Netflix has identified several TCP networking vulnerabilities in the Linux kernel that is used in RouterOS.
-Netflix has identified several TCP networking vulnerabilities in FreeBSD and Linux kernels
-MAJOR CHANGES IN v6.45.1
-Essential Changes in this release
-Upcoming Training courses
Netflix has identified several TCP networking vulnerabilities in FreeBSD and Linux kernels
The vulnerabilities can trigger a DoS “denial of service” if the RouterOS system is attacked from an insufficiently protected network interface (port). Firewall can protect against the issue. Fix included in RouterOS 6.45.1, which is available on our webpage.
Make sure your device is not accessible from untrusted networks, protect it using our suggestions and when upgrade files become available, upgrade to latest RouterOS release.
More details
The original article.
MAJOR CHANGES IN v6.45.1
Dot1x is the implementation of IEEE 802.1X standard in RouterOS. The main purpose is to provide port-based network access control using EAP over LAN also known as EAPOL. 802.1X consists of a supplicant, an authenticator and an authentication server (RADIUS server). Currently, both authenticator and supplicant sides are supported in RouterOS. Supported EAP methods for supplicant are EAP-TLS, EAP-TTLS, EAP-MSCHAPv2 and PEAPv0/EAP-MSCHAPv2.
Essential Changes in this release
Not only the security issue but if you are using one of “RB3011, RB4011, RB911, CRS317, CRS3xx series” or using one of these RouterOS features “IPsec, CAPsMAN, Bridge, VLAN, Certificate, DHCP v4 or v6, GPS, ike, LTE, OSPF, SNMP, SSH, USERMANAGER, Radius” you should upgrade the RouterOS and DO NOT forget to upgrade the Firmware.
-www – improved client-initiated renegotiation within the SSL and TLS protocols (CVE-2011-1473);
-wireless – improved installation mode selection for wireless outdoor equipment;
-wireless – improved DFS radar detection when using non-ETSI regulated country;
-wireless – improved 160MHz channel width stability on rb4011;
-sstp – improved stability when received traffic hits tarpit firewall;
-m33g – added support for additional Serial Console port on GPIO headers;
-ospf – added support for link scope opaque LSAs (Type 9) for OSPFv2;
-ospf – fixed opaque LSA type checking in OSPFv2;
-ospf – improved “unknown” LSA handling in OSPFv3;
-proxy – increased minimal free RAM that can not be used for proxy services;
-rb3011 – improved system stability when receiving bogus packets;
-rb4011 – fixed MAC address duplication between sfp-sfpplus1 and wlan1 interfaces (wlan1 configuration reset required);
-crs317 – fixed known multicast flooding to the CPU;
-crs3xx – added ethernet tx-drop counter;-
-crs3xx – correctly display auto-negotiation information for SFP/SFP+ interfaces in 1Gbps rate;
– crs3xx – fixed auto-negotiation when a 2-pair twisted cable is used (downshift feature);
-crs3xx – fixed “tx-drop” counter;
-crs3xx – improved switch-chip resource allocation on CRS326, CRS328, CRS305;
-capsman – fixed CAP system upgrading process for MMIPS;
-capsman – fixed interface-list usage in access list;
=============================================================
-Upcoming Training courses
In our training courses, you will learn more about RouterOS features and our goal is to improve your troubleshooting skills.
We can also include:
— The-Dude workshop in both the MTCRE and MTCINE, which it will help the students a lot better understanding of each scenario we will work on LABs. Building a network diagram, document, enable notification, Syslog, monitoring and learn on how to centralized network management.
— RouterBOARDs introduction in MTCNA, help students to offer the best products to customers and the best solution on using the right equipment in different networks with a different design.
— CAPsMAN, MikroTik wireless controller and how to manage thousands of wireless access points.
— Wireless link calculator, how to calculate PTP, PtMP wireless link for short and long distance wireless link.
— Packet flow version6, overview and examples. Lots of MikroTik feature changes since changing the RouterOS kernel from V5 to V6. Help students to improve their troubleshooting skills when VoIP packet drops of NAT cause issues on traffic flow.
Start date | End date | Course type | Location | Organizer | Language |
---|---|---|---|---|---|
2019-07-08 | 2019-07-12 | Introduction, MTCNA, MTCRE, The Dude | Canada, Toronto | Hani Rahrouh- wirelessnetware.ca | English |
2019-07-15 | 2019-07-18 | Introduction, MTCTCE, MTCWE, The Dude | Canada, Toronto | Hani Rahrouh- wirelessnetware.ca | English |
2019-09-09 | 2019-09-13 | Introduction, MTCNA, MTCRE, The Dude | Canada, Markham | Hani Rahrouh- wirelessnetware.ca | English |
2019-09-16 | 2019-09-20 | CAPsMAN, MTCTCE, MTCWE, The Dude | Canada, Markham | Hani Rahrouh- wirelessnetware.ca | English |
2019-09-25 | 2019-09-28 | CAPsMAN, MTCUME, MTCWE, The Dude | Canada, Markham | Hani Rahrouh- wirelessnetware.ca | English |