[ Bug/Vulnerability] RouterOS requires PIM enabled on subscriber interfaces for IGMP to work
Posted: Thu Sep 06, 2018 11:55 am
sfp-sfpplus2 is the uplink interface where the RP can be located.
Code: Select all
/routing pim interface add interface=sfp-sfpplus2 protocols=pim add interface=ether8 protocols=igmp /routing pim rp add address=10.0.1.2
ether8 is the client interface the IPTV receiver is connected to. The receiver subscribes to an IPTV stream via IGMP.
Hence, only the IGMP protocol is enabled on ether8.
However this setup won't work at all.
Only when I enable BOTH pim and igmp on ether8 it starts working.
This is a big security risk as RouterOS starts sending PIM hello messages out ether8 trying to establish adjacencies. No hosts on the ether8 interfaces should be able to be part of the PIM domain or see PIM traffic.
What's going on here?