OK, does anyone know of a way, or maybe an accepted feature request ID, to
secure tcp/179 on Juniper routers? It seems they listen to this by default
from any source IP, whereas tcp/179 is only visible on IOS if the source IP
is a configured peer. Some very well known providers have tcp/179 unsecured
on their Juniper deployments...
Rob Thomas and Stephen Gill have provided basic firewall rules for filtering
out non-peer access to tcp/179, but this is too much effort to accomplish
something that should be built-in (e.g. why would I EVER listen to anything
on tcp/179 unless you are a configured peer?):
http://www.qorbit.net/documents/JUNOS_BGP_template.pdf
Cheers,
-Lane
This archive was generated by hypermail 2b29 : Mon Aug 05 2002 - 10:42:37 EDT