[j-nsp] stealth bgp vulnerability?
Paul Goyette
pgoyette at juniper.net
Tue Apr 20 15:41:51 EDT 2004
>Is [PSN-2004-04-008] the "secret BGP exploit" that was discussed??
Yes
>According to the bulletin, software built after March 1, 2004 are not
>affected. What did Juniper do? Increase the TCP ISN pool?
An Internet draft is/will-soon-be posted describing the changes to the
TCP stack. Sorry, I don't have a URL.
To activate these changes, configure
set system tcp-ack-rst-syn
This is a hidden knob so you have to type the whole thing out.
More information about the juniper-nsp
mailing list