[j-nsp] BGP tcp/179 security on JunOS

From: Lane Patterson (lpatterson@equinix.com)
Date: Tue Sep 04 2001 - 16:15:37 EDT

Next message: Stephen Gill: "RE: [j-nsp] BGP tcp/179 security on JunOS"
Previous message: Przemyslaw Karwasiecki: "[j-nsp] ATM ping to cisco devices"
Next in thread: Stephen Gill: "RE: [j-nsp] BGP tcp/179 security on JunOS"
Reply: Stephen Gill: "RE: [j-nsp] BGP tcp/179 security on JunOS"
Maybe reply: Lane Patterson: "RE: [j-nsp] BGP tcp/179 security on JunOS"
Maybe reply: Greg Ketell: "RE: [j-nsp] BGP tcp/179 security on JunOS"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Mail actions: [ respond to this message ] [ mail a new topic ]

OK, does anyone know of a way, or maybe an accepted feature request ID, to
secure tcp/179 on Juniper routers? It seems they listen to this by default
from any source IP, whereas tcp/179 is only visible on IOS if the source IP
is a configured peer. Some very well known providers have tcp/179 unsecured
on their Juniper deployments...

Rob Thomas and Stephen Gill have provided basic firewall rules for filtering
out non-peer access to tcp/179, but this is too much effort to accomplish
something that should be built-in (e.g. why would I EVER listen to anything
on tcp/179 unless you are a configured peer?):

http://www.qorbit.net/documents/JUNOS_BGP_template.pdf

Cheers,
-Lane

Next message: Stephen Gill: "RE: [j-nsp] BGP tcp/179 security on JunOS"
Previous message: Przemyslaw Karwasiecki: "[j-nsp] ATM ping to cisco devices"
Next in thread: Stephen Gill: "RE: [j-nsp] BGP tcp/179 security on JunOS"
Reply: Stephen Gill: "RE: [j-nsp] BGP tcp/179 security on JunOS"
Maybe reply: Lane Patterson: "RE: [j-nsp] BGP tcp/179 security on JunOS"
Maybe reply: Greg Ketell: "RE: [j-nsp] BGP tcp/179 security on JunOS"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Mail actions: [ respond to this message ] [ mail a new topic ]

This archive was generated by hypermail 2b29 : Mon Aug 05 2002 - 10:42:37 EDT