Hi Karl, Your alternative wording is accurate in the context of the intended point! :-) However, I chose my version specifically to also try to make it clear that 'attack' packets do not necessarily carry the ip address of the target as destination (or source for that matter) - general term 'forwarding' does imply that, yes, but I wanted to go beyond just implication and make it absolutely clear. We could begin a discussion from here about semantics and technical meaning of 'forward' in this context (to which I am sure I will largely agree with you ;-) but I think it is a technical term that may not always be completely obvious to everyone on this list :-} I am very open to other versions of that sentence that you (or others) might consider more sensible! :-) Cheers, Mike.
-----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Karl Auer Sent: Thursday, 4 April 2019 4:12 PM To: MikroTik Australia Public List <public@talk.mikrotik.com.au> Subject: Re: [MT-AU Public] UKNOF 43 CVE
On Thu, 2019-04-04 at 14:11 +1100, Mike Everest wrote:
Further information and updates here: https://shop.duxtel.com.au/article_info.php?articles_id=89
Hullo Mike
You write in that post:
"It is important to note that this problem affects routing function of ipv6, so packets with final destination of any host forwarded by a router will make that router vulnerable (i.e. input chain is no use for above rules)*"
Your clarification does, well, clarify this, but I suggest the following wording of the above para instead:
"It is important to note that this problem affects the IPv6 routing function of MikroTik routers. Any MikroTik router that is forwarding IPv6 packets is vulnerable (i.e. using the above rules in an input chain will not help)*"
Assuming I've understood correctly, of course. If not, could you clarify the clarification please :-)
Regards, K.
-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~ Karl Auer (kauer@nullarbor.com.au) work +61 2 64957435 http://www.nullarbor.com.au mobile +61 428 957160
GPG fingerprint: 8454 EE43 6215 B6DD 1B4D 9D8D 984D 7BA1 7378 A38D Old fingerprint: 58F8 09D4 97E4 D74A 0940 44BC 8D6D C28C 3BC9 B0CB
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au