> On 4 Apr 2019, at 11:22, Mike Jenkins <[email protected]> wrote: > Looks like you got their attention!
...and hopefully the attention of their customers. With technical details about the vulnerability now publicly disclosed by the vendor, there are a lot of devices to get patching. I'm relieved we - vendor and I - finally got there... but now it's time to roll up the sleeves! My advice to anyone wondering where to start: * monitor memory usage on your routers, and watch out for sudden drops of free memory consuming up to around 500Mb, which recovers over the next ~5 minutes (this is potential indicator of attack) * focus on updating core first (including backhaul towards customer sites where RouterOS is carrying IPv6 at layer-3) * lab and test * plan and notify * deploy and monitor * beer and sleep Then plan roll-out to CPEs (i.e. prevent attacks targeting specific customers): * plan and let your support team know * incremental deployment and monitoring * definitely more beer and sleep Marek Isalski Technical Director, Faelix Limited, https://faelix.net/
