[j-nsp] Juniper and OpenSSH exploits
Jeff Aitken
jaitken at aitken.com
Tue Sep 23 09:39:20 EDT 2003
On Tue, Sep 23, 2003 at 10:58:40AM +0300, Pekka Savola wrote:
> Are you really running your junipers without a filter running on lo0.0,
> protecting TCP/22, etc? If such are implemented properly, this issue is
> not all that intresting..
Is it not true that a single packet (i.e., a packet with an
appropriately spoofed source-IP such that it will make it through
the filter) can cause problems? Or is two-way conversation between
the router and the attacker required in order to exploit the
vulnerability?
If a single packet is all that's required then a simple source-IP
based filter in front of the routing engine isn't enough to protect
yourself in this case.
--Jeff
More information about the juniper-nsp
mailing list