describes a large botnet recently discovered that exploits MikroTik routers:

ISPApp uniquely protects your Tiks by allowing you to control all your routers from your secure cloud server while blocking all inbound management ports on your devices.

According to the Qrator Labs blog post this botnet opens port 5678 on the routers. You can check your network for this open port using nmap like this:

nmap -p 5678

If the port is open you will get a result like this:

Nmap scan report for

Host is up (0.012s latency).


5678/tcp open unknown