Community discussions

 
ners
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 99
Joined: Tue Mar 12, 2013 4:30 pm

[ Bug/Vulnerability] RouterOS requires PIM enabled on subscriber interfaces for IGMP to work

Thu Sep 06, 2018 11:55 am

/routing pim interface
add interface=sfp-sfpplus2 protocols=pim
add interface=ether8 protocols=igmp
/routing pim rp
add address=10.0.1.2
sfp-sfpplus2 is the uplink interface where the RP can be located.
ether8 is the client interface the IPTV receiver is connected to. The receiver subscribes to an IPTV stream via IGMP.
Hence, only the IGMP protocol is enabled on ether8.

However this setup won't work at all.
Only when I enable BOTH pim and igmp on ether8 it starts working.

This is a big security risk as RouterOS starts sending PIM hello messages out ether8 trying to establish adjacencies. No hosts on the ether8 interfaces should be able to be part of the PIM domain or see PIM traffic.

What's going on here?

Who is online

Users browsing this forum: MSN [Bot] and 111 guests