[j-nsp] Juniper and OpenSSH exploits
pekkas at netcore.fi
Tue Sep 23 18:53:43 EDT 2003
On Tue, 23 Sep 2003, Jeff Aitken wrote:
> On Tue, Sep 23, 2003 at 10:58:40AM +0300, Pekka Savola wrote:
> > Are you really running your junipers without a filter running on lo0.0,
> > protecting TCP/22, etc? If such are implemented properly, this issue is
> > not all that intresting..
> Is it not true that a single packet (i.e., a packet with an
> appropriately spoofed source-IP such that it will make it through
> the filter) can cause problems? Or is two-way conversation between
> the router and the attacker required in order to exploit the
> If a single packet is all that's required then a simple source-IP
> based filter in front of the routing engine isn't enough to protect
> yourself in this case.
The question was already answered, but I'll answer the meta-question on
You really, really should have filters at your border routers which block
anyone from using your addresses (_especially_ your
management/infrastructure addresses) as source. Otherwise you'll have
just WAY too many ways to exploit your routers (consider e.g. SNMP UDP
Pekka Savola "You each name yourselves king, yet the
Netcore Oy kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
More information about the juniper-nsp