9 April 2019
Manchester Central Convention Complex
Europe/London timezone

Scanning IPv6 Address Space… and the remote vulnerabilities it uncovers

9 Apr 2019, 17:40
Charter 1, 2 & 3 (Manchester Central Convention Complex)

Charter 1, 2 & 3

Manchester Central Convention Complex

Petersfield Manchester M2 3GX
Standard Presentation Main Session


Marek Isalski (Faelix Limited)


During some research which found CVE-2018-19298 (MikroTik IPv6 Neighbor Discovery Protocol exhaustion), I uncovered a larger problem with MikroTik RouterOS’s handling of IPv6 packets. This led to CVE-2018-19299, an unpublished and as yet unfixed (despite almost one year elapsing since vendor acknowledgement) vulnerability in RouterOS which allows for remote, unauthenticated denial of service. Unpublished… until UKNOF 43!


Previously given at NetMcr (today). Two attendees suggested this as material for UKNOF43.

Talk Duration 15 minutes
May we live webcast the talk?<br />(recordings will be available publicly online) Yes
May we publish the slides on our website? Yes
Your consent for us to publish your name and<br />affiliation as a Speaker on the UKNOF43 website Yes

Primary author

Marek Isalski (Faelix Limited)

Presentation Materials

Your browser is out of date!

Update your browser to view this website correctly. Update my browser now