[AusNOG] Mikrotik IPv6 Vulnerability - Must Read if you have Public IPv6 Facing Mikrotik

Joseph Goldman joe at apcs.com.au
Mon Apr 1 15:11:49 EST 2019 

Biggest issue is i still want to use their hardware, RouterBoards have 
some good products. hAP's for home CPE's, 3011's for SME and 1100x4's 
for corp and/or bottom of tower are great value for money. I know some 
boards you can flash WRT onto but its not as full featured, and Ubiquiti 
routers are also not as flexible from my limited exposure to them :(. If 
I could run something like VyOS on a routerboard I would.
On 2019-04-01 12:11 PM, Michael J. Carmody wrote:
>
> If you want to stay in the Mikrotik like space, VyOS is probably where 
> you need to be for BGP/Carrier networking.
>
> If looking for CPE/lower level again, pfSense or Edgerouter?
>
> -Michael
>
> *From:*AusNOG <ausnog-bounces at lists.ausnog.net> *On Behalf Of *Alex Samad
> *Sent:* Sunday, 31 March 2019 5:51 PM
> *To:* ausnog at lists.ausnog.net
> *Subject:* Re: [AusNOG] Mikrotik IPv6 Vulnerability - Must Read if you 
> have Public IPv6 Facing Mikrotik
>
> Sigh, how long have they promised V7 ...
>
> Think it was coming soon 7years ago
>
> Multithreaded BGP !
>
> "
>
> * There's a comment 'The fix is in v7' - theres a long running joke 
> that v7 will never emerge (it probably never will, they've lost most 
> of their senior engineers, and refuse to open source their code to 
> leverage their developers in the community)
>
> "
>
> is this whispers or documented somewhere ?
>
> What would some suggest as a good replacement ?
>
> A
>
> On Sat, 30 Mar 2019 at 09:48, Philip Loenneker 
> <Philip.Loenneker at tasmanet.com.au 
> <mailto:Philip.Loenneker at tasmanet.com.au>> wrote:
>
>     Unfortunately this apparently fixes 2x softlock issues, but not a
>     memory leak that results in a reboot of the device.
>
>     You can read from here on to see more information:
>
>     https://forum.mikrotik.com/viewtopic.php?f=2&t=147048#p723977
>
>     Regards,
>
>     *Philip Loenneker | Network Engineer**| TasmaNet*
>
>     *From:*AusNOG <ausnog-bounces at lists.ausnog.net
>     <mailto:ausnog-bounces at lists.ausnog.net>> *On Behalf Of *Shane Clay
>     *Sent:* Friday, 29 March 2019 10:08 PM
>     *To:* ausnog at lists.ausnog.net <mailto:ausnog at lists.ausnog.net>
>     *Subject:* Re: [AusNOG] Mikrotik IPv6 Vulnerability - Must Read if
>     you have Public IPv6 Facing Mikrotik
>
>     Looks like a fix is on the way:
>
>     What's new in 6.45beta22 (2019-Mar-29 08:37):
>
>     Changes in this release:
>
>     !) ipv6 - fixed soft lockup when forwarding IPv6 packets
>     (CVE-2018-19299);
>
>     !) ipv6 - fixed soft lockup when processing large IPv6 Neighbor
>     table (CVE-2018-19298);
>
>     https://mikrotik.com/download/changelogs/testing-release-tree
>
>     Shane Clay
>
>     Caznet
>
>     *From:*AusNOG <ausnog-bounces at lists.ausnog.net
>     <mailto:ausnog-bounces at lists.ausnog.net>> *On Behalf Of *Noel Butler
>     *Sent:* Friday, 29 March 2019 12:02 PM
>     *To:* ausnog at lists.ausnog.net <mailto:ausnog at lists.ausnog.net>
>     *Subject:* Re: [AusNOG] Mikrotik IPv6 Vulnerability - Must Read if
>     you have Public IPv6 Facing Mikrotik
>
>     On 29/03/2019 11:17, Mike Everest wrote:
>
>         On the point of "the fix is in v7"
>
>     v7  has for a great many years, been code for  "too hard basket"
>
>     -- 
>
>     Kind Regards,
>
>     Noel Butler
>
>     This Email, including any attachments, may contain legally
>     privileged information, therefore remains confidential and subject
>     to copyright protected under international law. You may not
>     disseminate, discuss, or reveal, any part, to anyone, without the
>     authors express written authority to do so. If you are not the
>     intended recipient, please notify the sender then delete all
>     copies of this message including attachments, immediately.
>     Confidentiality, copyright, and legal privilege are not waived or
>     lost by reason of the mistaken delivery of this message. Only PDF
>     <http://www.adobe.com/> and ODF
>     <http://en.wikipedia.org/wiki/OpenDocument> documents accepted,
>     please do not send proprietary formatted documents
>
>     _______________________________________________
>     AusNOG mailing list
>     AusNOG at lists.ausnog.net <mailto:AusNOG at lists.ausnog.net>
>     http://lists.ausnog.net/mailman/listinfo/ausnog
>
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20190401/6946dda9/attachment.html>

More information about the AusNOG mailing list