[j-nsp] BGP tcp/179 security on JunOS

From: Lane Patterson (lpatterson@equinix.com)
Date: Tue Sep 04 2001 - 16:15:37 EDT


OK, does anyone know of a way, or maybe an accepted feature request ID, to
secure tcp/179 on Juniper routers? It seems they listen to this by default
from any source IP, whereas tcp/179 is only visible on IOS if the source IP
is a configured peer. Some very well known providers have tcp/179 unsecured
on their Juniper deployments...

Rob Thomas and Stephen Gill have provided basic firewall rules for filtering
out non-peer access to tcp/179, but this is too much effort to accomplish
something that should be built-in (e.g. why would I EVER listen to anything
on tcp/179 unless you are a configured peer?):

        http://www.qorbit.net/documents/JUNOS_BGP_template.pdf

Cheers,
-Lane



This archive was generated by hypermail 2b29 : Mon Aug 05 2002 - 10:42:37 EDT