[GTER] Mikrotik IPv6 remote crash attack

Bruno Cabral bruno at openline.com.br
Mon Apr 1 10:07:58 -03 2019


Cursos e Consultoria BGP e OSPF
De: gter <gter-bounces at eng.registro.br> em nome de Fernando Frediani <fhfrediani at gmail.com>
Enviado: segunda-feira, 1 de abril de 2019 08:59
Para: Grupo de Trabalho de Engenharia e Operacao de Redes
Assunto: Re: [GTER] Mikrotik IPv6 remote crash attack

Se não é um bug nem uma vulnerabilidade qual seria o termo adequado ?


On Sun, 31 Mar 2019, 23:49 Rubens Kuhl, <rubensk at gmail.com> wrote:

> On Thu, Mar 28, 2019 at 8:10 PM Job Snijders <job at ntt.net> wrote:
> > Dear all,
> >
> > Word on the streets is that there is a serious bug in Mikrotik's IPv6
> > implementation. Given the popularity of Mikrotik in the Brasil region,
> > it would perhaps be good to keep an eye on the following:
> >
> >     https://forum.mikrotik.com/viewtopic.php?t=147048
> >
> >
> Mikrotik has now disclosed itself what the bugs are:
> https://forum.mikrotik.com/viewtopic.php?p=724264#p724238
> "There were two IPv6 related issues resolved in this version:
> 1) IPv6 packet forwarding might get stuck (due to IPv6 route cache
> processing) that could lead to Watchdog reboot;
> 2) IPv6 neighbor table processing might get stuck (due to large neighbor
> table) that could lead to Watchdog reboot.
> Seems that one of these was considered as CVE and another one was not.
> Since author of these CVEs still has a problem, seems that actually #1 was
> not included in this CVE. However, this "problem" actually is not much of
> an issue. RouterOS IPv6 route cache max size by default is 1 million. If
> you try to reach 1 million hosts in your network, route cache grows and can
> take up to 500 MB. If you have device that does not have such resources, it
> will reboot itself. If router has, for example, 1 GB of RAM - there is no
> problem. We will most likely allow to change cache size or will decide its
> size based on RAM size. However, it can not be considered as a bug or
> vulnerability. You make router work and then complain that resources are
> required to do the job. This is not a bug."
> Rubens
> --
> gter list    https://eng.registro.br/mailman/listinfo/gter
gter list    https://eng.registro.br/mailman/listinfo/gter

More information about the gter mailing list