UKNOF is being closed down during 2024, and this site is now only active as an archive of previous events and presentations.

9 April 2019
Manchester Central Convention Complex
Europe/London timezone

Scanning IPv6 Address Space… and the remote vulnerabilities it uncovers

9 Apr 2019, 17:40
15m
Charter 1, 2 & 3 (Manchester Central Convention Complex)

Charter 1, 2 & 3

Manchester Central Convention Complex

Petersfield Manchester M2 3GX
Standard Presentation Main Session

Speaker

Marek Isalski (Faelix Limited)

Description

During some research which found CVE-2018-19298 (MikroTik IPv6 Neighbor Discovery Protocol exhaustion), I uncovered a larger problem with MikroTik RouterOS’s handling of IPv6 packets. This led to CVE-2018-19299, an unpublished and as yet unfixed (despite almost one year elapsing since vendor acknowledgement) vulnerability in RouterOS which allows for remote, unauthenticated denial of service. Unpublished… until UKNOF 43!

Summary

Previously given at NetMcr (today). Two attendees suggested this as material for UKNOF43.

Talk Duration 15 minutes
May we live webcast the talk?<br />(recordings will be available publicly online) Yes
May we publish the slides on our website? Yes
Your consent for us to publish your name and<br />affiliation as a Speaker on the UKNOF43 website Yes

Primary author

Marek Isalski (Faelix Limited)

Presentation materials