Community discussions

Search found 6 matches

by fflo
Thu Jun 20, 2019 6:23 pm
Forum: General
Topic: Linux vulnerabilities: CVE-2019-11477, CVE-2019-11478, CVE-2019-11479
Replies: 15
Views: 3000

Re: Linux vulnerabilities: CVE-2019-11477, CVE-2019-11478, CVE-2019-11479

As a sum up current recommended workaround bugfix is adding the following filters to the firewall until the patched packages are available? /ip firewall raw add action=drop chain=prerouting protocol=tcp tcp-mss=0-535 tcp-flags=syn log=no log-prefix="SACK" comment="SACK Panic: CVE-2019-11477, CVE-201...
by fflo
Thu Jun 20, 2019 4:46 pm
Forum: General
Topic: SACKpanic CVE-2019-11477
Replies: 1
Views: 682

SACKpanic CVE-2019-11477

Hi, is Mikrotik RouterOS affected by CVE-2019-11477, CVE-2019-11478 and CVE-2019-5599? https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md https://packetstormsecurity.com/files/153346/Kernel-Live-Patch-Security-Notice-LSN-0052-1.html https://access.redhat.com...
by fflo
Tue May 07, 2019 2:46 am
Forum: General
Topic: BGP multithreaded
Replies: 17
Views: 4850

Re: BGP multithreaded

Any update on this topic?
Using CCR1072 equipment no-one likes to get stuck with a hanging routing table on one core and route insert or modification times of 15-20 minutes.
by fflo
Sat Mar 23, 2019 11:04 am
Forum: General
Topic: BGP multithreaded
Replies: 17
Views: 4850

Re: BGP multithreaded

@Mikrotik
Is it possible to integrate FRRouting into RouterOS 6?
- https://frrouting.org/
- https://github.com/FRRouting/frr

Going this step should add BGP multithread support + full MPLS IPv6 / VPNv6 support.
by fflo
Sat Mar 23, 2019 9:59 am
Forum: General
Topic: Feature Request: 6VPE (VPNv6) - ipv6 address family
Replies: 4
Views: 1210

Re: Feature Request: 6VPE (VPNv6) - ipv6 address family

Any update on this issue?
by fflo
Wed Jan 02, 2019 3:29 pm
Forum: General
Topic: NordVpn and mikrotik?
Replies: 22
Views: 4118

Re: NordVpn and mikrotik?

@Mikrotik: Can you please add EAP authentication as initiator for RouterOS v6 to fix this issue?
At least IKEv2 with certificates and EAP auth, commonly used by many VPN providers, should be supported on current RouterOS.