[AusNOG] Mikrotik IPv6 Vulnerability - Must Read if you have Public IPv6 Facing Mikrotik

Michael J. Carmody michael at opusv.com.au
Mon Apr 1 17:17:45 EST 2019


The EdgeRouters EdgeOS is 95% VyOS in function and form.

Alternatively, grabbing some SDN friendly linux-able switch/route hardware and VyOS ‘ing it is very feasible.

And to take a swipe, about the same level of support as per Mikrotik anyway ;-)

-Michael



From: AusNOG <ausnog-bounces at lists.ausnog.net> On Behalf Of Joseph Goldman
Sent: Monday, 1 April 2019 3:12 PM
To: ausnog at lists.ausnog.net
Subject: Re: [AusNOG] Mikrotik IPv6 Vulnerability - Must Read if you have Public IPv6 Facing Mikrotik

Biggest issue is i still want to use their hardware, RouterBoards have some good products. hAP's for home CPE's, 3011's for SME and 1100x4's for corp and/or bottom of tower are great value for money. I know some boards you can flash WRT onto but its not as full featured, and Ubiquiti routers are also not as flexible from my limited exposure to them :(. If I could run something like VyOS on a routerboard I would.

On 2019-04-01 12:11 PM, Michael J. Carmody wrote:
If you want to stay in the Mikrotik like space, VyOS is probably where you need to be for BGP/Carrier networking.

If looking for CPE/lower level again, pfSense or Edgerouter?


-Michael


From: AusNOG <ausnog-bounces at lists.ausnog.net><mailto:ausnog-bounces at lists.ausnog.net> On Behalf Of Alex Samad
Sent: Sunday, 31 March 2019 5:51 PM
To: ausnog at lists.ausnog.net<mailto:ausnog at lists.ausnog.net>
Subject: Re: [AusNOG] Mikrotik IPv6 Vulnerability - Must Read if you have Public IPv6 Facing Mikrotik

Sigh, how long have they promised V7 ...
Think it was coming soon 7years ago

Multithreaded BGP !

"
* There's a comment 'The fix is in v7' - theres a long running joke that v7 will never emerge (it probably never will, they've lost most of their senior engineers, and refuse to open source their code to leverage their developers in the community)
"
is this whispers or documented somewhere ?


What would some suggest as a good replacement ?

A



On Sat, 30 Mar 2019 at 09:48, Philip Loenneker <Philip.Loenneker at tasmanet.com.au<mailto:Philip.Loenneker at tasmanet.com.au>> wrote:
Unfortunately this apparently fixes 2x softlock issues, but not a memory leak that results in a reboot of the device.
You can read from here on to see more information:
https://forum.mikrotik.com/viewtopic.php?f=2&t=147048#p723977

Regards,
Philip Loenneker | Network Engineer | TasmaNet

From: AusNOG <ausnog-bounces at lists.ausnog.net<mailto:ausnog-bounces at lists.ausnog.net>> On Behalf Of Shane Clay
Sent: Friday, 29 March 2019 10:08 PM
To: ausnog at lists.ausnog.net<mailto:ausnog at lists.ausnog.net>
Subject: Re: [AusNOG] Mikrotik IPv6 Vulnerability - Must Read if you have Public IPv6 Facing Mikrotik

Looks like a fix is on the way:



What's new in 6.45beta22 (2019-Mar-29 08:37):

Changes in this release:

!) ipv6 - fixed soft lockup when forwarding IPv6 packets (CVE-2018-19299);

!) ipv6 - fixed soft lockup when processing large IPv6 Neighbor table (CVE-2018-19298);



https://mikrotik.com/download/changelogs/testing-release-tree





Shane Clay

Caznet


From: AusNOG <ausnog-bounces at lists.ausnog.net<mailto:ausnog-bounces at lists.ausnog.net>> On Behalf Of Noel Butler
Sent: Friday, 29 March 2019 12:02 PM
To: ausnog at lists.ausnog.net<mailto:ausnog at lists.ausnog.net>
Subject: Re: [AusNOG] Mikrotik IPv6 Vulnerability - Must Read if you have Public IPv6 Facing Mikrotik


On 29/03/2019 11:17, Mike Everest wrote:
On the point of "the fix is in v7"




v7  has for a great many years, been code for  "too hard basket"

--

Kind Regards,

Noel Butler
This Email, including any attachments, may contain legally privileged information, therefore remains confidential and subject to copyright protected under international law. You may not disseminate, discuss, or reveal, any part, to anyone, without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments, immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message. Only PDF<http://www.adobe.com/> and ODF<http://en.wikipedia.org/wiki/OpenDocument> documents accepted, please do not send proprietary formatted documents


_______________________________________________
AusNOG mailing list
AusNOG at lists.ausnog.net<mailto:AusNOG at lists.ausnog.net>
http://lists.ausnog.net/mailman/listinfo/ausnog



_______________________________________________

AusNOG mailing list

AusNOG at lists.ausnog.net<mailto:AusNOG at lists.ausnog.net>

http://lists.ausnog.net/mailman/listinfo/ausnog

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20190401/3fa54741/attachment.html>


More information about the AusNOG mailing list