[j-nsp] JUNOS Vulnerability

Eric Van Tol eric at atlantech.net
Thu Jan 27 08:02:59 EST 2005


Josef,
The idea is very simple, which is possibly why no one else on the planet will raise the issue besides me.  We define several communities in our 'groups' configuration which are applied to the actual 'community' configuration.  The reason being, the communities must be defined twice - one as a regular community and one as an inverse.  Rather than typing out my community member values twice, we harnessed the power of 'groups' for this purpose.  If our communities were simple values like "x:x", I would just put them in twice, but several communities are huge regular expressions that take up several lines of configuration and will, from time to time, need to be modified.

Eric

-----Original Message-----
From: Josef Buchsteiner [mailto:josefb at juniper.net] 
Sent: Thursday, January 27, 2005 1:56 AM
To: Eric Van Tol
Cc: juniper-nsp at puck.nether.net
Subject: Re: [j-nsp] JUNOS Vulnerability

Eric,

     in  the  past  rpd  may  have  asserted  once  you have defined a
     community  but  no members are configured and therefor this check
     was added. What Is the purpose to have communities defined without
     members ?

     thanks
     Josef

Wednesday, January 26, 2005, 11:31:05 PM, you wrote:

  
EVT> Just an annoying cosmetic issue.  We are applying configuration groups
EVT>  to community definitions and are not defining the 'member' statement in
EVT>  those community definitions.  The config just complains of the missing
EVT>  statement:

EVT>  ## Warning: missing mandatory statement(s): 'members'

EVT>  The communities still appear to work and I can reference them in
EVT>  operational mode without a problem.  This occurs in 7.0R2.7, I am not
EVT>  sure if it occurs in other releases.  I know that it did not occur in
EVT>  7.0R1.5.  JTAC is currently seeing if they can reproduce it.  It's just
EVT>  annoying that we'll have to update again if we deem the warning message
EVT>  unbearable to deal with.

EVT>  In any case, at least upgrading didn't cause 50 other operational
EVT>  problems like an IOS upgrade.

EVT>  -evt

EVT>  -----Original Message-----
EVT>  From: juniper-nsp-bounces at puck.nether.net
EVT>  [mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of William
EVT>  Anderson
EVT>  Sent: Wednesday, January 26, 2005 5:09 PM
EVT>  To: juniper-nsp at puck.nether.net
EVT>  Subject: Re: [j-nsp] JUNOS Vulnerability

EVT>  -----BEGIN PGP SIGNED MESSAGE-----
EVT>  Hash: SHA1

EVT>  Eric Van Tol wrote:
 >> [snip]
 >>
 >> We upgraded Junos last night (and immediately found a cosmetic bug in
 >> the new version!).

EVT>  anything that's annoying or really *really* just cosmetic? :)

EVT>  - --
EVT>  William Anderson, GPG 0xB29CF5E7
EVT>  Lumison
EVT>  t: 0845 1199 900
EVT>  d: 0131 514 4042
EVT>  -----BEGIN PGP SIGNATURE-----
EVT>  Version: GnuPG v1.4.0 (MingW32)
EVT>  Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

EVT>  iD8DBQFB+BUH/NBn47Kc9ecRAjMYAKDPP8MLFE/yxKTcD3y9UPdQH1h+mQCeO/+I
EVT>  kQivMAlV2vLlZZyr9OjZ18w=
EVT>  =1KA2
EVT>  -----END PGP SIGNATURE-----


EVT>  _______________________________________________
EVT>  juniper-nsp mailing list juniper-nsp at puck.nether.net
EVT> http://puck.nether.net/mailman/listinfo/juniper-nsp

EVT>  _______________________________________________
EVT>  juniper-nsp mailing list juniper-nsp at puck.nether.net
EVT> http://puck.nether.net/mailman/listinfo/juniper-nsp
  
  

 




More information about the juniper-nsp mailing list